Possible to share VPN Connection in AWS with multiple VPC's in Sub Accounts?

Question

is it possible to create a aws sub account, create a vpc with vpn inside and share this connection with other aws sub accounts via vpc peering? my research says it should be not possible but i want to double check. are there other options to share a vpn connection with multiple accounts / vpcs? could direct connect solve this problem?

cheers bin2hex

Answer 1

Looks like AWS added support for cross account VPC peering recently.

VPC Peering

You can create a VPC peering connection between your own VPCs, or with a VPC in another AWS account. In both cases, the VPCs must be in the same region.

Cross Account VPC Peering list the steps to create it.

If you want to use CLI: aws ec2 create-vpc-peering-connection

Requests a VPC peering connection between two VPCs: a requester VPC that you own and a peer VPC with which to create the connection. The peer VPC can belong to another AWS account. The requester VPC and peer VPC cannot have overlapping CIDR blocks.

Answer 2

thanks for the tip with the vpc peering. after some research it looks to me that you can peer vpc's but my target was to have a "shared account" with a vpc inside which have a vpn connection to our private cloud. in my understanding it would be only possible to use the vpn with some dirty hacking like nat or socks proxy. in case im wrong and there is a clean and nice solution would be aweseome.

http://docs.aws.amazon.com/AmazonVPC/latest/PeeringGuide/invalid-peering-configurations.html#edge-to-edge-vgw

https://forums.aws.amazon.com/thread.jspa?messageID=757559&tstart=0