How to set up and create AWS VPC peer connection

VPC Peering


VPC peering provides a connection between two VPCs. It allows you to pair private Amazon VPC directly to Anypoint VPC. This way is used to route traffic between the two VPCs to communicate in the same network.

To make use of this VPC Peering, keep AWS and Anypoint VPCs in the same region.

 

VPC Peering

 

Configure VPC Peering Connection


For your information, MuleSoft never supports any inter-region peering, so both VPCs must reside in the same region.

To request new, modify or update any existing VPC peering connections, follow the steps below for the successful VPC Peering Configuration:

  1. Download the Anypoint VPC discovery form.
  2. For each VPC peering connection, complete and submit a separate Anypoint VPC form.

It is necessary to submit a completed Anypoint VPC discovery form in case of any new connections or to update any existing configurations.

  1. Complete all fields in the Overview and VPC Peering tabs. Completing all the fields in forms will ease your process quicker.
  2. Open a Support ticket and now submit your completed form.

The MuleSoft Support team validates the Anypoint VPC discovery form before creating or updating any VPC peering connection request. Once the update is done, you'll be notified with the help of tickets.


Important Points:

 

AWS support inter-region VPC peering, however, Mulesoft doesn't support inter-region peering, it only supports intra-region VPC peering

 

To establish an AWS VPC peering connection, you do the following:

  1. The requester VPC owner sends a request to the accepter VPC owner while creating the VPC peering connection. The accepter VPC can be owned by any AWS account holder but it shouldn't have any CIDR block overlapping with the requester VPC's CIDR block.
  2. The owner of the accepter VPC must need to accept the VPC peering connection request to activate the steps for VPC peering connection.
  3. To enable the traffic flow using private IP addresses between the VPCs, the owner of each VPC in the VPC peering connection must add a route to one or more VPC routes as per the IP address range of the other VPC (the peer VPC).
  4. In case of set up, update the security group rules that are associated with your instance to ensure that hassle-free traffic to and from the peer VPC. When both VPCs are set in the same region, you need to check and verify peer VPC is either a source or destination in the security group rules.
  5. By default, if you notice any instances on either side of a VPC peering connection address map each other using a public DNS hostname, then it resolves to the instance's public IP address. To change this behavior, you first have to enable the particular DNS hostname resolution for your VPC connection. After the successful setup, enable DNS hostname resolution, to map instances of the VPC peering connection address to each other. Manage the settings of the public DNS hostname to resolve to the private IP address of the instance.

 

Reference Links:


https://docs.mulesoft.com/runtime-manager/to-request-vpc-connectivity#configure-vpc-peering-connections

https://docs.mulesoft.com/runtime-manager/vpc-connectivity-methods-concept#vpc-peering

https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-basics.html