AWS VPC Peering: A Step-by-Step Guide to Connecting VPCs Securely
Introduction
In cloud environments, it's common to have resources deployed across multiple Virtual Private Clouds (VPCs). For example, your application servers may reside in one VPC while your database servers are hosted in another. To enable secure communication between these VPCs without exposing resources to the internet, AWS provides a feature called VPC Peering.
In this article, we'll explore what VPC Peering is, its benefits, and how to configure it step-by-step using EC2 instances.
What is VPC Peering?
VPC Peering is a networking connection between two VPCs that allows resources in both VPCs to communicate using private IP addresses.
With VPC Peering:
Traffic remains within the AWS network.
No VPN or Internet Gateway is required for communication between peered VPCs.
Resources can communicate securely using private IP addresses.
Architecture Overview
VPC-A (10.0.0.0/16)
|
| VPC Peering Connection
|
VPC-B (192.168.0.0/16)
Prerequisites
Before starting, ensure you have:
An AWS account
Basic understanding of VPCs and EC2 instances
Permission to create VPCs, subnets, route tables, and EC2 instances
Step 1: Create VPC-A
Navigate to AWS Console → VPC → Create VPC.
Configure:
| Setting | Value |
|---|---|
| Name | VPC-A |
| IPv4 CIDR | 10.0.0.0/16 |
Click Create VPC.
Step 2: Create a Subnet in VPC-A
Create a subnet with the following configuration:
| Setting | Value |
|---|---|
| Name | Public-Subnet-A |
| CIDR Block | 10.0.1.0/24 |
Step 3: Create and Attach an Internet Gateway
Go to Internet Gateways.
Create a new Internet Gateway named IGW-A.
Attach it to VPC-A.
Step 4: Configure Route Table for VPC-A
Add the following routes:
| Destination | Target |
|---|---|
| 10.0.0.0/16 | Local |
| 0.0.0.0/0 | IGW-A |
Associate the route table with Public-Subnet-A.
Step 5: Launch an EC2 Instance in VPC-A
Launch an EC2 instance with:
Name: EC2-A
VPC: VPC-A
Subnet: Public-Subnet-A
Security Group Rules:
SSH (Port 22)
ICMP (for ping testing)
Step 6: Create VPC-B
Create a second VPC.
| Setting | Value |
|---|---|
| Name | VPC-B |
| IPv4 CIDR | 192.168.0.0/16 |
Step 7: Create a Subnet in VPC-B
| Setting | Value |
|---|---|
| Name | Public-Subnet-B |
| CIDR Block | 192.168.1.0/24 |
Step 8: Create and Attach Internet Gateway for VPC-B
Create IGW-B and attach it to VPC-B.
Step 9: Configure Route Table for VPC-B
Add routes:
| Destination | Target |
|---|---|
| 192.168.0.0/16 | Local |
| 0.0.0.0/0 | IGW-B |
Associate it with Public-Subnet-B.
Step 10: Launch EC2 Instance in VPC-B
Launch another EC2 instance.
Configuration:
Name: EC2-B
VPC: VPC-B
Subnet: Public-Subnet-B
Allow:
SSH (Port 22)
ICMP
Step 11: Create a VPC Peering Connection
Navigate to:
VPC → Peering Connections → Create Peering Connection
Provide:
| Setting | Value |
|---|---|
| Name | Peer-A-B |
| Requester VPC | VPC-A |
| Accepter VPC | VPC-B |
Click Create.
Step 12: Accept the Peering Request
Select the newly created peering connection.
Click Actions → Accept Request.
The connection status should change to:
Active
Step 13: Update Route Table for VPC-A
Add the following route:
| Destination | Target |
|---|---|
| 192.168.0.0/16 | VPC Peering Connection |
Save changes.
Step 14: Update Route Table for VPC-B
Add:
| Destination | Target |
|---|---|
| 10.0.0.0/16 | VPC Peering Connection |
Save changes.
Step 15: Update Security Groups
EC2-A Security Group
| Type | Source |
|---|---|
| ICMP | 192.168.0.0/16 |
EC2-B Security Group
| Type | Source |
|---|---|
| ICMP | 10.0.0.0/16 |
Step 16: Test Connectivity
Find the private IP address of EC2-B.
From EC2-A:
ping <EC2-B-private-IP>
Example:
ping 192.168.1.100
Successful responses indicate that VPC Peering is working correctly.
Similarly, test from EC2-B to EC2-A.
Common Troubleshooting Tips
Ping Fails?
Check:
Security Group rules
Route Tables
Peering Connection Status
Network ACLs
Peering Status Not Active?
Ensure the accepter VPC owner has accepted the request.
Overlapping CIDR Blocks?
AWS does not allow VPC Peering between VPCs with overlapping CIDR ranges.
Key Benefits of VPC Peering
Secure private communication
Low network latency
No need for VPNs
Traffic stays within AWS infrastructure
Simplified architecture
Important Interview Questions
Can peered VPCs communicate using private IP addresses?
Yes.
Does VPC Peering support transitive routing?
No.
Example:
VPC-A ↔ VPC-B
VPC-B ↔ VPC-C
VPC-A cannot communicate with VPC-C through VPC-B.
Can VPC Peering work across AWS Regions?
Yes, through Inter-Region VPC Peering.
Can VPCs with overlapping CIDR ranges be peered?
No.
Conclusion
AWS VPC Peering is a simple yet powerful networking feature that enables secure communication between VPCs using private IP addresses. By configuring route tables, security groups, and peering connections correctly, organizations can build scalable and secure multi-VPC architectures.
Whether you're preparing for AWS interviews, working on cloud networking projects, or designing production environments, understanding VPC Peering is an essential AWS networking skill.
If you found this article helpful, connect with me on LinkedIn and follow my Hashnode blog for more AWS, DevOps, and Cloud Engineering content. 🚀
