Go to VPC Management Console and select Network ACLs in the left sidebar.
Tick on Network ACL being assigned to the subnets of HG VPC.
Next, click the Inbound Rules tab at the bottom of the screen, and click Edit inbound rules.
We will change Rule number 100. Under Source change 0.0.0.0/0 to 172.31.0.0/16 and click Save changes.
Thus, you have reduced the range of IP addresses that can be connected to the subnets of HG VPC. Now, only IP addresses in block 172.31.0.0/16 (My VPC’s CIDR) can connect to HG VPC subnets.
Back in the terminal, try pinging EC2 - HG VPC’s public IP address again. You will see a ping failure because the connection from the Internet to the HG VPC has been limited by the Network ACL that has just been updated.