Connecting Vpcs With Peering
Stand up a validated VPC peering connection between two AWS VPCs with routes, DNS, and security groups following a parameterized SOP.
Overview
Connecting VPCs with peering is an agent skill for the Build phase that establishes and validates a private AWS VPC peering connection between two VPCs using a parameterized SOP.
Install
npx skills add https://github.com/aws/agent-toolkit-for-aws --skill connecting-vpcs-with-peeringWhat is this skill?
- SOP covers peering creation, route table updates, DNS resolution, and security group adjustments
- Supports same-region and cross-region peering with connectivity validation steps
- Requires upfront collection of requester_vpc_id and accepter_vpc_id plus optional region and account parameters
- Documents enable_dns_resolution, enable_dns_hostnames, and auto_accept defaults for same-account flows
- MUST ask for all required parameters in a single prompt rather than one at a time
Adoption & trust: 888 installs on skills.sh; 819 GitHub stars; 3/3 security scanners passed (skills.sh audits).
What problem does it solve?
Two AWS VPCs must talk privately but you lack a repeatable agent workflow for peering, routes, DNS, and security validation across regions or accounts.
Who is it for?
Builders linking app and data VPCs, shared services, or cross-region environments who want the agent to follow one consolidated parameter prompt and validation checklist.
Skip if: Simple public-only stacks with no private cross-VPC need, or teams that require Transit Gateway hub-and-spoke instead of full mesh peering.
When should I use this skill?
User needs to connect two VPCs with peering including routes, DNS, and validation; agent must collect requester_vpc_id and accepter_vpc_id (and optional region/account flags) upfront in one prompt.
What do I get? / Deliverables
A peering connection is created and accepted with route tables and DNS configured and connectivity checks completed per the SOP parameters you supplied upfront.
- VPC peering connection provisioned and accepted per parameters
- Updated route tables and DNS settings per SOP
- Documented connectivity validation outcome
Recommended Skills
Journey fit
Peering is cloud networking integration work you do while wiring environments together before or alongside app rollout, which sits in Build integrations rather than growth or marketing phases. VPC peering is cross-VPC connectivity configuration—a classic integration between isolated network boundaries in AWS.
How it compares
Structured AWS networking SOP with mandatory batch parameter collection, not an ad-hoc single-VPC security group tweak skill.
Common Questions / FAQ
Who is connecting-vpcs-with-peering for?
Solo and small-team developers using AWS who need agent-guided VPC peering with explicit requester and accepter VPC inputs and post-peering validation.
When should I use connecting-vpcs-with-peering?
Use during Build integrations when you must connect two VPCs in the same or different regions, optionally across accounts, and need DNS resolution and route table updates handled systematically.
Is connecting-vpcs-with-peering safe to install?
It drives real AWS networking changes with broad blast radius; review the Security Audits panel on this page, confirm IAM least privilege, and validate peering acceptance in non-production before production links.
SKILL.md
READMESKILL.md - Connecting Vpcs With Peering
# Connect Two VPCs Using VPC Peering ## Overview This SOP establishes a secure, private network connection between two VPCs using VPC peering. It handles peering creation, route table updates, DNS resolution configuration, and supports both same-region and cross-region peering with comprehensive connectivity validation and security group adjustments. ## Parameters - **requester_vpc_id** (required): The VPC ID that will initiate the peering connection - **accepter_vpc_id** (required): The VPC ID that will accept the peering connection - **requester_region** (optional): The AWS region of the requester VPC. If not provided, uses the default region from AWS configuration - **accepter_region** (optional): The AWS region of the accepter VPC. If not provided, uses the same region as requester - **accepter_account_id** (optional): The AWS account ID that owns the accepter VPC. If not provided, assumes same account - **enable_dns_resolution** (optional, default: true): Whether to enable DNS resolution for the peering connection - **enable_dns_hostnames** (optional, default: true): Whether to enable DNS hostnames for the peering connection - **auto_accept** (optional, default: true): Whether to automatically accept the peering connection (only works for same account) **Constraints for parameter acquisition:** - You MUST ask for all required parameters upfront in a single prompt rather than one at a time - You MUST support multiple input methods for parameters including: - Direct input: Values provided directly in the conversation - Configuration files: Reading from AWS config or similar files - You MUST confirm successful acquisition of all required parameters before proceeding - You SHOULD provide sensible defaults for optional parameters when not specified ## Steps ### 1. Verify Dependencies Check for required tools and warn the user if any are missing. **Constraints:** - You MUST verify the following tools are available in your context: - call_aws - You MUST ONLY check for tool existence and MUST NOT attempt to run the tools because running tools during verification could cause unintended side effects, consume resources unnecessarily, or trigger actions before the user is ready - You MUST inform the user about any missing tools with a clear message - You MUST ask if the user wants to proceed anyway despite missing tools - You MUST respect the user's decision to proceed or abort ### 2. Validate VPC Information Verify that both VPCs exist and gather their CIDR blocks and route table information. **Constraints:** - You MUST check if both VPCs exist using `aws ec2 describe-vpcs` - You MUST retrieve each VPC's CIDR blocks for route configuration - You MUST identify all route tables associated with each VPC - You MUST abort the SOP if either VPC does not exist - You SHOULD display VPC information including CIDR blocks for confirmation - You MUST check for CIDR block overlaps and warn if found because overlapping CIDR blocks will prevent proper routing ### 3. Create VPC Peering Connection Create the VPC peering connection between the two VPCs. **Constraints:** - You MUST create the peering connection using `aws ec2 create-vpc-peering-connection` - You MUST specify the requester VPC ID and accepter VPC ID - You MUST include the accepter_region parameter if different from requester_region - You MUST include the accepter_account_id parameter if different from current account - You MUST store the peering connection ID for subsequent steps - You SHOULD add descriptive tags to the peering connection for identification ### 4. Accept VPC Peering Connection Accept the peering connection if auto-accept is enabled and conditions allow. **Constraints:** - You MUST check if auto_accept is enabled - You MUST only attempt auto-accept for same-account peering connections because cross-account connections require manual acceptance - You MUST use `aws ec2 accept-vpc-peering-connection` if auto-accepting - You MUST switch to the accept