Virtual Private Cloud setup in AWS

James Fulford

5 min readOct 6, 2019

By the end of this article, you will learn:

How to create a Virtual Private Cloud (VPC)
How to create subnets in your VPC
How to associate Route Tables and an Internet Gateway to allow access from the subnet to the public internet
Where to specify the Virtual Private Cloud to deploy into when creating EC2 instances

Create a Virtual Private Cloud

Virtual Private Clouds, or VPCs for short, are “Regional” resources in AWS, so make sure you are in the right region.

us-east-1 is Northern Virginia, which is not a state. (you’re thinking of West Virginia. OK, maybe you aren’t)

If you don’t see all your VPCs listed out, click on “Your VPCs” in the sidebar.

My VPC Dashboard. Not sure how that first VPC got there.

Hit the “Create VPC” button. Fill in the name tag, IPv4/6 CIDR blocks, and Tenancy. Then, submit and await your success message.

192.168.0.0/16 is all private IPs, so you can use that too. Don’t use my name in your name tag, though. That would be weird.

Await your success message, then close. You will now see your VPC show up in “Your VPCs”.

Create a Subnet

After creating a VPC, you can divide your Virtual Private Cloud network into smaller subnetworks. Usually, this division helps with security.

Navigate to “Subnets” on the side panel, or just visit this link (for us-east-1): https://console.aws.amazon.com/vpc/home?region=us-east-1#subnets:sort=SubnetId

You should see your subnets listed in a table. Hit the “Create subnet” button. You should now see a form.

Creating a subnet with 192.168.0.0/24 (which is 256 IP addresses starting with 192.168.0)

Your VPC’s ID will vary. Clicking on the field will show a dropdown with your VPCs listed with ID and name.

No need to memorize VPC IDs, just remember your VPC’s name. And don’t forget your name, because that’s embarrassing. Especially if you’re awake.

Hit “Create”. Await your success message, then hit Close. Your VPC’s subnet will now be listed.

There he is! 251 IPs are available — 5 are used as overhead.

This VPC subnet has not been configured to access the public internet. For that, you need to hook up an internet gateway. For illustrative purposes, I’ve created a second subnet (e91–jamesfulford01: 192.168.1.0/24) which I will keep private.

Now, there’s 2 of them! I’ll make “00” public and keep “01” private.

Enable auto-assign IP

Select your soon-to-be-public subnet, then click “Actions”. Select “Modify auto-assign IP settings”.

The orange option in this image is auto-assign IP settings.

Smash that checkbox.

Click “Save”. You will be returned to the subnet list page.

Create an Internet Gateway

You need one of these in order to grant the Internet access to your subnet. The IPs will be automatically assigned.

Navigate to Internet Gateways, or visit (for us-east-1) https://console.aws.amazon.com/vpc/home?region=us-east-1#igws:sort=internetGatewayId.

At least their “Create” button styling is consistent.

Hit the “Create Internet gateway” button. Fill in the form.

An easy form, for once. Just name it what you want.

Hit “Create”. Await the success message, then hit Close. You will be directed back to the Internet Gateways index page, where you will see your new Internet gateway.

Hey, AWS says my Internet Gateway is in a “detached” state! Sounds like it hurts. Let’s fix that.

Next, attach your Internet Gateway to your Virtual Private Cloud. Select your IGW and hit “Actions”. Select “Attach to VPC”.

“Attach to VPC” option is orange in this image.

Select your VPC. Clicking on the field will show you your VPCs’ IDs and name tags.

Convenient, I don’t have to memorize my VPC’s ID!

Hit “Attach”. You’ll be redirected back to the IGW index page, and your IGW will have an “attached” state.

Ah, that’s better.

At this point, your subnet is still not connected to the internet.

Add and Configure a Routing Table

Navigate to Route Tables, or visit (for us-east-1): https://console.aws.amazon.com/vpc/home?region=us-east-1#RouteTables:sort=routeTableId.

Above Internet Gateways, but below Subnets in the left pane.

Hit “Create route table”. Fill in the form.

Hit “Create”, then await success message and hit “Close”. You will be returned to the Route Table index page.

Now, let’s configure our Route Table. Select the Route table of interest, then switch to the Routes tab.

Hit the “Edit Routes” button. You will see a list of routes.

Looks like it gets seeded with a default routing rule, 192.168.0.0/16

Hit “Add route” and fill in the row.

Filled in the destination with 0.0.0.0/0. Select your Internet Gateway from the dropdown. You got this.

Hit “Save routes”. This new route will not make an impact until the table is associated with a subnet. To associate the routing table with a subnet, select the table and under “Actions”, select “Edit subnet associations”.

Select the subnet associations. There’s also a way to access the next menu with the tabs at the bottom of the screen and hitting the edit button. As mathematicians lovingly say, I will “leave this as an exercise to the reader.”

In the next menu, select the subnet(s) you wish to associate with the previously selected route table. In my example, I wish to associate this with the 192.168.0.0/24 subnet.

Associating subnet(s) with a routing table. Just select the subnets you want to be associated with the selected routing table from the list shown.

Hit “Save”. You will be redirected back to the Route Tables index page.

Hey look, my route table now has an “Explicit subnet association”. “Explicit” meaning I manually specified it. Nothing to do with foul language.

Conclusion

You now have a Virtual Private Cloud set up with 2 small subnets (1 private, 1 with public Internet access).

You can leverage your new VPC and subnets when creating EC2 instances by specifying the Network and Subnet selectors during the “Configure Instance” step.

Interested in using EC2 and VS Code as a development environment, instead of your laptop? Check out my walkthrough on using the remote SSH development VS Code extension here: https://medium.com/@james.patrick.fulford/aws-vscode-ssh-devenv-73fd540294d1