AWS has a new barebones VPS offering, Lightsail, which is sort of an EC2-Lite -- extremely light -- offering with just a few fixed-size instance classes, simplified pricing, and very few options, along with] its own very minimalistic console, as I discussed in What is the difference between Lightsail and EC2?.
Everything about this service is simplified, and it's postured as somewhat separate from AWS, but not really. It's part of your AWS account, if you sign up for it, and...
Amazon Lightsail can see and connect to other AWS resources, such as an Amazon RDS database or Amazon Aurora. On this page, you can attempt to peer your Lightsail VPC with your AWS VPC. For example, you might want to separate your data tier from your app.
Notice the pessimism. "You can attempt to peer." It's almost as if they anticipated this issue.
By the way, the Lightsail instances do have the usual EC2 metadata endpoint and are in fact t2 instances, inside a "stealth" VPC that you can't see in your AWS console. And I'm going to this trouble because they do have some interesting use cases in spite of their limitations (such as a surprisingly reasonable allowance for Internet-bound bandwidth). So, how do you enable peering with your existing VPC?
It's a checkbox. No options, just click "Enable VPC Peering."
Your VPC peering connection failed.
You can attempt to enable peering again. If you still can't peer your VPC with Lightsail resources, contact Customer Support.
I tried again, several times over the course of several hours, and still... no dice, no diagnostic output, nothing.
Checking the obvious things, like verifying the fact that none of the CIDR blocks of the existing VPCs in the region conflict with the CIDR block of the VPC that my test Lightsail instance appears to be in, and trying to peer the VPCs while logged in as the root user instead of an IAM user, turns up nothing... I even tried it on a second (existing) AWS account, and it didn't work there, either. Same error.
Why does this not work? Is there something else I need to do on the AWS side before trying to set up VPC peering from Lightsail?
Also, if I have multiple VPCs in the region, how do I choose which one(s) the hidden Lightsail VPC will be peered with? There appears to be very little documentation on this... which seems consistent with the apparent design philosophy of Lightsail -- it has so few options that there's very little that should need documentation.