What is VPC ? and Let’s Create VPC in AWS.

Ravi Malvia
8 min readNov 22, 2022
Virtual Private Cloud

AWS's Virtual Private Cloud (VPC) is one of its services. A VPC is a private cloud computing environment contained within a public cloud. The VPC is a virtually isolated environment made to provide a private environment according to the needs of IT companies and business requirements.

By default, you can create up to 5 VPCs. You can ask for additional VPCs using the VPC Request Limit Increase form.

An IT company hosts its products and services on servers for customers to see. They make sure no one has access to their databases or their internal codebase. That’s why IT companies isolate their databases, CRM information, and internal code bases from the customers.

The Virtual Private Cloud consists of the following features:

  1. Subnets: A subnet is a range of IP addresses in your VPC. Subnets consist of instances which are servers, DBMSs, and CRMs. A subnet must reside in a single Availability Zone. After you add subnets, you can launch AWS resources into a specified subnet.
  2. IP Addressing: You can assign IPv4 addresses and IPv6 addresses to your VPCs and subnets. You can also bring your public IPv4 and IPv6 addresses to AWS and allocates them to resources in your VPC, such as EC2 instances, NAT gateways, and Network Load Balancers.
  3. Routing: The Route tables decide where the traffic should go. Inside subnets, the resources like instances are all connected because of the local routing table which is set already while launching instances in the subnets.
  4. Gateways: As the name suggests the gateways are meant to connect to the outside world. In this case, the AWS internet gateway will connect you to other networks like public networks, internet, and other VPCs.
  5. NAT gateway: NAT Gateways allow private subnets to connect to the Internet but it works only one way. Instances in a private subnet can connect to the network or services outside of their VPCs but external services can’t initiate the network connection with those instances.
  6. Endpoints: A VPC endpoint to connect to AWS services privately, without the use of an internet gateway or NAT device.
  7. VPN connections: Connect your VPCs to your on-premises networks using AWS Virtual Private Network (AWS VPN).
  8. Peering connections: The VPCs have the ability to connect to other VPCs using VPC peering. In this one, VPCs in certain regions can connect to another VPC that is located in other regions.

Let’s see how the VPC network looks:

Credit to Geeks for Geeks

The description of this figure:

  1. There are two stacks of resources are created in one VPC. By the looks of the figure, it is a 3-tier infrastructure because the VPC consists of a Database tier, an Application tier that processes the internal codebase, and the last one is Web tier which is a presentation tier shown to the clients or Customers.
  2. All resources are kept private because of the security regions. We don’t want our databases to be compromised by some hacker, Because databases keep the most crucial data important to the customer like credit card info, IDs, and so on.
  3. There are two Routing tables, One routing table is the default routing table and is responsible for interconnection between subnets. And another routing table is for routing the subnet to the internet gateway which leads to the External networks.

Here are the steps for setting up a VPC in the AWS environment:

I have my own diagram to create the structure of the VPC:

So, We are going to implement above same VPC Structure.

Let's start with AWS VPC services.

Virtual Private Cloud:

  1. First Create a VPC, and name it whatever you want. I name It as “my_VPC”.
  2. Give “IPv4 CIDR” as “192.168.0.0/16”. “CIDR” mean “Classless inter-domain Routing”. It is decided based on Netmask. Let me give you some examples:-

If the netmask is 255.255.255.0 and IP is 192.168.55.0, then IP ranges from 192.168.55.0–192.168.55.255 means around 256 instances can be allocated with IPs but since some IPs are reserved by other resources, Elastic Compute Engine (EC2) only can be allocated 251 IPs.

If the netmask is 255.255.0.0 and IP is 192.168.0.0, then IP ranges from 192.168.0.0. to 192.168.255.255 which means around 65,536 instances can be allocated with IPs. In this case, CIDR will be written like 192.168.0.0/16.

If the netmask is 255.0.0.0 and IP is 192.0.0.0 then CIDR will be like 192.0.0.0/8.

Subnets: Create two subnets “Public Subnet” and “Private Subnet”.

a.) Public Subnet:

  1. Choose “VPC ID” as “my_VPC”. Name the Subnet as “Public Subnet” and choose “Availability Zone (AZ)” as “ap-south-1a”. Since we using Region Mumbai, there are three AZ, you can choose anyone but the next time you choose, your choice should be a different region So that your public subnet and private subnet can be isolated.
  2. Give “IPv4 CIDR block” as “192.168.1.0/24” and create it.

b.) Private Subnet:

  1. Choose “VPC ID” as “my_VPC”. Name the Subnet as “Private Subnet” and choose “Availability Zone (AZ)” as “ap-south-1b”.
  2. Give “IPv4 CIDR block” as “192.168.2.0/24” and create it.

Internet Gateways: Let’s create an Internet gateway.

Give name as “my_internet_gateway”. And Attach it to “my_VPC”.

Route Tables:

  1. Create a new route table and name it “my_route_table”.
  2. Give VPC as “my_VPC” and create it.

3. Edit route: Select Edit routes and Add route respectively. Set Destination as 0.0.0.0/0 (means public network) and Target as internet gateway (my_internet_gateway).

The Route table we set up, allows the server to go to the internet. Here we set up the destination as 0.0.0.0/0 which means when instances are alive they can go to the internet. The internet gateway is a router that leads to the internet. All the subnets first pass through the internet gateway to be able to connect to the internet.

Here is the first destination set to 192.168.0.0/16 which is the default that makes sure that all the resources in the VPC have the local connectivity

4. Subnet association: This is where we tell the VPC which subnet we want to attach to the route table and that will leads to the public internet. In this, we have to select the subnet we want to associate with the internet gateway.

a.) Click on Edit subnet associations and select “Public Subnet”, and save the subnet association.

Now all the main VPC settings have been done. Let’s test it now and launch an instance.

👉 We will launch two instances. Instead of default VPC, we will use my_VPC to launch instances. The first instance will use a Public subnet and another instance will use a Private Subnet.

Launching Test Instances:

Public Instance :

  1. This instance will be launched with Public Subnet. Name the instance as Public_instance. Choose the AMI as Amazon Linux.

2. Instance Type as t2.micro (for just testing). Provide key-pair.

3. Edit the Network settings, Choose VPC as my_VPC. Choose Subnet as Public Subnet and Auto-assign public IP should be enabled.

4. Change the Security Group rule, Allow it to All traffic, and the Storage setting will be as it is.

5. Now launch it successfully.

Private Instance:

Do the same as you did in the Public Instance. Name the Private instance as Private_instance and Choose the subnet as Private Subnet.

Here if you Enable Auto-assign Public IP, then there is no meaning of assigning a Public IP, because Private_instance is isolated. Keep the Public IP disabled.

Now Launch it successfully.

Now Let’s test the launched Instances. First Connect the Public_instance since Public Instance is attached to the Route table and the Route table has a route for the internet gateway to go to 0.0.0.0/0 (public network). We will able to use ssh protocol to connect to the instance through the internet.

If we ping through Public_instance to 8.8.8.8, it will work.

Let’s test the Private_instance. if you try to connect it using ssh protocol. it won’t work. In this case, we don’t have public IP, so here it won’t work.

When you connect your Public_instance, and through Public_instance you try to ping to the Private_instance’s Private IP address, It will be able to ping because within the VPC there is local connectivity between the instance.

Whenever there is a need to access the private_instance, we can use a public_instance to connect with it. just see below:

So That’s it, we have created our VPC in AWS.

Here is one also step-by-step tutorial uploaded on my GitHub link.

If you have any problem understanding it kindly can connect to me on my Linkedin and if you find it good and understandable, please don’t hesitate to give some claps. I appreciate it if you do.

--

--

Ravi Malvia

I'm a DevOps engineer and machine learning enthusiast with a passion for exploring the unknown depths of tech.