Comprehensive Guide to Amazon VPC: Building Your Private Cloud in AWS

Tanseer KhanTanseer Khan
4 min read

When building applications in the cloud, networking plays a vital role. Amazon Virtual Private Cloud (VPC) allows you to create a logically isolated network within the AWS ecosystem, giving you full control over your cloud resources, IP ranges, routing, and security.

Let’s break down the core concepts of a VPC and the steps to create one from scratch.

What is a VPC?

A Virtual Private Cloud (VPC) is a logically isolated virtual network within the AWS cloud. It allows you to launch AWS resources in a custom-defined IP range. Think of it as your own private data center, but fully managed by AWS and infinitely scalable.

Unlike Availability Zones (AZs) which are physically isolated data centers, a VPC is tied to a region, and within that region, you can create resources across multiple AZs for high availability and fault tolerance.

Key Components of a VPC

Let’s explore the building blocks of a VPC:

1. Subnets

  • Subnets divide your VPC IP range into smaller chunks.

  • Each subnet resides in one AZ only.

  • You typically create public subnets (internet-facing resources like web servers) and private subnets (backend services like databases).

  • Example:

    • VPC CIDR: 10.0.0.0/16

    • Public Subnet: 10.0.1.0/24 (in us-east-1a)

    • Private Subnet: 10.0.2.0/24 (in us-east-1b)

2. Reserved IPs in Subnets

Each subnet reserves 5 IP addresses:

  • 10.0.1.0: Network address

  • 10.0.1.1: VPC router

  • 10.0.1.2: AWS DNS server

  • 10.0.1.3: Reserved for future use

  • 10.0.1.255: Broadcast address (though AWS doesn't support broadcasting)

So, in a /24 subnet, you get 251 usable IPs.

3. Internet Gateway (IGW)

  • Enables internet access for instances in public subnets.

  • Must be attached to the VPC.

  • Needs to be explicitly allowed in the route table.

4. VPC Endpoints

  • Allow private connections to AWS services like S3 or DynamoDB.

  • Traffic stays within AWS, improving security and latency.

5. VPC Peering

  • Enables network communication between two VPCs.

  • Useful for cross-account or multi-region setups.

  • Peered VPCs must update route tables to communicate.

How to Create a VPC (Step-by-Step)

Let’s walk through the essential steps to create a functioning VPC:

Step 1: Create the VPC

  • Go to VPC Dashboard → Create VPC

  • Select VPC Only

  • Enter IPv4 CIDR Block: e.g., 10.0.0.0/16

  • IPv6: Disabled (optional)

  • Tenancy: Default (shared hardware; use “dedicated” for compliance needs)

  • Add a name tag and create.

Step 2: Create Public & Private Subnets

  • Navigate to Subnets → Create Subnet

  • Select your VPC

  • Provide subnet name and AZ (e.g., us-east-1a, us-east-1b)

  • Public Subnet CIDR: 10.0.1.0/24

  • Private Subnet CIDR: 10.0.2.0/24

  • Add tags and create

Step 3: Attach an Internet Gateway

  • Go to Internet Gateways → Create IGW

  • Name it (e.g., my-igw)

  • Select Actions → Attach to VPC

  • Choose your VPC

Step 4: Allocate an Elastic IP (for NAT Gateway)

  • Go to Elastic IPs → Allocate Elastic IP address

  • Add a tag (optional)

Step 5: Create NAT Gateway (for internet access in private subnet)

  • Go to NAT Gateways → Create NAT Gateway

  • Name it

  • Select Public Subnet (e.g., 10.0.1.0/24)

  • Choose Elastic IP

  • Connectivity Type: Public

  • Add tags and create

Step 6: Route Tables Configuration

  • Create two route tables:

    • One for public subnet (routes to IGW)

    • One for private subnet (routes to NAT Gateway)

  • Associate route tables with the appropriate subnets.

Example:

  • Public Route Table:

    • 0.0.0.0/0 → IGW

  • Private Route Table:

    • 0.0.0.0/0 → NAT Gateway

Bonus: Secure Your VPC

You can further isolate and protect your VPC using:

  • Security Groups (instance-level firewall)

  • Network ACLs (subnet-level firewall)

  • Flow Logs to monitor traffic in/out of your VPC

Final Thoughts

Amazon VPC is at the heart of almost every AWS deployment. By understanding its components—subnets, IGWs, endpoints, peering, and route tables—you gain fine-grained control over your cloud network. Whether you're building a secure microservices backend or deploying a scalable web app, mastering VPCs is non-negotiable for AWS success.

0
Subscribe to my newsletter

Read articles from Tanseer Khan directly inside your inbox. Subscribe to the newsletter, and don't miss out.

AWSserverlessvpc

Written by

Tanseer Khan
Tanseer Khan