VPC stands for Virtual Private cloud, is a Virtual network which is associated with the AWS account in which you can create AWS resources like EC2 instances or Databases. In this article we are going to understand What is VPC and how to create VPC

What is the purpose of a VPC?

It enables to create resources like EC2 instances in secured private network.

How do I create a VPC in AWS?

1. Go to Network and content Delivery section in AWS Console
2. Open VPC console in AWS
3. Click Launch VPC Widard

How many VPC can be created in AWS?

1. 5 VPCc per region by default
2. 200 Subnets per VPC by default

Is VPC chargeable in AWS?

AWS don’t charge for the VPC, but you will have to pay for other services which are getting created inside it, for example EC2, RDS etc.

Take a pause here…and think…. before going to VPC do we know what a private cloud is?

What is private cloud

Private cloud is a network of a company or an organisation where the company says that I don’t trust that I should Store my data in a third party data centre. Then what a company does is, it creates its own data centre, stores its data there and then makes it as a private cloud. Now all the offices of that company or that organisation start to use that private cloud from all over the world but no one from outside the company can access that data centre. More or less this is a private cloud. 

It has its own pros and cons. 

Pros of Private Cloud

Civilization is the progress toward a society of privacy. The savage’s whole existence is public, ruled by the laws of his tribe. Civilization is the process of setting man free from men.

Ayn Rand

The benefit is security. You know you have all the data inside your private cloud and no one except the employees of your organization from all across the globe can access this data.

Cons of Private Cloud

The company will have to purchase the 

  • Servers
  • Routers
  • Gateways
  • NAT gateways
  • Storage etc. 

And that requires millions.

Amazon says why to spend this much, I can also provide all these features. Amazon also says that I can also provide you the same level of security which you will get in private cloud.

Is Amazon saying too much?

But what if it can provide all these promised things with Private level security?

I think it will be great.

Now is the right time to come to our initial question again.

What a VPC is

Now we know what a Private Cloud is, surely we can deep dive in VPC.

VPC is a virtual network on AWS cloud, like a traditional network which is separated from other networks with extra benefits of scalable infrastructure. It groups the resources like EC2 or Databases which will follow certain networking rules.

 

There would be many networks (or VPCs) in AWS but each VPC is logically isolated from the other but not physically. Each VPC is exclusive to its client.

For example you have purchased a flat in a society but you don’t have to bother about what’s going on in the other flat. Though you share the infrastructure with the other residents of the society but your personal space is limited to your own flat, similar for your neighbor also.

You can get the information about VPC here also.

VPC facts

  • In each region there can be 5 VPC by default.
  • Each VPC can have 200 subnets by default.
  • Each region can have 5 elastic IP (You can get the information about the IP addressing here.)
  • There are some resources which gets auto created when we create a VPC, and these are:
    • DHCP
    • NACL
    • Route Tables
    • Security Group.
  • VPC always gets created in a region. I assume you already know what is a region in AWS.
  • We cannot create two VPC with the same CIDR, in a region, in the same AWS account.

Though this range can be extended after raising a ticket to AWS support.

List of components which a VPC can contain

  1. Router and route tables
  2. Internet Gateway
  3. Security Groups
  4. Network ACL or NACL
  5. Virtual private gateway
  6. NAT gateway
  7. Peering Connections
  8. Eastic IP or EIP.

Types of VPC

  1. Default VPC
  2. Custom VPC

Default VPC

Whenever we create an AWS account, by default we get a VPC in each of the regions. This is the default VPC.

Though we can always recreate it, the recommendation is we should not delete the default VPC.

Default VPC always comes with these 6 default components:

  1. Default CIDR groups
  2. Security group
  3. NACL
  4. Subnets {public and private subnets, but not isolated subnets}
  5. Route Table
  6. Internet Gateway

Please note:

  • There is only a single route table in default VPC which is the main route table. The same route table is attached to all the subnets in default VPC.
  • There will be as many subnets in the regions as many AZs are there. Or we can say for each AZ there would be a default subnet and for each region there will be a VPC.
  • All the default subnets are Public which means routes to the Internet.

Custom VPC

The VPC which the account owner creates is the custom VPC. Custom VPC also contains some default components:

  1. Security group
  2. Route Table
  3. Network ACL or NACL

In a Custom VPC, the user himself has to decide the CIDR block and create an Internet Gateway.

Whenever we create a VPC, we will do the below 4 steps in the same sequence as mentioned so that we can create resources like EC2 instances or Databases inside the VPC:

  1. Create a VPC
  2. Create subnets
  3. Create internet gateway
  4. Create route tables

Shortly we are going to create a VPC but before that we need to look into below components of VPC

Components of VPC

Public Subnet

If from a subnet the traffic can be sent to the internet or internet gateway directly, then the subnet is called public subnet.

Though we need other settings also to make an ec2 instance to talk over the internet, but we will discuss this later.

Private Subnet

Simply the traffic from this subnet cannot be sent to internet Gateway directly.

Please note in the above definitions I have used the word directly.

Implied router

A VPC also acts as an implied router or we can say a virtual router or we can also say a logical router. This makes the communication possible between two subnets. The question is why do we call it virtual? Because it’s not an actual router and Hardware router it’s just the property of a VPC.

Internet Gateway

This is also a kind of router which connects the resources of VPC to the internet. Default VPC always has an internet gateway but in custom VPC we have to create it manually.

Now we are ready to create a VPC.

How to Create a VPC

Login to your AWS management Console

Open VPC Dashboard

Click Your VPCs and click on Create VPC button

Default VPC

 

Give a Name tag and IPv4 CIDR block, and let the other values as it is.

Now click on Create Button

VPC CIDR

 

This will create the VPC.

 

You can verify this in the VPC Console by clicking the Close button.

Here is your VPC.

Custom VPC

 

Now we need to check its main Route Table, NACL and Security Group. We will check these one by One.

You can check the main Route Table and NACL on the existing page.

 

To check the Security group you should go to EC2 Management Console, Click on Security Groups from the left side menu. Now we can clearly see here that sg-02e260f628a73cf6b is attached to vpc-0770b5f45a1df9a89.

 

So now the VPC is created with its default components.

FAQs

Q: What is a VPC, and why do I need it?

A: A VPC is a Virtual Private Cloud, a secure virtual network within AWS where you can create resources like EC2 instances and databases. It ensures your data and resources are isolated and protected from external access.

Q: How does a VPC differ from a traditional network?

A: Think of a VPC like your own private neighborhood within AWS. It’s logically isolated from other VPCs, just like how your home is separate from your neighbor’s, ensuring privacy and security.

Q: Can I create multiple VPCs, and is there a limit?

A: Yes, you can create multiple VPCs, but there’s a default limit of 5 VPCs per region. However, you can always request an extension if needed.

Q: How do I set up a VPC in AWS?

A: Creating a VPC is simple. Just go to the AWS console, navigate to the “Network and Content Delivery” section, open the VPC console, and click “Launch VPC Wizard.” Follow the prompts to set it up.

Q: What is the difference between default and custom VPCs?

A: Default VPCs are automatically created for you with some pre-configured settings, while custom VPCs give you more control over the CIDR block and other components.

Q: How do I secure my resources in a VPC?

A: You can control access through Security Groups, Network ACLs, and Subnets. Think of these as security checkpoints and barriers to protect your data.

Q: Is VPC chargeable in AWS?

A: Good news! VPC itself is free, but you will be charged for other services like EC2 or RDS that you create inside it.

Q: Can I have public and private subnets within the same VPC?

A: Absolutely! Public subnets allow direct internet access, while private subnets restrict access to the internet, providing an added layer of security.

Q: What is an Internet Gateway, and why do I need it?

A: An Internet Gateway acts as the door to the internet for your VPC. It enables communication between your resources and the outside world, like a gateway to the internet highway.

Q: Can I extend the CIDR block of my VPC after creating it?

A: Yes, you can request an extension for the CIDR block by contacting AWS support. It’s like expanding your neighborhood to accommodate more houses.

You can check the VPC pricing here.

To get complete understanding of VPC Peering please go through below links:

  1. What is VPC Peering
  2. VPC Peering Procedure