AWS public subnet VPC communication

Question

I have two instances in public subnet of 2 different VPCs. To allow communication between them, I have to add public IP of one instance to the other. If one of the server is changed, I need to add the IP again to other servers security group.

If I just add security group of one VPC to other or even all the allowed IPs of VPC, it does not work.

So I am looking for a workaround to not add IP each time . Facing this issue because both servers are in public subnet.

VPC peering is already present bwteen both VPCs. issue is communication between public subnets in different VPCs

Answer 1

A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them privately. Instances in either VPC can communicate with each other as if they are within the same network. You can create a VPC peering connection between your own VPCs, with a VPC in another AWS account, or with a VPC in a different AWS Region. https://docs.aws.amazon.com/vpc/latest/userguide/vpc-peering.html https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-security-groups.html

Answer 2

There should be no need to use the public IP address of the instances. The instances should communicate with each other via their private IP address across the VPC Peering connection.

The best way to do this is:

• Create a security group (SG-A) and assign it to Instance-A
• Create a security group (SG-B) and assign it to Instance-B
• SG-A should permit inbound connections from SG-B
• SG-B should permit inbound connections from SG-A

There is no need to reference specific IP addresses. Referencing the other security group will automatically enable communication on the chosen port(s).

See: Updating Your Security Groups to Reference Peer VPC Groups - Amazon Virtual Private Cloud