How to create VPC in AWS step by step guide

by | Oct 4, 2024 | Cloud

AWS

AWS [VPC]

Introduction

In the world of cloud computing, understanding networking is essential. AWS Virtual Private Cloud (VPC) allows you to create an isolated and customizable network environment within the AWS cloud, offering granular control over your infrastructure. This guide walks you through setting up your own VPC, introduces concepts like CIDR and subnets, and includes steps for launching a basic EC2 instance inside your VPC.

What is a VPC? 

A Virtual Private Cloud (VPC) is a dedicated virtual network hosted in the AWS cloud. It allows you to run AWS resources within a secure, private environment while granting you the flexibility to control network settings such as IP addresses, routing, and access.
Key Benefits of Using a VPC
  • Security: You can isolate your resources, apply access controls using security groups and network ACLs, and create secure connections (like VPNs) to your on-premises environment.
  • Customization: Define your network topology, CIDR blocks, subnet sizes, and routing to match your application’s requirements.
  • High Availability: Spread resources across multiple Availability Zones (AZs) for redundancy and fault tolerance, ensuring higher uptime.
working of VPC

Understanding CIDR (Classless Inter-Domain Routing)

CIDR is a more efficient IP address allocation method compared to traditional class-based addressing. CIDR helps manage IP addresses by specifying both the base IP address and a prefix that defines how many bits are dedicated to the network.
Key Concepts of CIDR:
  • CIDR Notation: Represents IP addresses with a base IP and a subnet mask (e.g., 192.168.1.0/24). The /24 specifies the first 24 bits as the network part of the address.
  • Subnetting: Allows you to divide a larger network into smaller sub-networks (subnets), giving better management and use of IP address space.
  • Routing Efficiency: Aggregates multiple IP addresses into a single routing rule, reducing the complexity of network routing tables.

CIDR Block Sizes

CIDR NotationNumber of IP AddressesUsable IP Addresses/816,777,21616,777,214/1665,53665,534/24256254/281614
When designing your VPC, the CIDR block you select should accommodate your future growth and resource requirements. AWS recommends using non-overlapping IP ranges, such as 10.0.0.0/16 or 192.168.0.0/16.

Step 1: Access the VPC Dashboard

  1. Log in to the AWS Management Console.
  2. Search for VPC in the services menu and select it.

    Tip: Before setting up, plan your CIDR blocks and decide how many subnets (public and private) you will need. Having a clear network architecture helps avoid mistakes later on.

Step 2: Create a VPC

    1. In the left menu, click on Your VPCs.
    2. Click Create VPC and fill in the following details:
    • Name tag: e.g., MyVPC
    • IPv4 CIDR block: e.g., 10.0.0.0/16
    • Tenancy: Default (unless you need dedicated hardware).
    1. Click Create VPC.

    Tip: Choose the CIDR block carefully. A /16 block provides 65,536 IP addresses—more than enough for most environments.

Step 3: Create Subnets

  1. In the VPC dashboard, click on Subnets.
  2. Click Create Subnet and fill in:
  • Name tag: e.g., PublicSubnet
  • VPC: Select the VPC you just created.
  • Availability Zone (AZ): Choose an AZ (e.g., us-east-1a).
  • IPv4 CIDR block: e.g., 10.0.1.0/24.
  1. Click Create Subnet.
  2. Repeat the process for a private subnet with a CIDR block like 10.0.2.0/24.

Tip: Public subnets are for resources needing internet access (e.g., web servers), while private subnets are for resources that should remain internal (e.g., databases).

Step 4: Create an Internet Gateway

  1. In the VPC dashboard, select Internet Gateways.
  2. Click Create Internet Gateway, give it a name (e.g., MyInternetGateway), and click Create.
  3. Attach it to your VPC using Actions  Attach to VPC.

Tip: Internet Gateways enable communication between resources in your VPC and the internet. Only instances in public subnets can access the internet through this gateway.

Step 5: Update Route Tables

  1. Navigate to Route Tables in the VPC dashboard.
  2. Select the route table associated with your public subnet and click the Routes tab.
  3. Edit the routes and add the following:
  • Destination: 0.0.0.0/0 (indicating all traffic)
  • Target: Select the Internet Gateway you just created.
  1. Save the changes.

Tip: Always ensure that your public subnet route table points to the internet gateway; otherwise, your instances won’t be able to connect to the internet.

Step 6: Configure Security Groups

  1. In the VPC dashboard, navigate to Security Groups.
  2. Click Create Security Group and fill in:
  • Name tag: e.g., WebServerSG
  • Description: e.g., Allow HTTP and SSH access.
  • VPC: Select your VPC.
  1. Set inbound rules:
  • Type: HTTP | Port Range: 80 | Source: 0.0.0.0/0
  • Type: SSH | Port Range: 22 | Source: Your IP (or 0.0.0.0/0 for testing).

Tip: Never leave SSH open to all IP addresses (0.0.0.0/0). For production, always restrict SSH to specific IPs or use VPN access.

Step 7: Launch an EC2 Instance

  1. In the EC2 Dashboard, click Launch Instance.
  2. Choose an Amazon Machine Image (AMI).
  3. Select an instance type (e.g., t2.micro for the free tier).
  4. Under Network settings, select your VPC and choose the public subnet.
  5. Attach the security group you created earlier.
  6. Complete the launch process.

Tip: If the instance is in a private subnet, it cannot access the internet unless you configure a NAT Gateway (Step 8)

Step 8: (Optional) Set Up a NAT Gateway

For instances in private subnets to access the internet (e.g., for updates), set up a NAT Gateway:
  1. In the VPC dashboard, go to NAT Gateways and click Create NAT Gateway.
  2. Choose the public subnet and allocate an Elastic IP.
  3. Update your private subnet route table to route 0.0.0.0/0 to the NAT Gateway.

Tip: Use NAT Gateways to allow internet access from private subnets without exposing them directly.