Everything about Amazon Virtual Private Cloud(VPC)

This tutorial explains about Amazon Virtual Private Cloud ( VPC) . It will also explain the terms such as Subnet, CIDR Block,NAT Gateway, Internet Gateway, Route Table etc , that is used at the time of VPC creation.


What is Amazon  VPC ?


Like a traditional Network, AWS allows a customer to create a Virtual Network inside his/her AWS account .This network is a Private network for that account holder only, means he/she only is the owner of that network.

You can create a VPC in any AWS Region ,and by default you can create 5 VPCs per AWS Region.However, we can increase this Quota Limit by sending a request to AWS Support.


Before Creating a VPC , let us have some basic understanding of the terms used in VPC creation.


A Subnet is a logical partition of the VPC/Network. In other words, we can break a VPC Network into multiple small Network Segments, called subnets.

By default, we can ceate 200 subnets per VPC .

AWS enables you to create Public and Private Subnets.


AWS Public Subnets

Instances in the Public Subnets are publicly accessible over the Internet and can access Internet as well.In other words, Instances inside Public Subnet can send outgoing traffic as well as receive Incoming traffic.We attach Public IPs to the Instances of this subset.Route Table of this subnet route traffic using Internet Gateway.


AWS Private Subnet

Instances in the Private Subnets are not publicly accessible over the Internet but can access Internet.In other words, Instances inside Public Subnet cannot send outgoing traffic but can receive Incoming traffic.We can access Private Subnet using harware/software VPN or from Public Subnet. Instances inside Private Subnet can access Internet by the help of NAT Gateway.Route table of this subnet route traffic using NAT Gateway.


CIDR Block/CIDR Notation

CIDR notation is an alternate way of representing a Subnet mask . It is simply a count of Network bits in the subnet mask. CIDR number is preceded by a slash sign ” / “.

A Network or Subnet IP  with subnet mask will be represented in CIDR Notation as , a Network or Subnet range with subnet mask will be represented by CIDR , an IP address with subnet mask will be represented by CIDR .


Availability Zones

An Availability Zone( AZ) is a one or more discrete Data Centers in an AWS Region with redundant power, networking, and connectivity.

The no of AZs may varies from 2 to 5 in different AWS Regions.

It is good practice to distribute your web/applications/databases in multiple subnets in multiple AZs. In case , one AZ goes down due to power outage, lightning, earthquake etc, your application will be still running in another AZ.


Elastic IP

Elastic IP address is a Public IP(IPv4) address provided by AWS Cloud and this Public IP address is static and easily attachable and de-attachable to any instance. You can attach or de-attach an Elastic IP any time(without shutting down the instance) and,  to any Instance as per your requirement.Due to this flexible behavior, AWS named this IP address as Elastic IP.


NAT Gateway

NAT Gateway enables instances inside Private Subnet to get  Internet access.Instances behind NAT Gateway cannot send outgoing traffic but can receive incoming traffic.

Internet Gateway

Internet Gateway enables instances inside Public Subnet to get Internet access. In addition, it enables Public Subnetpublicly accessible over the Internet.In other words , Instances behind Internet Gateway can send outgoing traffic as well as can receive incoming traffic.

Also, Internet Gateway is the only component that allows communication between your VPC and Internet.In fact , it is attached to route table of NAT gateway and Public Subnet to enable them to communicate with Internet.

Route Table

Every VPC has an implicit Router and that router use route table to controls  network traffic or directs the traffic to a destination.

You can associate the Route Table with an Internet Gateway or Nat Gateway for Internet access.


How to Create Amazon Virtual Private Cloud ?

Step 1 –  Login to AWS account

Navigate to Services ——->  Networking and Content Delivery ————-> VPC

Click on Launch VPC Wizard


Step 2 – Create VPC with Public and Private Subnets

In this tutorial we are  choosing VPC with Public and Private Subnets . However , there are three other options i.e  VPC with a Single Public Subnet, Public and Private Subnets and Hardware VPN Access , and Private Subnet only with Hardware VPN Access , that you can also choose.

Instead of choosing  AWS Hardware VPN, you can opt for OPENVPN  for Private Subnets .OpenVPN provides  two users with free licenses.

Read About : How to setup OpenVPN server on AWS

Click on Select



Step 3 – Enter the Appropriate details for your Amazon Virtual Private Cloud.

Enter VPC Network in CIDR Notation

Enter the name of your new VPC

Enter the Subnet in CIDR Notation

Enter Availablity Zone

Enter Public Subnet in CIDR Notation

Enter Availability Zone for Private Subnet

Enter the name of Private Subnet

Enter Elastic IP Allocation ID  ( Allocate a dedicated Elastic IP for NAT Gateway and enter Elastic IP allocation ID)

To know more about Elastic IP read How to allocate, attach and detach  Elastic IP in EC2 Instance

Note : You can also use NAT instance instead of NAT Gateway for very small Network or have very less Inbound/ outbound traffic.

Click on Create VPC


The following screen will appear


And in few min , your VPC will be created.



More facts about VPC

Navigate to Subnet section Under VPC, and select  Public and Private Subnet one by one.

You can see here, in the Route table of  Private Subnet , NAT Gateway is attached.


While in Public Subnet ,Internet Gateway is attached in the route table.



Your VPC is created now and ready to use with Private and Public Subnet. Attach Public facing fronted instances like Web Server with Public Subnet and Backend Servers  like Application Servers and Databases with Private Subnet.

I hope you enjoyed this tutorial and learned Everything about Amazon Virtual Private Cloud(VPC) . If you think this article is helpful, please do share this post with others as well. Please also share your valuable feedback, comment or any query in the comment box. I will really happy to resolve your queries.

If you want to learn more on AWS services , read – Important List of AWS Services

Thank You so much !

If you think we helped you or just want to support us, please consider these:-

Connect to us: Facebook | Twitter

You may also like…

Leave a Reply

Your email address will not be published. Required fields are marked *