Home » Security » How to create AMAZON-AWS VPC from scratch step by step

How to create AMAZON-AWS VPC from scratch step by step

Amazon AWS vPC stands for Virtual Private Cloud – if you have been managing traditional data centers then think of this is a logical data center that you won’t have to build however it will contain all the pieces that makes up the data center

AWS has picked up speed in the last three years where they have come out with so many services to replace the on-prem solutions

when you open  up an AWS account – there is a  VPC by default and it can not be deleted  – if the default VPC is deleted then it can only be recovered by AWS support and you can use that VPC , however  you can create up to 5 VPC ‘s as of now and  it may change in the future

When the VPC is created – there is no internet access by default and that is where you will need to create an Internet Gateway and attach to your VPC – this can be done by going to the “Internet Gateway”  and choose the gateway and click on  attach and choose the VPC.

As of today there are 11 AWS regions and you can choose the region that is closest to you to reduce latency

Here are the components that make up the AWS Virtual Private Cloud:

  1. Subnets
  2. Access Lists
  3. Security Groups
  4. Internet Gateway
  5. Customer Gateway 
  6. Virtual Private Gateway 
  7. VPN Connections



there are two options to create a VPC – manually and with the wizard – I am going to go thru manually as I explain each item

When a VPC is created , you have to specify a range, let’s say which gives you 65534 hosts and is a single subnet



Best Practice is to divide the subnets like between public and Private and again it all depends on your design and that is where VPC wizard will help you go thru the process


Access Lists :

Access is a layered security that will be tied to a subnet and will protect the whole subnet – ACL can be tied to many subnets but subnet can be tied to a single ACL – I hope that makes sense – One thing to note that Access lists are stateless which means you have to configure the outbound and inbound at the same time

A default ACL is created when you a new VPC is created and by default all traffic is allowed in the ACL


Security Groups:

Think of security groups as individual protection for a single or multiple virtual machines  and they get applied to VM’s –

Security groups are stateful meaning if the traffic is allowed inbound then outbound is dynamically allowed

A default security group is also created when a VPC is created and all outbound is allowed, however inbound is not allowed and you can see in the inbound rules – it only allows traffic from itself



Leave a Reply

Your email address will not be published. Required fields are marked *