2.1.1. VPC Introduction

The Amazon Virtual Private Cloud (Amazon VPC) is a custom-defined virtual network within the AWS Cloud. You can provision your own logically isolated section of AWS, similar to designing and implementing a separate independent network that would operate in an onpremises data center.

Within a region, you can create multiple Amazon VPCs, and each Amazon VPC is logically isolated even if it shares its IP address space. When you create an Amazon VPC, you must specify the IPv4 address range by choosing a Classless Inter-Domain Routing (CIDR) block, such as 10.0.0.0/16. The address range of the Amazon VPC cannot be changed after the Amazon VPC is created. An Amazon VPC address range may be as large as /16 (65,536 available addresses) or as small as /28 (16 available addresses) and should not overlap any other network with which they are to be connected.

The Amazon VPC service was released after the Amazon EC2 service and because of this, there are two different networking platforms available within AWS: EC2-Classic and EC2-VPC. Amazon EC2 originally launched with a single, flat network shared with other AWS customers called EC2-Classic. As such, AWS accounts created prior to the arrival of the Amazon VPC service can launch instances into the EC2-Classic network and EC2-VPC. AWS accounts created after December 2013 only support launching instances using EC2-VPC. AWS accounts that support EC2-VPC will have a default VPC created in each region with a default subnet created in each Availability Zone. The assigned CIDR block of the VPC will be 172.31.0.0/16.

An Amazon VPC consists of the following components:

  • Subnets
  • Route tables
  • Dynamic Host Configuration Protocol (DHCP) option sets
  • Security groups
  • Network Access Control Lists (ACLs)

Optional components:

  • Internet Gateways (IGWs)
  • Elastic IP (EIP) addresses
  • Elastic Network Interfaces (ENIs)
  • Endpoints
  • Peering
  • Network Address Translation (NATs) instances and NAT gatewaysVirtual Private Gateway (VPG), Customer Gateways (CGWs), and Virtual Private Networks (VPNs)

Create a VPC using the console


  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/
  2. In the navigation pane, choose Your VPCs, Create VPC.
  3. Specify the following VPC details as necessary and choose Create.
    • Name tag: Optionally provide a name for your VPC. Doing so creates a tag with a key of Name and the value that you specify.
    • IPv4 CIDR block: Specify an IPv4 CIDR block for the VPC. We recommend that you specify a CIDR block from the private (non-publicly routable) IP address ranges as specified in RFC 1918; for example, 10.0.0.0/16, or 192.168.0.0/16.
    • IPv6 CIDR block: Optionally associate an IPv6 CIDR block with your VPC by choosing one of the following options:
      • Amazon-provided IPv6 CIDR block: Requests an IPv6 CIDR block from Amazon’s pool of IPv6 addresses.
      • IPv6 CIDR owned by me: (BYOIP) Allocates an IPv6 CIDR block from your IPv6 address pool. For Pool, choose the IPv6 address pool from which to allocate the IPv6 CIDR block.
    • Tenancy: Select a tenancy option. Dedicated tenancy ensures that your instances run on single-tenant hardware.