Why can't I connect to a peered VPC when using an AWS Site-to-Site VPN connection that terminates on a virtual private gateway?

Example:

Explanation:

If VPC-A has a VPN connection to a corporate network, resources in VPC-B can't use the VPN connection to communicate with the corporate network. This is because Edge to edge routing through a gateway or private connection is not supported when using VPC Peering.

VPC Peering Limitations: https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-basics.html#vpc-peering-limitations

Resolution:

1. To access resources in VPC-B, a new Site-to-Site VPN has to be created between the Corporate Network (example: On-premise) and a virtual private gateway (VGW) attached to VPC-B.

   

2. For a more robust architecture, consider re-architecting to the AWS Transit Gateway + AWS Site-to-Site VPN approach when you want to take advantage of an AWS-managed VPN endpoint for connecting to multiple VPCs in the same region without the additional cost and management of multiple IPsec VPN connections to multiple Amazon VPCs.

   

Useful Resources: How do I migrate my VPN from a virtual private gateway to a transit gateway?