Creating a Custom Virtual Private Cloud (VPC) is often the first step in setting up a secure, production-ready environment on AWS. While the "Default VPC" is great for learning, it lacks the security isolation required for real-world applications.
In this guide, we will build a standard 3-Tier Network Architecture (Public & Private subnets across multiple Availability Zones) using the modern AWS console wizard.
Why Create a Custom VPC?
The default VPC has public subnets only. This means every resource you launch gets a public IP address and is potentially reachable from the internet. A custom VPC allows you to:
- Isolate Resources: Put databases in private subnets with NO internet access.
- Network Control: Define your own IP ranges (CIDR blocks) to avoid conflicts with on-premises networks.
- Traffic Filtering: Implement strict NACLs and Route Tables.
Prerequisites: Understanding CIDR Blocks
Before clicking "Create," you need to pick an IP address range.
- Standard Choice: 10.0.0.0/16. This gives you 65,536 IP addresses (10.0.0.0 to 10.0.255.255).
- Avoid: 172.31.0.0/16 (This is usually the Default VPC range).
- Subnets: You carve smaller chunks from this big block. For example, 10.0.1.0/24 (256 IPs) for a public subnet.
VPC vs. Traditional Private Cloud
The following table shows a comparison between VPC and Traditional Private Cloud:
Feature | AWS VPC | Traditional Private Cloud |
|---|---|---|
Scalability | Easily scalable | Limited to on-premises capacity |
Security | IAM, Security Groups, Network ACLs | Requires firewalls and VPNs |
Cost | Pay-as-you-go | High upfront infrastructure cost |
Connectivity | AWS services, VPN, Direct Connect | Limited external access |
Best Practices for Creating a VPC
The following are some best practices for creating a VPC:
1. Implement Encryption
We can use encryption for sensitive data. This includes encrypting using SSL/TLS for communication and possibly implementing encryption mechanisms within our application.
2. Use Multiple Availability Zones
We can use multiple subnets across the availability zone. This will help us in the protection of our application from downtime and failures.
3. Regularly Backup
Performing regular backups for sensitive data that is stored in our VPC. This will ensure the data can be restored in case of deletion, corruption, or other issues.
4. Limit Public Access
Keep databases and internal applications in private subnets with no direct internet exposure.
5. Use Security Groups & Network ACLs
Restrict inbound and outbound traffic to only what’s necessary.
How To Create Custom VPC in AWS: Easy Steps
Follow these steps to set up a custom VPC for your AWS environment:
Step 1: Log into Your AWS Account
Login into to AWS account dashboard. To know how to create an AWS account free tier refer to Amazon Web Services (AWS) – Free Tier Account Set up.
Step 2: Access the VPC Dashboard
From the AWS Management Console, type VPC into the search bar and select VPC under the Networking & Content Delivery section.
Step 3: Create a New VPC
In the VPC dashboard, on the left-hand panel, click on Your VPCs and then click the Create VPC button.
Step 4: Select the following options for your custom VPC :
- For Resources to create, choose VPC and more
- For Name tag auto-generation, enter any name you like for example: "Nitin-vpc"
- IPv4 CIDR Block: Enter an IP range for your VPC. A common CIDR block for a VPC is 10.0.0.0/16, which provides 65,536 IP addresses.
- For Availability Zones (AZs), choose 2.
- For the Number of public subnets, choose 2.
- For the Number of private subnets, choose 2.
Step 5: VPC Diagram Preview
AWS will show a diagram preview of your VPC configuration. Review it to ensure that your subnets, CIDR blocks, and settings align with your requirements.
.png)
Step 6: Create VPC
- After configuring all the options, click Create VPC. AWS will begin creating your custom VPC, which might take a minute or two.
Step 7: Review Your VPC
- Once the creation process is complete, click on View VPC to review your settings and make any necessary changes.
Best Practices After Creation
1. Enable Flow Logs:
- Go to your VPC -> Flow Logs tab -> Create flow log.
- Send logs to CloudWatch. This is critical for troubleshooting connection issues later.
2. Tagging: Ensure all resources (Subnets, Route Tables) are tagged correctly so you know which is Public and which is Private.
3. Network ACLs: Leave the default Network ACL (Allow All) unless you have a specific security requirement. Use Security Groups on your instances for firewalling instead.