Step-By-Step Guide to Creating a Custom Virtual Private Cloud

Introduction:

In the realm of cloud computing, Amazon Web Services (AWS) stands out as a powerhouse, offering a myriad of services to cater to diverse business needs. Among its fundamental offerings is the Virtual Private Cloud (VPC), a cornerstone for building scalable and secure cloud infrastructures. Understanding VPC and its components is crucial for anyone venturing into AWS cloud architecture. In this article, we’ll delve into the significance of VPC, introduce its key components, and provide a comprehensive guide to creating a custom VPC on AWS.

What is VPC and Why is it Important?

A Virtual Private Cloud (VPC) is a virtual network environment within AWS that closely resembles a traditional network infrastructure but provides the scalability, security, and elasticity inherent to cloud computing. Think of VPC as your own slice of the AWS cloud where you can define your network settings, control traffic, and securely connect to other resources.

The importance of VPC lies in its ability to:

1. Isolate Resources: VPC enables you to create logically isolated sections of the AWS cloud, providing a secure environment for your resources.

2. Customize Networking: With VPC, you have granular control over IP address ranges, subnets, routing tables, and gateways, allowing you to tailor the network architecture to your specific requirements.

3. Enhance Security: By leveraging VPC components such as security groups and network access control lists (NACLs), you can implement robust security measures to protect your resources from unauthorized access and malicious activity.

4. Connectivity Options: VPC facilitates seamless connectivity between your cloud resources, on-premises infrastructure, and other AWS services through VPNs, Direct Connect, or AWS PrivateLink.

Introduction to VPC Components:

Before diving into the creation process, let’s familiarize ourselves with some key components of AWS VPC:

1. Subnets: Subnets are segments of the VPC’s IP address range where you can deploy resources. They provide isolation and help in organizing resources based on their function or accessibility requirements.

2. Security Groups: Security groups act as virtual firewalls for your instances, controlling inbound and outbound traffic based on defined rules. They are stateful, meaning any allowed inbound traffic is automatically permitted for the corresponding outbound traffic and vice versa.

3. Network Access Control Lists (NACLs): NACLs are stateless packet filters that operate at the subnet level. They allow you to define rules for controlling traffic in and out of subnets based on IP addresses, protocols, and ports.

4. Internet Gateway (IGW): An Internet Gateway enables communication between instances within your VPC and the Internet, facilitating outbound traffic to the Internet and allowing inbound traffic initiated from the Internet to reach your instances.

5. Route Tables: Route tables define the rules for routing traffic within the VPC. Each subnet is associated with a route table, which specifies how traffic should be directed, either locally within the VPC or externally via gateways.

Step-by-Step Guide to Creating a Custom VPC on AWS:

Now that we have a grasp of VPC fundamentals, let’s walk through the process of creating a custom VPC on AWS:

Step 1: Sign into the AWS Console

Sign in to the AWS Management Console: Log in to your AWS account and navigate to the VPC dashboard.

Press enter or click to view image in full size

Step 2: Create a VPC

After signing in to the AWS Management Console and navigating to the VPC dashboard, click on “Create VPC.” Upon doing so, you will encounter two options under VPC settings:

Press enter or click to view image in full size

VPC Only (Manual Option):

• This option allows you to manually configure the VPC settings, including specifying the IPv4 and optional IPv6 CIDR blocks for your VPC. You will need to define the CIDR block, tenancy (default or dedicated), and optionally enable DNS hostnames and DNS resolution for your VPC. This manual approach provides greater flexibility in customizing your VPC configuration according to your specific requirements.

VPC and More (Wizard):

• The “VPC and More” option launches a wizard that streamlines the process of creating a VPC and its associated components with just one click. This wizard simplifies the VPC creation process by guiding you through the configuration steps for essential components such as subnets, route tables, and internet gateways. It is an efficient way to quickly set up a basic VPC infrastructure without the need for manual configuration.

In this blog we’ll go with the manual option for creating the VPC, as it provides more granular control over the configuration process, allowing you to observe firsthand how each component is created within your custom VPC.

• Click on the “VPC Only” option to initiate the manual VPC creation process. This selection indicates that you’ll be configuring the VPC settings step by step without the assistance of a wizard.

• Give a Name to Your VPC: Enter “project-aws” as the name for your VPC to easily identify it within your AWS environment.

• IPv4 CIDR Block: Specify the CIDR block as “50.0.0.0/16.” This range encompasses IP addresses from 50.0.0.0 to 50.0.255.255, providing a total of 65,536 IPv4 addresses for your VPC.

• IPv6 CIDR Range: Leave this option unchecked, as we won’t be configuring an IPv6 CIDR range for this VPC.

• Tenancy: Keep the tenancy as default, which allows instances launched within the VPC to use shared (default) tenancy unless you specifically require dedicated tenancy for compliance or regulatory reasons.

• After configuring these settings, proceed by clicking on the “Create VPC” button to initiate the creation of your custom VPC named “DevOps” with the specified IPv4 CIDR block.

Press enter or click to view image in full size

Currently, our custom VPC is devoid of any components. Let’s begin the process of creating each component individually.

Step 3: Configure Subnets

In this step, we will create multiple subnets, comprising both public and private subnets, across two availability zones (us-east-1a and us-east-1b).
Click on Subnets on the left navigation bar and select the custom VPC we created earlier:

Press enter or click to view image in full size

Now under subnet settings, we need to provide the name of the subnet, Availability Zone, and IPv4 subnet CIDR block.
Here is the breakdown of what we will create:

Public Subnets:

• Name: Public-1A
  IPv4 CIDR Block: 50.0.0.0/20
  Availability Zone: us-east-1a

• Name: Public-1B
  IPv4 CIDR Block: 50.0.16.0/20
  Availability Zone:us-east-1b

Private Subnets:

• Name: Private-1A
  IPv4 CIDR Block: 50.0.128.0/20
  Availability Zone: us-east-1a

• Name: Private-1B
  IPv4 CIDR Block: 50.0.144.0/20
  Availability Zone:us-east-1b

Press enter or click to view image in full size

Select only one NAT gateway in 1 AZ, Creates a single NAT gateway in one Availability Zone.

After that click on create VPC then it take 2 to 3 minutes to create vpc with its sub components.

These are list of components that vpc create automatically.

Similarly, we will repeat for the other four subnets. Once complete click on Create Subnet and you should see something similar to the below:

Press enter or click to view image in full size

Step 4: Configure Route Tables

Now that out subnets have been created it is time to head to the “Route Tables” section in the VPC dashboard.

Step 5: Internet Gateway

Now the Internet Gateway, it’s essential to ensure that instances in the public subnet can utilize it by adding a route to the Internet.

Step 6: NAT Gateway

A NAT gateway in AWS lets private subnet resources access the internet or other AWS services while blocking inbound connections from the internet. It ensures secure outbound communication. You can deploy it in one or multiple Availability Zones, balancing cost with high availability and fault tolerance.

Step 7: Final View of VPC

This VPC setup, named project-aws-vpc, spans the 50.0.0.0/16 IPv4 CIDR and is deployed in the us-east-1 region. It includes four subnets: two public and two private, distributed across us-east-1a and us-east-1b Availability Zones. Public subnets connect to the internet via an Internet Gateway (IGW), while private subnets use a NAT Gateway in us-east-1a for outbound internet access. Four route tables manage traffic: one for public subnets and separate ones for each private subnet. DNS resolution and hostnames are enabled, ensuring efficient name lookups. This architecture balances internet accessibility, security, and availability across multiple zones.

Conclusion:

This blog provides a detailed, step-by-step guide to creating a custom Virtual Private Cloud (VPC) in AWS. It begins by explaining what a VPC is—a secure, isolated virtual network within AWS—and why it’s essential for scalability, customization, and security. The article introduces core VPC components, including subnets, security groups, NACLs, internet gateways, route tables, and NAT gateways.

The tutorial uses the manual “VPC Only” option to demonstrate granular control over configuration, from defining the CIDR block to creating public and private subnets across two availability zones. It then covers setting up route tables, an internet gateway for public access, and a NAT gateway for secure outbound traffic from private subnets.

The final architecture features four subnets (two public, two private), high availability through multiple AZs, and clear separation of resources for both security and accessibility, resulting in a robust, production-ready AWS networking foundation.

If you found this blog post helpful and insightful, I invite you to show your appreciation by giving it a clap! Your support fuels my motivation to continue sharing valuable content. Don’t forget to hit that follow button as well, so you can stay connected and receive updates on upcoming posts. Let’s embark on this journey together and explore even more exciting insights into the world of DevOps. Your engagement is greatly appreciated! 👏🔗

Follow for many such contents:

LinkedIn: linkedin.com/in/dushyant-kumar-dk

Blog: dashboard-blog-link