ayush's blog.

AWS Cloud Quest Task 6: Connecting VPCs

Jan 16, 2026 · 9 min

AWS Network VPC Subnets

Hey! Hey! Hey! Hope you all are doing good :)

btw this is part 6 of my AWS Cloud Quest series where i’m learning AWS and writing about it in sort of informal way, but i promise there are learnings in the blogs. if you missed previous tasks, you can check that out on the archives section of website.

The Problem

This time, we are approached by City’s Chief Marketing Officer and they have setup different VPCs for different departments like marketing, finance, etc to keep the applications secure and isolated. The issue is, every department needs to access Finance Reports from the Finance VPC.

Their current setup requires them to submit tickets just to see the report which is a real bottleneck for them.

Introducing VPC Peering

VPC Peering allows VPCs to communicate directly which each other using private and secure connections.

We can peer one VPC to multiple VPCs. But If Marketing connects to Finance, and Development connects to Finance, Marketing and Development still can’t talk to each other unless you create a direct connection between them.

We can also peer with VPCs in different accounts, even in different regions.

VPC Peering can use IPv4 or IPv6 private addresses to communicate between the VPCs.

VPC Peering Connections are neither Gateways nor VPNs, and do not rely on a separate physical hardware. It works with existing infrastructure. This results in prevention of single point of communication or bandwidth bottlenecks.

Screenshot 2026-01-16 at 9.34.19 PM.png

Establishing VPC Peer Connection

Say there are two VPCs, X and Y.

Let X be the requester VPC and Y be the acceptor VPC.

This is how to establish connection b/w them:

  1. X will send a peering request to Y.
  2. One important note to keep in mind that, if X and Y have overlapping CIDR Blocks, VPC Peering wont be supported.
  3. Y accepts the peering request.
  4. Owners of X and Y both need to manually add routes in the VPCs that points towards the IP Range of the other VPC and put Peering Id in target.
  5. If required, you can update the security group rules.

The Task

We have to connect the given VPCs, Here is how to do it:

Section A

  1. Search VPC. Go to VPC Dashboard & See the available VPCs.
  2. Go to your EC2 Instance Page, and select FinanceServer Instance, and click on networking tab. You can notice that this instance does not have a public IPv4 or public IPv4 DNS, this is because this is an instance created inside private subnet.
  3. Copy the private IPv4.

Section B

Assuming we are unaware the FinanceServer is private. Here is how to check it:

  1. We want to connect Marketing and Finance. Select MarketingServer from EC2 instances and click on connect button present on the bar where “instances” heading is present.
  2. You will be taken to a new page. Click on Session Manager, click connect.
  3. A terminal will open. Type “ping” and paste IP Address which you copied earlier”.
  4. Press enter.
  5. You can see the terminal is hanging- nothing updates. This implies the Finance Server is private.
  6. Press Control + C to exit.

Screenshot 2026-01-16 at 9.55.17 PM.png

Section C

Sending Peer Request

  1. On the EC2 Instance page, select MarketingServer and go to network tab. We want to connect Marketing and Finance.
  2. Click on Subnet ID. Subnet Dashboard will open.
  3. Click on ‘peering connections’ present on the left pane, under Virtual Private Cloud Section.
  4. Click on “New Peering Connection”
  5. Under “Requester” ie who is requesting, click on Marketing VPC.
  6. Under “Acceptor” ie whom to connect with, click on Finance VPC.
  7. Click “Create Peering Connection”
  8. Now the request to create peering connection has been sent to Finance VPC.
  9. Since we are the owner of both the VPCs, under actions, click Accept Request.

Section D

Modifying Route Tables

  1. On the EC2 Instance page, select MarketingServer and go to network tab.
  2. Click on Subnet ID. Subnet Dashboard will open.
  3. Select the Subnet, click on provided Route ID in the details.
  4. Select Route Table, Click on Routes Tab, and then Edit Routes.
  5. Click on Add Route & Paste CIDR of the VPC we peered with, in our case Finance [172.31.0.0/16] .
  6. In Target, select Peering Connection from dropdown and in peering ID, select the name of peering connection we created above.
  7. Save Changes.
  8. Repeat Steps 1 - 7 for FinanceServer, except in CIDR we pasted 10.10.0.0/16 which is CIDR of Marketing VPC.

That’s It Right? No. If you now do steps of Section A, you will still get the same results. Why? Because Security Group.

Section E

Editing Security Group Rules

  1. On the EC2 Instance page, select FinanceServer and go to Security tab.
  2. Click on link/id under Security Groups.
  3. Security Groups Dashboard will open and click on Inbound Rules Tab.
  4. Click on Edit Inbound Rules.
  5. Click Add Rule. Under Type select Custom ICMP - IPv4

Now if you do steps from Section A you will get an established connection. Screenshot 2026-01-16 at 10.21.31 PM.png

DIY Section

For DIY Section we had establish a peer connection between Developer & Finance Servers.

I will be honest, I need more practice for this, there are a bit more steps than usual for this task, and I want to see when the VPCs have different owners, how does the process work then? How security groups work?

But overall, it was interesting i would say. Anyways folks, its late night now, I’ll go sleep. See you all in next task :)