To configure Canal with an AWS Peering Connection, you will need the following information:

The CIDR block of your VPC must be within one of the following IP address ranges:

  • (excluding; see Limitations below)

If you don't have a VPC yet, follow the instructions in the Creating a VPC section in this document.

In addition, you will need to create a Type-C or Type-F Virtual Private Gateway.


When you create a Virtual Private Gateway (VPG), Soracom will automatically allocate resources for the VPG within the IP address range. As a result, your VPC cannot include this IP address range. If your AWS VPC uses a CIDR block that includes this range, you will need to create a new VPC with a CIDR block which does not include this range.


Creating a VPG

Follow the instructions from the Virtual Private Gateway Configuration documentation to create a new VPG with the following options:

For more information on each option, refer to the VPG Configuration documentation.

Add a Peering Connection

With a VPG created, we can now add an AWS Peering Connection in order to connect it to our AWS VPC.

  1. Login to the User Console. From the Menu, open the VPG screen.

  2. From the list of VPGs, click the name of the VPG you want to configure to open its settings page.

    Select VPG

  3. From the Basic settings tab, VPC Peering Connections panel, click the Add button.

    Add VPC peering connection

  4. Enter your AWS Account ID, the AWS VPC ID, the AWS Region, and the VPC CIDR Block:

    Enter peering connection details

    Then click the Save button.

This will initiate a Peering Connection request with your AWS account. Next, we'll accept the connection request to complete the Peering Connection setup.

Accept the Peering Connection Request

  1. Login to the AWS Management Console . From the Services menu, open the VPC dashboard.

  2. Click the Peering Connections section.


  3. Select the Peering Connection request in the list. Its Status should appear as pending-acceptance.

  4. Click the Actions menu, then select Accept Request.


A dialog will appear asking if you want to update your VPC's routing table. In order to route traffic correctly between the Soracom VPG and your AWS VPC, we need to add a new routing rule.

  1. Click the Modify my route tables now link.


  2. From the list of route tables, select the route table that is attached to your VPC. The Explicitly Associated column should indicate that it is associated with 1 Subnet.

  3. Click the Routes tab. Then add a new destination with the following values:


    • Destination -
    • Target - pcx-xxxxxxxx

    The Destination value corresponds to the IP address range of the VPG. The Target option tells the VPC that traffic returning to the VPG should be routed using the selected Peering Connection. As you type pcx, the approved Peering Connection should appear automatically.

    Then click the Save button.

Canal is now configured, and Air SIM devices that are attached to the VPG will be able to connect to network resources within your VPC.

Testing Canal

To test the Canal connection, simply create a network resource within your VPC.

For example, you can create a basic EC2 instance, making sure that it belongs to your VPC, and is assigned a static IP address within your VPC's CIDR block range.

Then connect to the EC2 instance to install and start an Apache webserver with its default welcome page.

Configure your EC2 instance's Security Group to allow inbound HTTP traffic on port 80 from any source.

Finally, test that your Air SIM device is able to view or curl the default Apache webpage using the EC2 instance's private IP address.

Configuring your EC2 instance to allow inbound traffic from (any source) is intended only to simplify testing. Leaving this configuration as-is will expose your EC2 instance to external access.

Once you have verified that your devices are able to reach your EC2 instance, you should update this configuration to, for example, only allow traffic from your VPG by changing the source CIDR block to match the Requester CIDRs found in your list of VPC Peering connections, or remove this configuration altogether if you plan on using a different protocol.


Creating a VPC

  1. Login to the AWS Management Console . From the Services menu, open the VPC dashboard. Then click the Launch VPC Wizard button.


  2. In the Select a VPC Configuration screen, choose VPC with a Single Public Subnet and click the Select button.


  3. Enter a VPC name for this VPC. You can leave the other settings with their default values, or configure a different IPv4 CIDR block and other settings if desired.


    Note: When creating a VPC which you intend to use with Soracom Canal, ensure that the IPv4 CIDR block does not include the IP address range. Soracom will allocate resources within this IP address range. If you specify a CIDR block which includes this IP address range, you will have to create a new VPC.

    Then click the Create VPC button.

  4. Once the VPC has been created, it will appear in the list of VPCs:


  5. To enable the Internet gateway for the VPC, select the VPC from the list. Then click the Overview tab, and click the item listed next to Route table:


  6. Set the Internet gateway igw-xxxxxxxx for the target.


    Then click the Save button.

Finding the Requirements

You can find your AWS account number by logging into the AWS Management Console . On the upper right corner of the console, click the Support menu, then select Support Center. Your AWS account number will be displayed at the top right corner:



To find the ID and CIDR block of a VPC, click the Services menu and open the VPC dashboard. Then click the Your VPCs section. The VPC ID and CIDR block is listed: