Introduction

Since the 2023 Direct Connect architecture fully interconnects all VPCs using Direct Connect (i.e., attached to the Transit Gateway), individual peering between VPCs is no longer technically necessary.


However, since VPC peering has no cost, and traffic between two VPCs using the Transit Gateway does have a cost, VPC peering has a place in Cornell AWS networking in certain situations.

When to Setup Peering

  • High-volume data transfer
  • Ultra-low latency data transfer – Traffic using peering connections makes exactly one hop. Traffic using a Transit Gateway makes about four hops.
  • When Security Groups in one VPC need to reference Security Groups in the peered VPC. – Transit Gateway connectivity does not support cross-VPC Security Group references.
  • When one of the VPCs is not connected to the Transit Gateway (and thus not using Direct Connect).
  • When both VPCs reside in AWS account(s) that you own, and your team has expertise the to setup peering.

When to Avoid Peering

  • Transient data transfer
  • Development or experimental workloads
  • Low- and medium-volume data transfer
  • No labels