AWS Networking 101: How to Build a Fully Connected VPC from Scratch

As I continue my networking and cloud journey in AWS restart, one of the major concepts one is required to understand is how to configure a VPC and ensure that is securely connected to the internet. This article will show just that. Requirement for this article is understanding of networking CIDR, networking basics an AWS account and the willingness to learn.

What is a VPC?

A Virtual Private Cloud (VPC) is like your own private data center in the cloud. It lets you launch AWS resources (like EC2 instances) in an isolated network.

Key Components of a VPC:

1. Subnet – A segment of your VPC where you place resources (like EC2 instances).

2. Internet Gateway (IGW) – Allows communication between your VPC and the internet.

3. Route Table – Defines how traffic flows in and out of your subnets.

4. Security Group – Acts as a firewall at the instance level (stateful—blocks everything by default).

5. Network ACL (NACL) – Acts as a firewall at the subnet level (stateless—allows everything by default unless restricted).

Step-by-Step VPC Setup

1. Create a VPC

• Why? This is your main network.

• Steps:

  • Go to VPC Dashboard → Your VPCs → Create VPC.

  • Name: Test VPC

  • IPv4 CIDR: 192.168.0.0/18 (This gives us a large private IP range).

  • You can learn more about networking CIDR Block here

2. Create a Public Subnet

• Why? A subnet is where your EC2 instance will live.

• Steps:

  • Go to Subnets → Create subnet.

  • Select VPC CIDR block you selected above.

  • Name: Public Subnet

  • IPV4 subnet CIDR block: 192.168.1.0/26 (A smaller range inside the VPC based on CIDR Networking).

3. Create an Internet Gateway (IGW) and Attach It

• Why? Without this, your VPC can’t talk to the internet.

• Steps:

  • Go to Internet Gateways → Create internet gateway.

  • Name: IGW Test VPC

• Attach it to your VPC (Actions → Attach to VPC → Select Test VPC).

4. Create a Route Table and Add a Route to the Internet

• Why? The route table tells traffic how to reach the internet.A route table serves as the traffic controller for your virtual private cloud (VPC). Each route table contains a set of rules, called routes, that determine where network traffic from your subnet or gateway is directed. When you create a VPC, we also create the main route table for the VPC. You can create additional route tables for your VPC, so that you have more granular control over the network paths for your VPC.

• Steps:

  • Go to Route Tables → Create route table.

  • Name: Public Route Table

  • VPC: Test VPC

  • Edit routes → Add route:

    • Destination: 0.0.0.0/0 (All internet traffic).

    • Target: IGW Test VPC (This sends traffic to the internet).

  • Associate the subnet (Subnet Associations → Select Public Subnet).

5. Set Up a Network ACL

• Why? NACLs provide an extra layer of security at the subnet level.

• Steps:

  • Go to Network ACLs → Create network ACL.

  • Name: Public Subnet NACL

  • VPC: Test VPC

  • Add inbound & outbound rules:

    • Rule 100: Allow All traffic (for simplicity in testing).

6. Create a Security Group

• Why? Security groups act as a firewall for your EC2 instance.

• Steps:

  • Go to Security Groups → Create security group.

  • Name: Public Security Group

  • VPC: Test VPC

  • Inbound Rules: Allow SSH (22), HTTP (80), HTTPS (443).

  • Outbound Rules: Allow All traffic (for testing).

  • 

• Launch an EC2 Instance in the Public Subnet

• Why? To test if your VPC can reach the internet.

• Steps:

  • Go to EC2 Dashboard → Launch Instance.

  • AMI: Amazon Linux 2023

  • Instance Type: t3.micro (Free Tier eligible).

  • Key Pair: create and download the key pair(for SSH access).

  • Network Settings:

    • VPC: Test VPC

    • Subnet: Public Subnet

    • Auto-assign Public IP: Enable

    • Security Group: Public Security Group

  • Launch!

🔹 Testing Connectivity

Once your EC2 instance is running:

1. SSH into it (using the key pair).

2. Run:

    ping google.com
   

   • If you get replies, your VPC is correctly set up!

   • If not, check:

     • Is the IGW attached?

     • Does the route table have 0.0.0.0/0 pointing to the IGW?

     • Is the security group allowing outbound traffic?

• 🔹 Conclusion

Setting up a VPC can be tricky, but by following these steps, you ensure:
✅ Your VPC has internet access.
✅ Your EC2 instance can communicate externally.
✅ Security is properly configured.

Happy coding 😊!!