VPC Peering in the Same AWS Region: Connecting Two VPCs

ANUJ TIWARIANUJ TIWARI
6 min read

Table of contents

What is a VPC?

A Virtual Private Cloud (VPC) is an isolated network within AWS where you can launch resources like EC2 instances, databases, and other services. It provides complete control over networking, security, and access rules, similar to an on-premises network.

Importance of VPC in the Industry

VPCs are widely used in cloud architecture for:

  • Security: Isolating workloads from external traffic.

  • Scalability: Expanding network resources without physical constraints.

  • Customization: Defining custom CIDR blocks, subnets, and routing.

  • Hybrid Cloud Deployments: Connecting on-premises data centers to AWS

Why Do We Need VPC Peering?

lets understand this with industry level example.

Test Team & Production Team Communication

Consider a scenario where an organization has two VPCs:

  1. Test VPC: Used by the QA/testing team to validate applications before deployment.

  2. Production VPC: Used by the operations team to host live applications.

By default, VPCs are isolated from each other. However, the testing team needs access to certain APIs or databases running in production. VPC Peering allows direct and secure communication between both VPCs without using the internet.

Components of VPC

Route Table

A Route Table determines how network traffic is directed within a VPC. It contains routes that specify where traffic should go based on the destination IP address.

  • Each subnet must be associated with a route table.

  • Routes can point to Internet Gateways, NAT Gateways, Peering Connections, or VPNs.

  • AWS provides a Main Route Table by default, but you can create custom ones.

Internet Gateway (IGW)

An Internet Gateway allows communication between resources in the VPC and the internet.

  • It must be attached to the VPC to enable public access.

  • Public subnets use IGW, while private subnets use NAT Gateway for outbound internet access.

  • IGWs are free of cost in AWS.

Subnets

A Subnet is a smaller network within a VPC where AWS resources are placed.

  • Subnets can be public or private.

  • Each subnet is tied to one Availability Zone (AZ).

  • You need at least one subnet in a VPC to deploy instances.

VPC Peering Connection

VPC Peering allows private communication between two VPCs without using the internet.

  • Peering connections are one-to-one, meaning each VPC must have a separate connection.

  • Traffic between peered VPCs stays within AWS (low latency and secure).

  • Cannot have overlapping CIDR blocks between peered VPCs.

Cost of VPC Peering

AWS charges for data transfer between peered VPCs:

  • Same region: $0.01 per GB (bidirectional traffic).

  • Cross-region peering: Higher charges apply.

  • No charges for setting up the peering connection itself.

Setting Up VPC Peering

We will create two VPCs in the Europe (Stockholm) eu-north-1 region:

Test VPV

Lets create first VPC for test department in region of europe (Stockholm) eu-north-1 give the CIDR Block is 10.0.0.0/16. accordinng i can connect upto 65,536 IPv4.

So my test-vpc1 is create, now the time to create a subnet of this test VPC, I create public subnet through this peering connection can easily allow.

I create a subnet for test-vpc1 in that i create IPv4 CIDR which is 10.0.0.0/24, it give me around 256 ip for use but In VPC, 5 IP are assign for aws work that’s why you can see only 251 available ip address there, so i can create 251 instance in this subnet on my test-vpc1. Now i have create Internet gateway through which my public instance can communicate with internet and also other vpc in same or different region.

NOTE: One VPC can only have one Internet gateway,

This is internet gateway for test-vpc1, you have explicitly attached the VPC to this internet gateway.

Now, i created the route table for test vpc, in that i route the internet gateway. so the inbound resources which required internet services they can use. and also I associated the subnet of test vpc in route table.

Now i did all configuration for test vpc, after this i simply create a ec2 instances in this vpc, not in default vpc. Also in enable the Auto Assign public ip, so through i can get a public ip for my instances. in Security group , i allow all HTTP access in this instances.

Then i simply connect the terminal via web, not used putty method.

There you can see the private IPs of this instances its 10.0.0.208 its between the range of the subnet in this vpc.

Production VPC

Now for the production vpc all set are same as test vpc. just minor change are which highlight in bullet points below:

  • Name: Production VPC (prod-vpc2), CIDR: CIDR Block: 192.168.0.0/16

  • Subnet: 192.168.0.0/24 (Availability Zone: eu-north-1b) Name of the subnet is prod-subnet-vpc2, its also have 251 available IPv4.

  • Internet Gateway: Attached, this is attached to vpc2.

  • Route Table: Configured for internet access of vpc2 so the resources can access the internet.

  • EC2 Instance: prod-instance this instance is create in VPC2, here also i enable auto assign ip address. and in security i allow all HTTP traffic.

    here also this instances get ip in between the range of the prod- subnet

PEERING CONNECTION

Now both the vpc setup is finished, then created Peering connection for both vpc, without this you cannot communicate with other vpc in same or different region, its important after creating this peering connection, it generate a request for second vpc, suppose your vpc is in the different region or different account then you have go there and accept the connection request. Also One request which generate by someone for peering can active for a week. after that the request is decline by aws.

Now after accepting the request of VPC peering, i also need to add some inbound rule in both ec2 instances because without that Peering can’t possible, Rule is ICMP(internet control message protocol) for both ec2 instances for specific IPs (each other CIDR block)

This is in test-instances (test-vpc1) here i allow inbound icmp for only production vpc1 request thats why i mention the prod-vpc2 CIDR block

Now same i have to do in second vpc, (production vpc) here i had mention test-vpc CIDR block ip.

Now lets check connection happened or not between both vpc. we ping production instances first and the ping is successfully and vice-versa.

Conclusion

VPC Peering allows secure, private communication between VPCs. It is essential for multi-tier applications, test-production environments, and hybrid cloud setups.

By understanding the components like Route Tables, IGW, Subnets, Peering Connection, and Cost Factors, you can effectively design AWS networks for scalability, security, and efficiency.

1
Subscribe to my newsletter

Read articles from ANUJ TIWARI directly inside your inbox. Subscribe to the newsletter, and don't miss out.

vpcvpc peeringVpc basicsvpcroutesaws vpc introductionvpc internet gatewayaws vpc beginnersaws vpc creationAWS Subnetaws-peering

Written by

ANUJ TIWARI
ANUJ TIWARI