Amazon Virtual Private Cloud (VPC) | Peering Connections Flashcards
Can I detach the primary interface (eth0) on my EC2 instance?
Peering Connections
Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery
No. You can attach and detach secondary interfaces (eth1-ethn) on an EC2 instance, but you can’t detach the eth0 interface.
Can I create a peering connection to a VPC in a different region?
Peering Connections
Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery
Yes. Peering connections can be created with VPCs in different regions. Inter-Region VPC Peering is currently supported in AWS US East (Virginia), US East (Ohio), US West (Oregon) and EU (Ireland) regions.
Can I peer my VPC with a VPC belonging to another AWS account?
Peering Connections
Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery
Yes, assuming the owner of the other VPC accepts your peering connection request.
Can I peer two VPCs with matching IP address ranges?
Peering Connections
Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery
No. Peered VPCs must have non-overlapping IP ranges.
How much do VPC peering connections cost?
Peering Connections
Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery
There is no charge for creating VPC peering connections, however, data transfer across peering connections is charged. See the Data Transfer section of the EC2 Pricing page for data transfer rates.
Can I use AWS Direct Connect or hardware VPN connections to access VPCs I’m peered with?
Peering Connections
Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery
No. “Edge to Edge routing” isn’t supported in Amazon VPC. Refer to the VPC Peering Guide for additional information.
Do I need an Internet Gateway to use peering connections?
Peering Connections
Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery
No. VPC peering connections do not require an Internet Gateway.
Is VPC peering traffic within the region encrypted?
Peering Connections
Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery
No. Traffic between instances in peered VPCs remains private and isolated – similar to how traffic between two instances in the same VPC is private and isolated.
If I delete my side of a peering connection, will the other side still have access to my VPC?
Peering Connections
Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery
No. Either side of the peering connection can terminate the peering connection at any time. Terminating a peering connection means traffic won’t flow between the two VPCs.
If I peer VPC A to VPC B and I peer VPC B to VPC C, does that mean VPCs A and C are peered?
Peering Connections
Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery
No. Transitive peering relationships are not supported.
What if my peering connection goes down?
Peering Connections
Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery
AWS uses the existing infrastructure of a VPC to create a VPC peering connection; it is neither a gateway nor a VPN connection, and does not rely on a separate piece of physical hardware. There is no single point of failure for communication or a bandwidth bottleneck.
Inter-Region VPC Peering operates on the same horizontally scaled, redundant, and highly available technology that powers VPC today. Inter-Region VPC Peering traffic goes over the AWS backbone that has in-built redundancy and dynamic bandwidth allocation. There is no single point of failure for communication.
If an Inter-Region peering connection does go down, the traffic will not be routed over the internet.
Are there any bandwidth limitations for peering connections?
Peering Connections
Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery
Bandwidth between instances in peered VPCs is no different than bandwidth between instances in the same VPC. Note: A placement group can span peered VPCs; however, you will not get full-bisection bandwidth between instances in peered VPCs. Read more about Placement Groups.
Is Inter-Region VPC Peering traffic encrypted?
Peering Connections
Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery
Traffic is encrypted using modern AEAD (Authenticated Encryption with Associated Data) algorithms. Key agreement and key management is handled by AWS.
How do DNS translations work with Inter-Region VPC Peering?
Peering Connections
Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery
By default, a query for a public hostname of an instance in a peered VPC in a different region will resolve to a public IP address. Route 53 private DNS can be used to resolve to a private IP address with Inter-Region VPC Peering.
Can I reference security groups across an Inter-Region VPC Peering connection?
Peering Connections
Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery
No. Security groups cannot be referenced across an Inter-Region VPC Peering connection.
