Note: Before you jump in, give this theoretical blog a quick read [link], it'll help you understand all the concepts better!

Here is our network diagram, which illustrates how we will set up the VPC and other resources.

To access the VPC, navigate to the AWS console and enter "VPC" in the search bar, then click on it.

You will find one VPC listed here. By clicking on it, you will see the default VPC, which does not have a name. This VPC is created by AWS.

And we wanted to create our own VPC then click on Create VPC.

When creating a VPC in AWS, you generally get two options:

VPC only:

This option creates just the Virtual Private Cloud (VPC), nothing else.
It does not create subnets, internet gateways, route tables, or any other networking components.

This is ideal for production environments, where you want full control and prefer to manually configure all networking components as per your architecture (e.g., specific subnets, NAT gateways, custom route tables, etc.).

VPC and more:

This option is more of a quick-start setup. AWS automatically creates:

A VPC
One or more Public and Private Subnets
Route Tables
Internet Gateway
Availability Zones mapped to subnets

This is a great choice for testing, learning, or quick demos, where speed and convenience are more important than fine-grained control.

For production setups, it’s recommended to go with “VPC only”, so you can:

Define subnet CIDR ranges
Control how traffic flows
Set up security groups, NAT gateways, and route tables properly

Ensure it aligns with your architecture and security standards

Lets create it with VPC only type:

Select VPC only
Add CIDR Block details

What CIDR block?

With CIDR, you can allocate IP addresses to your resources. Classless Inter-Domain Routing (CIDR) is a way to assign IP addresses that makes data routing on the internet more efficient.

But you might wonder how to determine what to write in this block.

You can simply search for cidr.xyz. This tool will help you by showing how many IP addresses you will get when you input certain numbers.

If you enter 10.88.135.144/28, you will receive 11 IP addresses.

Why can you only run 11 devices?

This is because AWS reserves 5 IP addresses for maintenance purposes.

If you make 0 in 4th octet block and CIDR prefix is 16 at last then we can run 65,536 IP addresses.

Quick Concept:

An IP like 10.0.0.0 has 4 octets = 32 bits.
CIDR (/x) means how many bits are fixed for network, the rest are for host IPs.
The more bits for network → fewer host IPs.

`10.0.0.0/16` - Big network

First 16 bits (2 octets) → Network part: 10.0
Last 16 bits → Host part: 0.0 to 255.255
IP range: 10.0.0.1 to 10.0.255.254
Total IPs: 65,536
Used for large networks (e.g., subnets in VPC)

Memory Tip:
/16 = "2 blocks fixed" = street name
Rest is house numbers = a lot of houses!

`10.0.0.0/28` - Tiny network

First 28 bits → Network part: 10.0.0.0 to 10.0.0.15
Last 4 bits → Host part
IP range: 10.0.0.1 to 10.0.0.14
Total IPs: 16 (14 usable)
Used for small groups of machines (like 6–10)

Memory Tip:
/28 = only 4 bits for hosts = fits in a tiny apartment floor!

`10.0.0.1/32` - Single IP

All 32 bits are fixed = no host range
Only 1 IP: 10.0.0.1
Total IPs: 1
Used for pointing to a specific machine (e.g., firewall rules, IAM)

Memory Tip:
/32 = exact person = just 1 address, like your personal desk.

Tip:

More bits = smaller network
Less bits = more hosts

In this example, we will use 10.0.0.0/24, which provides a total of 256 IP addresses. However, we will have 251 usable addresses available.

Tenancy:
When creating a VPC, tenancy defines how EC2 instances are launched in it:
- Default: Instances run on shared hardware (no extra cost).
- Dedicated: Instances run on dedicated physical servers (higher cost).

We choose Default to avoid extra cost. Use Dedicated only if you really need your own server.

Now click on "Create VPC," and your VPC will be created.

Now that we have created a VPC, let's proceed to create the remaining resources as outlined in our Network Diagram.

Subnets

These are the default subnets for Oregon State.

Steps for Creating a Public Subnet:

Click on "Create Subnet."
You will be prompted to choose the VPC under which you want to create the subnet. Select the VPC you have created (in our case, it's my-vpc-01).
Assign a name to your Subnet and choose any Availability Zone. Then, specify a Subnet CIDR block that is similar to the VPC or choose any appropriate one as per the requirements.

Click on create Subnet and done.

Similarly, you can create a Private Subnet by changing the Availability Zone and the Subnet name.

Assign a name to the subnet.
Choose a different Availability Zone.

(MIMP Concept) If we attempt to use the same CIDR block details, it will not be permitted. This is because, in the VPC, we assigned CIDR blocks with 256 IPs, and the public subnet already uses these 256 IPs. In reality, it uses 251 IPs because AWS reserves 5 IPs for maintenance purposes.

Currently, there are no IPs left for the Private Subnet. The solution is to use a larger CIDR block when creating a VPC and then divide it accordingly. For now, we will use the Public Subnet. This example is provided to help you understand this concept.

You might be wondering whether this public subnet, which is inside the VPC, has access to the Internet.

Let's launch an EC2 instance and fill in the details as shown in the image below:

Edit the VPC details as follows:

Select the VPC name that we have created.
Choose the Subnet.
Enable the Auto-assign public IP option. This will assign an IP range between 10.0.0.1 - 10.0.0.254

Add Security group Rules form HTTP and select Source type as Custom and give 10.0.0.0/24. SO it can access IP addresses from our CIDR block.
Click on Launch Instance.

Our instance has been successfully created and is currently running.
The Private IPv4 address assigned is 10.0.0.12, which falls within the range (10.0.0.1 - 10.0.0.254).

Now we will try to connect EC2 instance.

It will try to connect from point A to B.

When you click on connect, the attempt will fail because your subnet is private. Although we named the subnet as public, any subnet is initially private when created. To make it a public subnet, you need to provide Internet Gateway access. Without this access, it remains private.

Lets give it Internet Gateway access so it will become Public Gateway.

Internet Gateway: In a data warehouse network, an Internet Gateway is a device that allows internet access. It determines where the incoming internet traffic will be routed.
To manage this routing, a Route Table is also necessary. Let's proceed to create a Route Table.

Now that your VPC has internet access and a route table is set up, you need to specify which subnet should use it. To do this, go to the subnet association in the route table.

Associate our test-public-subnet with the route table and save the changes.

Now navigate to the Subnet settings and modify them to “Enable auto-assign public IPv4 address”.

Does the Internet Gateway know about this Route Table? No.
To address this, go to the Internet Gateway, click on Action, then select Attach to VPC, and attach it to the test VPC.

Now that we have attached the Internet Gateway to the VPC and associated the subnet with the Route Table, the only remaining step is to add the Internet Gateway to the Route Table. Once this is done, we will be able to connect to our EC2 Instance.

Go to Route Tables, then navigate to Routes, and click on Edit routes.

Now, we will add the route 0.0.0.0/0, which signifies any destination, and then attach the Internet Gateway, which in this case is our test-igw.

Now that our Internet Gateway is connected to the Route Table and linked with the Public Subnet, we can successfully connect to our EC2 Instance.

This is how a VPC operates: no one can connect to your instance unless you configure the EC2 with an Internet Gateway, Route Table, and other necessary components.

What about Private Subnet?

If a subnet has a route to the Internet Gateway (IGW) with 0.0.0.0/0, it's a public subnet.
If it doesn't, it's a private subnet and to allow outbound internet access from a private subnet, we use a NAT Gateway (which must be in a public subnet).

VPC Peering is up next, can’t wait to share some cool stuff with you, so stay tuned!