Seems that AWS has been busy releasing new functionality for their cloud, some of the new stuff is pretty interesting, for instance: since march 26th we are now able to interconnect two different VPCs inside the same region. This means that we don’t have to build openswan vpn instances anymore for that matter. Only if the VPC’s are in different regions.
The most funny thing is that you can even interconnect VPC from different accounts, the “peering” account receives a message asking for authorization, and once it accepts the request, voilà, you have a network connection between 2 different accounts.
Obviously peering between VPCs requires proper planning on the IP Adressing side if you want it to work.
You can read how to setup VPC Peering here -> http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-peering.html.
It’s pretty easy:
- Enable VPC peering
- Define the peering VPC
- Accept the request on the peering VPC side
- Define proper route tables
The good thing about peering is that you save yourself a few EC2 instances, their maintenance, and, better yet, the connection between VPCs is always up. The counterpart is that you’ll have to pay 0.01 USD / GB transferred between VPCs
I cannot wait for VPC peering to be available between regions. That would free us totally from IPSEC EC2 boxes…