What Is a VPC? A Beginner's Guide to AWS VPCs

What Is a VPC? A Beginner's Guide to AWS VPCs

Amazon Virtual Private Cloud (VPC) is a service that lets you launch AWS resources in a logically isolated virtual network that you define. You have complete control over your virtual networking environment, including a selection of your IP address range, creation of subnets, and configuration of route tables and network gateways. You can use both IPv4 and IPv6 for most resources in your VPC, helping to ensure secure and easy access to resources and applications

Amazon VPC lets you to use multiple layers of security, including security groups and network access control lists, to help control access to Amazon Elastic Compute Cloud (Amazon EC2) instances in each subnet.

What is a VPC subnet?

The subnetwork of a VPC is the range of IP addresses that are part of it.

AWS resources can be assigned to a particular subnetwork. Use a public subnet for resources that require access to the internet and a private subnet for non-internet-connected assets.

To protect the AWS resources of every subnet, you can use a variety of security measures, like security groups and network access control lists (ACL).

What are the benefits of using an AWS VPC?

  • Reduced downtime and inconvenience

  • Reduced risk of data breaches

  • Flexibility

  • Cost-effective

How do I create an AWS VPC?

Most users prefer to use the AWS Management Console to create a VPC. Here’s how to set up your VPC step-by-step:

Step 1: Go the AWS management console and search for VPC and select it.

Step 2: Click on Create VPC

Step 3: Under the VPC setting select the vpc only, give the name of the VPC and set the IPv4 CIDR for na and click on the Create VPC. For now say Name: demo-vpc IPv4-CIDR:

Step 4: Now, select the Subnet on the dashboard column.

Step 5: Click on Create subnet and select the VPC created earlier, which is


Step 6: Give the name of the subnet and set the IPv4 CIDR block and click the create subnet.

Step 7: For creating a private subnet give the name and set the CIDR block such that it doesn't overlap and click the Create subnet.

now you can see the available subnet.

Step 8: Now go to the Route tables under the Dashboard.

Step 9: Now Create the route table and Name the table for the public subnet set the name and select the VPC created earlier.

Step 10: For the private subnet again, create the route table give a name and select the VPC created earlier.

Step 11: Select the Internet gateways from the Dashboard and Click on Create Internet gateway in the top right corner.

Step 12: Give a name for the Internet gateway settings, this is created to connect our VPC to the Internet.

Step 13: At the top right corner Click on Attach to a VPC and under Available VPCs select the with the name demo-vpc created earlier and click on Attach internet gateway.

Step 14: From the Dashboard Click on NAT gateways and on the top right corner Select the Create NAT gateway

Step 15: Under the NAT gateway settings, give a Name to the NAT, under Subnet Field Select a Public subnet created earlier and, on Connectivity type select Public

under Elastic IP allocation ID click on the Allocate Elastic IP button. And Create NAT gateway at the end.

Step 16: Go to the Route table and firstly select the public route table we created earlier.

under the Routes click Edit routes button on the right side of Routes.

Select the Add route and under Destination Select and under Target select Internet Gateway that we created since we are targeting any traffic that needs to go to the internet to the IGW and Save changes.

now select the Subnet associations next to the Routes and click on the Edit subnet association under Explicit subnet associations and select the public subnet created earlier and Save associations.

Step 17: Go back to the Route tables and select the private route table and click on the Edit routes.

Under the Destination select and under Target select NAT Gateway and Save changes.

Click the Subnet associations and under Explicit Subnet associations click on Edit subnet associations.

select the private subnet we created earlier and save associations.

Step 18: Under the search bar search EC2 and click on it.

Step 19: Click on the Launch Instance

we are creating two instances public and private instance.

Step 20: For the first instance give a name to the instance say instance-public

Step 21: Create a key pair for now we named it randomkey

Step 22: Under the Network settings Click on Edit

Select the VPC created earlier and under subnet field select the public subnet.

Enable the Auto-assign public IP

Step 23: Launch the Instance

Step 24: we are creating a private instance for that click on Launch instance

Step 25: Name the instance for now we name it instance-private.

Step 26: You can select the same key pair or you can create a new one. For now we use the same key pair "randomkey"

Step 27: Under the Network settings Click on Edit.

Select the VPC created earlier we have "demo-vpc" , on Subnet select the private-vpc and Enable the Auto-assign public IP

Step 28: You can see the two instances now, select the public Instance which Status is 2/2 check passed. we have "instance-public" and click on Connect.

Copy the Command from the SSH client

Open the Terminal and change directory where your key-pair is

cd Downloads

change the permission of the key-pair.

chmod 400 randomkey.pem

connect to the public-instance

ssh -i "key-pair_name.pem" ec2-user@<Public IP>

you can ping to google to see if there's a connection established.

ping google.com

Connecting Private instance from public instace

you need to note down the Private IPv4 addresses

open the keypair file and copy the text.

  • create a file and paste the copied keypair text inside and save and exit.

  • change the file permission

      chmod 400 filename.pem

connect the instance using private ip address.

  •     ssh -i filename.pem ec2-user@<private_ip_address>

you can ping to see the Private instance is connected to internet or not .

ping facebook.com

you have done it.


© 2023, Amazon Web Services, Inc.