AWS VPC Peering: Connecting two VPCs

Introduction

In this project, I implemented AWS VPC Peering to enable private communication between two VPCs without using the public internet.

This setup is commonly used when:

• Separating test and production environments

• Connecting microservices across VPCs

• Maintaining network isolation with controlled access

The goal of this project was to:

• Create two VPCs

• Launch EC2 instances in each VPC

• Configure VPC peering

• Enable secure connectivity between instances using private IPs

Architecture Overview

Environment Setup

• Region: Same AWS region

• VPC 1 (Test VPC): 10.0.0.0/16

• VPC 2 (Prod VPC): 192.168.0.0/16

• Instances: One EC2 instance in each VPC

• Connectivity: VPC Peering

📌 Initially, the instances cannot communicate, even if security groups allow it — VPC peering is required.

Step 1: Create Test VPC

• Go to VPC Dashboard → Create VPC

• 

• Provide:

  • Name: test-vpc

  • IPv4 CIDR: 10.0.0.0/16

  • Tenancy: Default

  • 

• Click Create VPC

Step 2 : Create Subnet for test VPC

1. Go to Subnets → Create subnet

2. Select test-vpc

3. 

4. Choose first Availability Zone

5. CIDR block: 10.0.0.0/24

6. 

7. Create subnet

This subnet will host the EC2 instance.

Step 3: Create Internet Gateway & Route Table (Test VPC)

Internet Gateway

1. Create Internet Gateway

2. 

3. Attach it to test-vpc

4. 

Route Table

1. Create Route Table.

2. 

3. Associate it with the subnet.

4. 

5. Add route:

6.  Destination: 0.0.0.0/0
    Target: Internet Gateway
   

   

   This allows SSH access to the instance.

Step 4: Launch EC2 Instance (Test VPC)

• Launch EC2 instance

• Select:

  • AMI: Ubuntu

  • Instance type: t3.micro

• Network settings:

  • VPC: test-vpc

  • Subnet: test subnet

  • Auto-assign Public IP: Enabled

  • 

    Create instance.

Step 5: Create Production VPC (Same Steps)

Repeat Steps 1–4 for Production VPC with:

• VPC Name: prod-vpc

• CIDR: 192.168.0.0/16

• Subnet CIDR: 192.168.0.0/24

Now we have:

• One EC2 in Test VPC

• One EC2 in Prod VPC

Step 6: Verify Connectivity (It Fails ❌)

Try pinging:

ping 192.168.0.124

🚫 Ping fails — expected behavior
Reason: VPCs are isolated by default

Step 7: Create VPC Peering Connection.

1. Go to VPC → Peering Connections

2. Click Create Peering Connection

3. Select:

   • Requester VPC: test-vpc

   • Accepter VPC: prod-vpc

4. Create peering connection

5. 

6. Accept the peering request

7. 

📌 Peering is now established, but routing is still missing.

Step 8: Update Route Tables

Test VPC Route Table

Add:

Prod VPC Route Table

Add:

This enables traffic flow between VPCs.

Step 9: Update Security Groups

Test Instance Security Group

• Inbound Rule:

  • Type: All ICMP – IPv4

  • Source: 192.168.0.0/16

  • 

Prod Instance Security Group

• Inbound Rule:

  • Type: All ICMP – IPv4

  • Source: 10.0.0.0/16

  • 

📌 Security groups must explicitly allow traffic between CIDR ranges.

Step 10: Test Connectivity

From Test Instance:

From Prod Instance:

🎉 Ping works successfully using private IPs

Common Mistakes & Troubleshooting

• ❌ Forgetting to update route tables

• ❌ Overlapping CIDR blocks

• ❌ Missing ICMP rules in security groups

• ❌ Assuming peering alone enables connectivity

What I Learned from This Project

• VPCs are fully isolated by default

• VPC Peering requires:

  • Peering connection

  • Route table updates

  • Security group rules

• CIDR planning is critical

• AWS networking is simple but strict

Conclusion

This project helped me understand AWS networking fundamentals deeply, especially:

• VPC isolation

• Routing logic

• Secure inter-VPC communication