VPC and subnet

Harsh Upparwal
7 min readJan 5, 2021


VPC and subnet


Amazon VPC enables you to connect your on-premises resources to AWS infrastructure through a virtual private network defining a virtual network in your own logically isolated area within the AWS cloud. You can launch your AWS resources, such as instances, into your VPC. This virtual network intently looks like a traditional network that you’d operate in your data center but with more automation and scale.

Each VPC that you create is logically isolated from other virtual networks in the AWS cloud and is fully customizable. You can select the IP address range, create subnets, configure root tables, set up network gateways, define security settings using security groups, and network access control lists. You can use both IPv4 and IPv6 in your VPC for secure and easy access to resources and applications.

The following are the key components for VPCs

  • Virtual private cloud (VPC) — A virtual network dedicated to your AWS account.
  • Subnet — A range of IP addresses in your VPC.
  • Route table — A set of rules, called routes, that are used to determine where network traffic is directed.
  • Internet gateway — A gateway that you attach to your VPC to enable communication between resources in your VPC and the internet.
  • VPC endpoint — Enables you to privately connect your VPC to supported AWS services and VPC endpoint services powered by PrivateLink without requiring an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection. Instances in your VPC do not require public IP addresses to communicate with resources in the service. Traffic between your VPC and the other service does not leave the Amazon network. For more information, see AWS PrivateLink and VPC endpoints.
  • CIDR block — Classless Inter-Domain Routing. An internet protocol address allocation and route aggregation methodology. For more information, see Classless Inter-Domain Routing in Wikipedia.

Configuring a VPC

When you launch an instance and specify a VPC, the first thing will be, identifying the subnet where this instance need to be launched into. If no subnet is selected, AWS will pick the default subnet within the selected VPC.

Once an instance is created within the VPC/Subnet/Availability Zone, a primary private IP address from the IPv4 address range of the subnet is assigned to the instance.

To create a VPC, from AWS console search VPC that it will bring you to the VPC dashboard as shown in the figure.

As you can see there is already a default VPC running. To add a new VPC, click on Launch VPC wizard

Select the option, VPC with a Single Public Subnet, and then click Select.

You will be asked to assign a name and an IP address based on the CIDR block, make sure you give the appropriate IP like

Fill in all the parameters you need.

click on create VPC.

After VPC is created, a successful message is displayed that your VPC is created.

Now whenever you can to launch an instance or anything in your VPC, simply add your VPC ID in the network tab.

Below is an example of adding an instance in your VPC.

Creating a subnet

A subnet in Amazon VPC is a subdivision within an Availability Zone defined by a segment of the IP address range of the VPC. Using subnets, you can group your instances based on your security and operational needs. A subnet resides entirely within the Availability Zone it was created in. You launch Auto Scaling instances within the subnets.

To enable communication between the internet and the instances in your subnets, you must create an internet gateway and attach it to your VPC. An internet gateway enables your resources within the subnets to connect to the internet through the Amazon EC2 network edge.

To create subnet, from VPC Dashboard click on subnet

You will go to the subnet dashboard and you can see a default Subnet already created for the instance you created.

To add a new subnet, click on create subnet.

Enter the VPC ID in which you want to create the subnet.

click on create subnet

You will be directed to next page where you will enter the name of the subnet, VPC, Availability zone, etc.

Specify your subnet’s IP address block in CIDR format; for example, IPv4 block sizes must be between a /16 netmask and /28 netmask, and can be the same size as your VPC. An IPv6 CIDR block must be a /64 CIDR block.

click on create subnet and a subnet will be created in the VPC you want.

Creating VPC security group

In simple terms, a VPC security group is really just a software firewall.

The first thing that you need to know about these rules is that although they exist within the VPC, the rules actually apply to individual virtual network adapters. Think of it as applying firewall settings to individual instances.

Another thing that you need to know about VPC security groups is that you can apply multiple security groups to a single network.

Security groups are applied at an instance’s network interface. By default, AWS will let you apply up to five security groups to a virtual network interface, but it is possible to use even more in extreme situations (the upper limit is 16). Doing so requires you to contact AWS support.

To create security group, from VPC Dashboard click on Create security group.

You will be directed to page where you will have to fill-in basic details like name of the group, description and VPC you want to associate it to.

You can also add some inbound and outbound rules to the security group that you create. This will help in managing traffic across your VPC. For example, for a public web server, choose HTTP or HTTPS and specify a value for Source as

Here we are leaving everything at default.

click on Create security group.

Your security group is now created.

Introduction to AWS CLI

AWS provides two ways of infrastructure configurations:

  • Using the AWS web console: It is a graphical method to connect to various AWS resources, their configuration, modification, etc. It is simple to use and does not require knowledge of scripting
  • AWS Command Line Interface: Usually, the script provides you with the flexibility to manage multiple AWS resources, infrastructures effectively. For example, we can use the script to deploy multiple resources without the need to go through a complete configuration wizard each time

First, you need to download the AWS CLI. Depending on your operating system, it will require a different method.

For windows, there are 3 MSI installer:

· 64-bit version

· 32-bit version

· A CLI Setup file that will automatically detect what you are running and install the appropriate version (64-bit or 32-bit)

1. Select the option required to download the MSI

2. Run the downloaded MSI installer or the CLI setup file, as required

3. Follow the instructions that appear

To confirm the installation, use the aws — version command at a command prompt.

I hope that you find it an illuminating and bracing, read.