Demystifying AWS VPC: A Practical Guide with Step-by-Step Examples

This blog post provides a comprehensive guide with practical examples to demystify Amazon Web Services (AWS) Virtual Private Cloud (VPC). Whether new to AWS or looking to enhance your cloud architecture skills, this guide will help you understand VPC, create public and private subnets, and launch EC2 instances within your VPC.

What is VPC?

Amazon Virtual Private Cloud (VPC) is a service that allows you to launch AWS resources in a logically isolated virtual network that you define. With VPC, you have complete control over your virtual networking environment, including selecting your IP address range, creating subnets, and configuring route tables and network gateways.

Public vs. Private Subnets

A public subnet has a route to an Internet Gateway, allowing instances within the subnet to communicate directly with the Internet. In contrast, a private subnet does not have a route to an Internet Gateway, keeping the cases isolated from direct Internet access. This is useful for hosting backend services like databases or application servers that do not require direct Internet exposure.

Creating a VPC

To create a VPC, follow these steps:

1. Navigate to the VPC Dashboard:
   • Sign in to the AWS Management Console.
   • Open the VPC dashboard from the Services menu.
2. Create a VPC:
   • Click on “Your VPCs” in the left-hand navigation pane.
   • Click the “Create VPC” button.
   • Enter a name for your VPC.
   • Define an IPv4 CIDR block (e.g., 10.0.0.0/16).
   • Choose whether to enable DNS hostname and DNS resolution.
   • Click “Create VPC”.

Creating a Public Subnet

Next, we will create a public subnet within the VPC:

1. Create a Subnet:
   • In the VPC dashboard, click on “Subnets”.
   • Click the “Create subnet” button.
   • Select your VPC from the dropdown.
   • Enter a name for your subnet.
   • Define an IPv4 CIDR block (e.g., 10.0.1.0/24).
   • Choose the Availability Zone.
   • Click “Create subnet”.
2. Attach an Internet Gateway:
   • In the VPC dashboard, click on “Internet Gateways”.
   • Click “Create internet gateway” and enter a name.
   • Click “Create internet gateway”, then “Actions” > “Attach to VPC” and select your VPC.
3. Update Route Table:
   • In the VPC dashboard, click on “Route Tables”.
   • Select the route table associated with your VPC.
   • Click on the “Routes” tab, then “Edit routes”.
   • Add a new route with 0.0.0.0/0 as the Destination and the Internet Gateway as the Target.
   • Click “Save routes”.

Launching an EC2 Instance in a Private Subnet

To launch an EC2 instance in a private subnet:

1. Create a Private Subnet:
   • Follow the steps to create a subnet, but use a different IPv4 CIDR block (e.g., 10.0.2.0/24).
   • Do not attach an Internet Gateway to this subnet.
2. Launch an EC2 Instance:
   • Go to the EC2 dashboard and click “Launch Instance”.
   • Choose an Amazon Machine Image (AMI) and instance type.
   • In the “Configure Instance” section, select your VPC and private subnet.
   • Complete the remaining steps to launch your instance.

Making a Public Subnet Public

To make a subnet public, ensure it has a route to an Internet Gateway:

1. Modify Subnet Route Table:
   • In the VPC dashboard, go to “Route Tables.”
   • Select the route table associated with your public subnet.
   • Ensure there’s a route with 0.0.0.0/0 pointing to the Internet Gateway.
2. Update Subnet Settings:
   • In the VPC dashboard, go to “Subnets” and select your public subnet.
   • Click “Actions” > “Modify auto-assign IP settings”.
   • Enable “Auto-assign IPv4” and save.

Conclusion

AWS VPC is a powerful tool for creating isolated virtual networks within the AWS cloud. By understanding the difference between public and private subnets and how to create and configure them, you can build secure and scalable network architectures tailored to your application needs.

References

Plan your VPC

VPC for a test environment