What is Amazon VPC?

Amazon Virtual Private Cloud (Amazon VPC) enables you to launch AWS resources into a virtual network that you’ve defined. This virtual network closely resembles a traditional network that you’d operate in your own data center, with the benefits of using the scalable infrastructure of AWS. Hence the users can customize their virtual networking environment as they like, such as selecting own IP address range, creating subnets, and configuring route tables and network gateways.

Amazon VPC

Amazon VPC concepts

The following are the key concepts for VPCs:

  • Virtual private cloud (VPC) — A virtual network dedicated to your AWS account.
  • Subnet — A range of IP addresses in your VPC.
  • Route table — A set of rules, called routes, that are used to determine where network traffic is directed.
  • Internet gateway — A gateway that you attach to your VPC to enable communication between resources in your VPC and the internet.
  • VPC endpoint — Enables you to privately connect your VPC to supported AWS services and VPC endpoint services powered by PrivateLink without requiring an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection. Instances in your VPC do not require public IP addresses to communicate with resources in the service. Traffic between your VPC and the other service does not leave the Amazon network.

Accessing Amazon VPC

You can create, access, and manage your VPCs using any of the following interfaces:

  • AWS Management Console — Provides a web interface that you can use to access your VPCs.
  • AWS Command Line Interface (AWS CLI) — Provides commands for a broad set of AWS services, including Amazon VPC, and is supported on Windows, Mac, and Linux.
  • AWS SDKs — Provides language-specific APIs and takes care of many of the connection details, such as calculating signatures, handling request retries, and error handling.
  • Query API — Provides low-level API actions that you call using HTTPS requests. Using the Query API is the most direct way to access Amazon VPC, but it requires that your application handle low-level details such as generating the hash to sign the request, and error handling.

Amazon VPC quotas

There are quotas on the number of Amazon VPC components that you can provision. You can request an increase for some of these quotas.

The following tables list the quotas, formerly referred to as limits, for Amazon VPC resources per Region for your AWS account. For some of these quotas, you can view your current quota using the Limits page of the Amazon EC2 console.

VPC and Subnets

ResourceDefaultComments
VPCs per Region5The quota for internet gateways per Region is directly correlated to this one. Increasing this quota increases the quota on internet gateways per Region by the same amount.
You can have 100s of VPCs per Region for your needs even though the default quota is 5 VPCs per Region.
Subnets per VPC200
IPv4 CIDR blocks per VPC5This primary CIDR block and all secondary CIDR blocks count toward this quota. This quota can be increased up to a maximum of 50.
IPv6 CIDR blocks per VPC1
This quota cannot be increased.

Create the VPC

In this step, you’ll use the Amazon VPC wizard in the Amazon VPC console to create a VPC. The wizard performs the following steps for you:

  • Creates a VPC with a /16 IPv4 CIDR block (a network with 65,536 private IP addresses).
  • Attaches an internet gateway to the VPC.
  • Creates a size /24 IPv4 subnet (a range of 256 private IP addresses) in the VPC.
  • Creates a custom route table, and associates it with your subnet, so that traffic can flow between the subnet and the internet gateway.

To create a VPC using the Amazon VPC Wizard

  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
  2. In the navigation bar, on the top-right, take note of the AWS region in which you’ll be creating the VPC. Ensure that you continue working in the same Region for the rest of this exercise, as you cannot launch an instance into your VPC from a different Region.
  3. In the navigation pane, choose VPC dashboard. From the dashboard, choose Launch VPC Wizard.

NOTE: Do not choose Your VPCs in the navigation pane; you cannot access the VPC wizard using the Create VPC button on that page.

  1. Choose VPC with a Single Public Subnet, and then choose Select.
  2. On the configuration page, enter a name for your VPC in the VPC name field; for example, my-vpc, and enter a name for your subnet in the Subnet name field. This helps you to identify the VPC and subnet in the Amazon VPC console after you’ve created them. For this exercise, leave the rest of the configuration settings on the page, and choose Create VPC.
  3. A status window shows the work in progress. When the work completes, choose OK to close the status window.
  4. The Your VPCs page displays your default VPC and the VPC that you just created. The VPC that you created is a nondefault VPC, therefore the Default VPC column displays No.

View information about your Created VPC

To view information about your VPC

  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
  2. In the navigation pane, choose Your VPCs. Take note of the name and the ID of the VPC that you created (look in the Name and VPC ID columns). You will use this information to identify the components that are associated with your VPC.
  3. In the navigation pane, choose Subnets. The console displays the subnet that was created when you created your VPC. You can identify the subnet by its name in Name column, or you can use the VPC information that you obtained in the previous step and look in the VPC column.
  4. In the navigation pane, choose Internet Gateways. You can find the internet gateway that’s attached to your VPC by looking at the VPC column, which displays the ID and the name (if applicable) of the VPC.
  5. In the navigation pane, choose Route Tables. There are two route tables associated with the VPC. Select the custom route table (the Main column displays No), and then choose the Routes tab to display the route information in the details pane:
    • The first row in the table is the local route, which enables instances within the VPC to communicate. This route is present in every route table by default, and you can’t remove it.
    • The second row shows the route that the Amazon VPC wizard added to enable traffic destined for the internet (0.0.0.0/0) to flow from the subnet to the internet gateway.
  6. Select the main route table. The main route table has a local route, but no other routes.

Creating a subnet in your VPC

To add a new subnet to your VPC, you must specify an IPv4 CIDR block for the subnet from the range of your VPC. You can specify the Availability Zone in which you want the subnet to reside. You can have multiple subnets in the same Availability Zone.

You can optionally specify an IPv6 CIDR block for your subnet if an IPv6 CIDR block is associated with your VPC.

To add a subnet to your VPC using the console

  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
  2. In the navigation pane, choose SubnetsCreate subnet.
  3. Specify the subnet details as necessary and choose Create.
    • Name tag: Optionally provide a name for your subnet. Doing so creates a tag with a key of Name and the value that you specify.
    • VPC: Choose the VPC for which you’re creating the subnet.
    • Availability Zone: Optionally choose a Zone in which your subnet will reside, or leave the default No Preference to let AWS choose an Availability Zone for you.For information about the Regions and Zones, see Regions and zones in the Amazon EC2 User Guide for Linux Instances.
    • IPv4 CIDR block: Specify an IPv4 CIDR block for your subnet, for example, 10.0.1.0/24. For more information, see VPC and subnet sizing for IPv4.
    • IPv6 CIDR block: (Optional) If you’ve associated an IPv6 CIDR block with your VPC, choose Specify a custom IPv6 CIDR. Specify the hexadecimal pair value for the subnet, or leave the default value.
  4. (Optional) If required, repeat the steps above to create more subnets in your VPC.

Associating a secondary IPv4 CIDR block with your VPC

To add a CIDR block to your VPC using the console

  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
  2. In the navigation pane, choose Your VPCs.
  3. Select the VPC, and choose ActionsEdit CIDRs.
  4. Choose Add IPv4 CIDR, and enter the CIDR block to add; for example, 10.2.0.0/16. Choose the tick icon.
  5. Choose Close.

Associating an IPv6 CIDR block with your VPC

To associate an IPv6 CIDR block with a VPC using the console

  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
  2. In the navigation pane, choose Your VPCs.
  3. Select your VPC, choose ActionsEdit CIDRs.
  4. Choose Add IPv6 CIDR.
  5. Choose Add IPv6 CIDR.
  6. For IPv6 CIDR block, choose one of the following, and then choose Select CIDR:
    • Amazon-provided IPv6 CIDR block: Requests an IPv6 CIDR block from Amazon’s pool of IPv6 addresses.
    • IPv6 CIDR owned by me: (BYOIP) Allocates an IPv6 CIDR block from your IPv6 address pool. For Pool, choose the IPv6 address pool from which to allocate the IPv6 CIDR block.
  7. If you selected Amazon-provided IPv6 CIDR block, from Network Border Group, select the group from where AWS advertises the IP addresses.
  8. Choose Select CIDR.
  9. Choose Close.

Associating an IPv6 CIDR block with your subnet

To associate an IPv6 CIDR block with a subnet using the console

  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
  2. In the navigation pane, choose Subnets.
  3. Select your subnet, choose Subnet ActionsEdit IPv6 CIDRs.
  4. Choose Add IPv6 CIDR. Specify the hexadecimal pair for the subnet (for example, 00) and confirm the entry by choosing the tick icon.
  5. Choose Close.

 

Published by Abdul Samad

Having 17+ years of extensive experience in IT industry, enabled to enhance the team performance and maximize customer satisfaction by strategically managing calls and implementing process improvements. Demonstrated ability to solve problems, meets challenging goals, and expedites delivery. Skilled MSSQL administrator guide team during the crisis situation. Apply Creative thoughts process in re-designing the workflow system to eliminate duplication of effort and increase productivity.

Leave a Reply