TerraformPilot

DevOps

Fix Terraform Error - Error Creating VPC Peering - PeeringConnectionAlreadyExists

Fix VPC peering connection already exists errors in Terraform. Handle duplicate peering, cross-account peering, and import existing connections.

LLuca Berton1 min read

Quick Answer

#

A VPC peering connection between these two VPCs already exists (active or pending). You can only have one peering connection between any two VPCs. Import the existing one, or delete the old connection first.

The Error

# 
Error: error creating VPC Peering Connection: 
VpcPeeringConnectionAlreadyExists: A peering connection 
between vpc-aaa and vpc-bbb already exists

What Causes This

#
  • Peering created outside Terraform (Console, CLI)
  • Previous apply created it but state was lost
  • An old peering in pending-acceptance or failed state still exists

How to Fix It

#

Solution 1: Import the Existing Peering

# 
# Find the existing peering connection
aws ec2 describe-vpc-peering-connections \
  --filters "Name=requester-vpc-info.vpc-id,Values=vpc-aaa" \
  --query 'VpcPeeringConnections[*].[VpcPeeringConnectionId,Status.Code]' \
  --output table
 
# Import it
terraform import aws_vpc_peering_connection.main pcx-abc123

Solution 2: Delete Old Peering

# 
# Delete failed or rejected peering connections
aws ec2 delete-vpc-peering-connection --vpc-peering-connection-id pcx-old123

Solution 3: Full VPC Peering Configuration

# 
# Requester side
resource "aws_vpc_peering_connection" "main" {
  vpc_id      = aws_vpc.requester.id
  peer_vpc_id = aws_vpc.accepter.id
  auto_accept = true  # Only works same-account, same-region
 
  requester {
    allow_remote_vpc_dns_resolution = true
  }
 
  accepter {
    allow_remote_vpc_dns_resolution = true
  }
 
  tags = { Name = "vpc-peer-${var.project}" }
}
 
# Route from requester → accepter
resource "aws_route" "requester_to_accepter" {
  route_table_id            = aws_route_table.requester.id
  destination_cidr_block    = aws_vpc.accepter.cidr_block
  vpc_peering_connection_id = aws_vpc_peering_connection.main.id
}
 
# Route from accepter → requester
resource "aws_route" "accepter_to_requester" {
  route_table_id            = aws_route_table.accepter.id
  destination_cidr_block    = aws_vpc.requester.cidr_block
  vpc_peering_connection_id = aws_vpc_peering_connection.main.id
}

Cross-Account Peering

# 
# Account A (requester)
resource "aws_vpc_peering_connection" "cross" {
  vpc_id        = aws_vpc.main.id
  peer_vpc_id   = var.peer_vpc_id
  peer_owner_id = var.peer_account_id
  peer_region   = var.peer_region  # For cross-region
 
  tags = { Name = "cross-account-peer" }
}
 
# Account B (accepter) — separate Terraform config
resource "aws_vpc_peering_connection_accepter" "cross" {
  vpc_peering_connection_id = var.peering_connection_id
  auto_accept               = true
}

VPC Peering Limits

#
LimitValue
Peerings per VPC50 (can request increase to 125)
Between same 2 VPCs1 only
Transitive peeringNot supported
Overlapping CIDRsNot allowed

Troubleshooting Checklist

#
  1. ✅ Does a peering already exist between these VPCs?
  2. ✅ Is it in pending-acceptance or failed state?
  3. ✅ Do the VPC CIDRs overlap? (Peering won't work if they do)
  4. ✅ Are routes configured in both directions?
#

Conclusion

#

Only one peering connection is allowed between any two VPCs. Import existing connections, delete old failed/rejected ones, and ensure VPC CIDRs don't overlap. Always configure routes in both directions for traffic to flow.

#Terraform#Troubleshooting#DevOps#Error Fix#Infrastructure as Code

Share this article

Related articles