There are a couple of ways to connect instances and services in one VPC with other VPCs. – VPC Peering, Open VPC to the Internet, or AWS PrivateLink.
Opening applications and services in one VPC to other VPCs
- Open the VPC to the Internet
- Everything is in public -> Not a good idea due to security issues
- Open VPC Peering
- Need to create and manage many peering relationships. -> Management Overhead
- All applications in a VPC are open.
- AWS PrivateLink
- It is the best way to expose a service VPC to many other VPCs.
- It keeps all the network traffic within the AWS network.
- No need for VPC peering, no route tales, no IGWs, not NAT.
Communication between two EC2 instances
- EC2 instances in the same region: Traffic stays in the AWS network.
- EC2 instances in the different regions with Inter-Region VPC Peering connection: Traffic stays in the AWS network.
- EC2 instances in the different regions WITHOUT Inter-Region VPC Peering connection: There is no guarantee that traffic stays within the AWS network.
EC2 instances in one region can communicate with EC2 instances in another region using:
- Inter-Region VPC Peering
- Public IP addresses
- NAT gateway
- NAT instances
- VPN Connections
- or Direct Connect connections