Using another VPC's VPN connection

Question

We are peered with another VPC that isn't managed by us. Ideally we would like to use that VPC's VPN connection back to a non-AWS network (setting up another VPN is not feasible). Is there any way that we can route traffic via that VPN without setting up any additional applications in the peered VPC?

Answer 1

This is not part of the design of VPC peering.

Example: Edge to Edge Routing Through a VPN Connection or an AWS Direct Connect Connection

You have a VPC peering connection between VPC A and VPC B (pcx-aaaabbbb). VPC A also has a VPN connection or an AWS Direct Connect connection to a corporate network. Edge to edge routing is not supported; you cannot use VPC A to extend the peering relationship to exist between VPC B and the corporate network. For example, traffic from the corporate network can’t directly access VPC B by using the VPN connection or the AWS Direct Connect connection to VPC A

https://docs.aws.amazon.com/AmazonVPC/latest/PeeringGuide/invalid-peering-configurations.html

If you attempt such a configuration, what you'll find is that there is actually no route table in VPC A that the incoming traffic over the VPN will follow, to allow it to access VPC B. Only the instances and instance-based services (like RDS) on the subnets inside a VPC can be reached from a VPC Hardware VPN connection.

The typical solution requires proxy servers running on EC2 instances in VPC A.

Depending on the specifics of what you're trying to do, and assuming it's limited to HTTP/HTTPS, then an Application Load Balancer in a slightly unconventional configuration can also be used, but neither Classic nor Network Load Balancers offer any options that are useful in edge-to-edge scenarios.