Why can't I connect to a peered VPC when using an AWS Site-to-Site VPN connection that terminates on a virtual private gateway?
2 minute read
Content level: Intermediate
4
I'm using an AWS Site-to-Site VPN connection that terminates on a virtual private gateway (VGW) attached to VPC-A. I can access resources in VPC-A but I can't access resources in VPC-B that has a VPC peering connection with VPC-A.
Example:
Explanation:
If VPC-A has a VPN connection to a corporate network, resources in VPC-B can't use the VPN connection to communicate with the corporate network. This is because Edge to edge routing through a gateway or private connection is not supported when using VPC Peering.
To access resources in VPC-B, a new Site-to-Site VPN has to be created between the Corporate Network (example: On-premise) and a virtual private gateway (VGW) attached to VPC-B.
For a more robust architecture, consider re-architecting to the AWS Transit Gateway + AWS Site-to-Site VPN approach when you want to take advantage of an AWS-managed VPN endpoint for connecting to multiple VPCs in the same region without the additional cost and management of multiple IPsec VPN connections to multiple Amazon VPCs.