# What Is a VPC? A Beginner's Guide to AWS VPCs

**Amazon Virtual Private Cloud (VPC)** is a service that enables you to deploy AWS resources within a network that is completely isolated and customized according to your needs. With VPC you have control, over your networking environment allowing you to choose the IP address range create subnets and configure route tables and network gateways.

### **What are the benefits of using an AWS VPC?**

* Reduced downtime and inconvenience
    
* Reduced risk of data breaches
    
* Flexibility
    
* Cost-effective
    

## How do I create an AWS VPC?

Most users prefer to use the AWS Management Console to create a VPC. Here’s how to set up your VPC step-by-step:

<mark>Step 1:</mark> Go the AWS management console and search for VPC and select it.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684253499682/fe8986e9-0320-40af-bab4-8e77f12c4301.png align="center")

<mark>Step 2:</mark> Click on Create VPC

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684253536038/d81bb570-35c9-4752-9e45-7f6018817aa8.png align="center")

<mark>Step 3:</mark> Under the VPC setting select the vpc only, give the name of the VPC and set the IPv4 CIDR for na and click on the Create VPC. For now say Name: <mark>demo-vpc</mark> IPv4-CIDR: <mark>10.0.0.0/16</mark>

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684255317015/b8b4ed8c-2986-4bcb-86a4-99bb9e29404f.png align="center")

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684255372544/50a9a780-aea5-45b2-9059-e4856746eb07.png align="center")

<mark>Step 4:</mark> Now, select the Subnet on the dashboard column.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684255439539/01747fe1-dff0-49bc-8855-8600fc3392bd.png align="center")

<mark>Step 5:</mark> Click on Create subnet and select the VPC created earlier, which is

(demo-vpc)

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684255529158/4cd58295-2902-4a7e-b55a-019540009ab2.png align="center")

<mark>Step 6:</mark> Give the name of the subnet and set the IPv4 CIDR block and click the create subnet.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684253274420/7dc3cf39-33cb-4cc7-9865-ca912f299823.png align="center")

<mark>Step 7:</mark> For creating a private subnet give the name and set the CIDR block such that it doesn't overlap and click the Create subnet.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684253302923/e189b1fd-d608-46ed-b2a6-24208c208787.png align="center")

now you can see the available subnet.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684253326026/31fdf65d-4468-47c7-aba3-a827cd284625.png align="center")

<mark>Step 8:</mark> Now go to the Route tables under the Dashboard.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684255666442/ca19125f-1227-4f28-b6f7-e9c3077df204.png align="center")

<mark>Step 9:</mark> Now Create the route table and Name the table for the public subnet set the name and select the VPC created earlier.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684255679615/a03310b1-7605-4dac-942a-d9bf8e3aae79.png align="center")

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684255694584/d70251c7-334a-4dda-9860-ccd57e64ecf5.png align="center")

<mark>Step 10:</mark> For the private subnet again, create the route table give a name and select the VPC created earlier.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684255721638/0409a65b-a0e8-497a-a4d7-0b278bcb8e8a.png align="center")

<mark>Step 11:</mark> Select the Internet gateways from the Dashboard and Click on Create Internet gateway in the top right corner.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684255757759/172e08a8-4aac-4fc8-9d72-cc26f8a4b890.png align="center")

<mark>Step 12:</mark> Give a name for the Internet gateway settings, this is created to connect our VPC to the Internet.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684255774296/3ba104f6-a998-43f1-907a-8257b2b27e4c.png align="center")

<mark>Step 13:</mark> At the top right corner Click on Attach to a VPC and under Available VPCs select the with the name demo-vpc created earlier and click on Attach internet gateway.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684255806477/fec2226e-5c4b-4b7a-9f75-b6babf2155f2.png align="center")

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684255852695/ddd10e4a-2ec9-4f51-a7a1-fbe360fa6da2.png align="center")

<mark>Step 14:</mark> From the Dashboard Click on NAT gateways and on the top right corner Select the Create NAT gateway

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684255904047/a548038b-b491-47d1-8927-770df8333a4e.png align="center")

<mark>Step 15:</mark> Under the NAT gateway settings, give a Name to the NAT, under Subnet Field Select a <mark>Public subnet</mark> created earlier and, on Connectivity type select Public

under Elastic IP allocation ID click on the <mark>Allocate Elastic IP</mark> button. And Create NAT gateway at the end.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684255924962/52ddb852-f7b4-45d2-9f0c-f2a1bac40f37.png align="center")

<mark>Step 16:</mark> Go to the Route table and firstly select the public route table we created earlier.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684255998054/64802644-df74-4ce0-a667-d27804599f0b.png align="left")

under the Routes click **Edit routes** button on the right side of Routes.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684256026703/722b1cfc-a217-4aa9-a03f-40b7f12d8dc0.png align="center")

Select the Add route and under **Destination** Select <mark>0.0.0.0/0</mark> and under **Target** select <mark>Internet Gateway</mark> that we created since we are targeting any traffic that needs to go to the internet to the IGW and Save changes.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684256036695/f34bac96-ce8e-463e-b1b9-16f40f1ad4b2.png align="center")

now select the **Subnet associations** next to the Routes and click on the <mark>Edit subnet association</mark> under Explicit subnet associations and select the <mark>public subnet</mark> created earlier and Save associations.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684256738552/09ba2d8f-1ed7-4f6f-a6a7-99b99ea01cf1.png align="center")

<mark>Step 17:</mark> Go back to the Route tables and select the private route table and click on the Edit routes.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684256065871/1f471b24-a546-4e2f-b5b4-d9225f1e40a7.png align="center")

Under the Destination select <mark>0.0.0.0/0</mark> and under Target select <mark>NAT Gateway</mark> and Save changes.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684256075427/df9eb910-d216-44e4-b3f9-e7a530eeb84b.png align="center")

Click the **Subnet associations** and under **Explicit Subnet associations** click on <mark>Edit subnet associations</mark>.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684256800131/1c13416d-6a6c-4d1d-9086-fccc98c2355b.png align="center")

select the private subnet we created earlier and save associations.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684256928329/56838ae0-2d14-42d6-88bd-6184fa2adb2b.png align="center")

<mark>Step 18:</mark> Under the search bar search EC2 and click on it.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684256118638/cdff71f8-3fe0-4b26-9d30-f15e1e22ee1a.png align="center")

<mark>Step 19:</mark> Click on the Launch Instance

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684256167886/6bf73194-dd26-497c-9df8-aeabb06dcca9.png align="left")

## we are creating two instances public and private instance.

Step 20: For the first instance give a name to the instance say instance-public

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684256242665/4fa73166-6718-492f-ad05-0b16e43ec663.png align="center")

<mark>Step 21:</mark> Create a key pair for now we named it randomkey

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684256262292/0c8b8425-6af8-4545-a3a4-66a5e6739cff.png align="left")

<mark>Step 22:</mark> Under the Network settings Click on Edit

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684256478980/ec10b605-39d8-4764-900c-b76896c2d957.png align="center")

Select the VPC created earlier and under subnet field select the <mark>public subnet.</mark>

<mark>Enable</mark> the Auto-assign public IP

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684256271394/ba46fc46-429b-41ff-a9f5-af37e4381fcf.png align="center")

<mark>Step 23:</mark> Launch the Instance

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684256307839/a97ce705-5b50-409b-98a7-5f9b8d038d65.png align="left")

<mark>Step 24:</mark> we are creating a private instance for that click on Launch instance

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684256320974/c3e813c2-9b65-49be-acc8-40e1a40115a8.png align="center")

<mark>Step 25:</mark> Name the instance for now we name it <mark>instance-private</mark>.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684256377798/d4f538a9-7ed8-40bd-91a5-9e501167bc21.png align="center")

<mark>Step 26:</mark> You can select the same key pair or you can create a new one. For now we use the same key pair "randomkey"

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684256396876/3dec990b-ee01-47b9-9c1c-bec2880d8f54.png align="center")

<mark>Step 27:</mark> Under the Network settings Click on Edit.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684256424128/a903a537-b466-4831-a3b5-d7865bfa1cf8.png align="center")

Select the VPC created earlier we have "demo-vpc" , on Subnet select the p<mark>rivate-vpc</mark> and <mark>Enable</mark> the Auto-assign public IP

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684256435159/cd46b849-957d-476e-8579-d11ddb72a658.png align="center")

<mark>Step 28:</mark> You can see the two instances now, select the public Instance which <mark>Status is 2/2 check passed</mark>. we have "instance-public" and click on <mark>Connect</mark>.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684256530472/9215d14b-b0f7-4ef8-9762-ea84479c80b0.png align="center")

Copy the Command from the SSH client

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684256550975/dd4f3863-2cdd-4b5b-ae7e-e6bde968ff1b.png align="center")

Open the Terminal and change directory where your key-pair is

```bash
cd Downloads
```

change the permission of the key-pair.

```bash
chmod 400 randomkey.pem
```

connect to the public-instance

```bash
ssh -i "key-pair_name.pem" ec2-user@<Public IP>
```

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684256570756/46917c5b-de81-4bc0-ae89-f04e662d6207.png align="center")

you can ping to google to see if there's a connection established.

```bash
ping google.com
```

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684256947067/1a1e3065-f6ad-48cf-a074-aa73768a1f55.png align="center")

### Connecting Private instance from public instace

you need to <mark>note down the Private IPv4 addresses</mark>

open the keypair file and copy the text.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684256971140/67c08147-33c0-4519-aaa4-f26f8baeabff.png align="center")

* create a file and paste the copied keypair text inside and save and exit.
    
* change the file permission
    
    ```bash
    chmod 400 filename.pem
    ```
    

connect the instance using private ip address.

* ```bash
          ssh -i filename.pem ec2-user@<private_ip_address>
    ```
    

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684256991215/9a486512-15a4-4c78-9b3b-e9c2b5a63625.png align="center")

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1684257010822/d1ab718e-e4e4-49dc-bb8e-60de9bdec05a.png align="center")

you can ping to see the Private instance is connected to internet or not .

```bash
ping facebook.com
```

you have done it.

CONGRATULATIONS!!!

© 2023, Amazon Web Services, Inc.
