Let's deploy an Internet-connected network in Amazon Web Services! Part 1: VPC
A new tutorial series
Specifically, let’s build this:
In a nutshell, we’re going to create a subnet where you can deploy EC2 instances with full Internet access.
The long of it is, we’re going to create:
- A VPC in any Region you choose.
- A subnet.
- An Internet Gateway so that things in the subnet can connect to the Internet.
- All the network routing rules to join them all together.
Sounds complex? Nah, we’ve already covered all of these. Remember Le Hotel?
Back to Le Hotel
Remember this diagram when we talked about public and private IP addresses?
The diagram basically shows:
- The ground floor of Le Hotel, with a mail room and offices.
- When mail is addressed to any office within the hotel, the mail carrier drops it off at the mail room for the hotel’s staff to complete the delivery.
- When an office worker needs to send mail to an address outside of the hotel, they drop it off at the mail room to let someone else take it the rest of the way.
This example maps pretty well onto the infrastructure we’re going to deploy into Amazon Web Services.
- The hotel is a VPC. It describes the space where all of our resources exist, separate from the rest of the Internet. Check out What’s a VPC? if you need a refresher.
- The ground floor of the hotel is a subnet. It describes a subdivision of our VPC where addressable resources can live. I’ve covered subnets in What’s a subnet?
- The mail room is the Internet Gateway. It receives messages from the Internet and routes them into the subnet, and vice versa.
In part 1 of this new series, we’ll be focussing on creating the VPC.
Signing up for Amazon Web Services
I’ve written a short guide to signing up for AWS for folks who haven’t already.
And today’s the day to do it! At the time of writing, everything that we’ll be creating in this article is entirely free in AWS. There are no charges for creating VPCs, subnets or Internet Gateways.
But still, I encourage you to keep an eye on your bills.
Get in touch with AWS Support immediately if you see a charge you don’t understand. I’ve heard they’re often forgiving of mistakes.
Start by choosing a Region
Alright, let’s get going!
Log into your AWS account, and look for the Region menu at the top-right. When you click it, you’ll see something like this:
You can just leave it on whichever Region is already selected, or you can choose one closer to you if you want. Like I said in What are Amazon Web Services Regions? it’s mostly irrelevant to you at this point, but you’ll suffer slightly less latency if you use the Region that’s closest to you.
Opening the Virtual Private Cloud Dashboard
When you log into your account, you’ll be presented with a lot of options.
You’ll see things like EC2, S3, RDS, and so on. These are AWS services, and each service provides a specific bit of functionality.
To create a VPC, we need to use the VPC service. To get there:
- Click on Services at the top of the page.
vpcinto the search box.
- Click the
You should land on the VPC Dashboard.
This is a whole load of information you don’t need right now. Click on Your VPCs on the left to just see a plain list of all the VPCs you have in this Region.
Creating a Virtual Private Cloud
You’ll probably have a VPC already, because AWS creates some for you in new accounts. Forget about it! We’re going to make our own, and it’s going to be super-cool.
Click on the big blue Create VPC button at the top of the page, and you’ll see a form like this:
- Name tag can be any name you want. I’ll go for
getcodelove-vpc, but it’s totally up to you.
IPv4 CIDR block describes the range of private IPv4 addresses that will be available within the VPC. I’ll go for
10.0.0.0/16. I’ve dropped a quick recap further down the page if you need a refresher on why
10.0.0.0/16will give you the range
IPv6 CIDR block can be left on the default “No IPv6 CIDR Block” for this demonstration. Chances are, at the time of writing this in May 2019, you don’t have IPv6 connectivity. If you do, then… well, good for jammy you. Leave it on “No IPv6 CIDR Block” anyway.
- Tenancy should also be left on “Default”. This tells AWS that you’re happy to use shared hardware in their data centre, rather than requiring your own dedicated – and expensive – hardware.
Quick recap: What does
I’ve got an introductory article for CIDR blocks if you want to go and catch up, but here’s the one-minute version:
- IPv4 addresses are 32-bit numbers.
- CIDR notation describes the first address in a range (e.g.
10.0.0.0) and the quantity of addresses within the range via a weird notation (e.g.
- To convert the “slash” number to the actual quantity, write the start address as a 32-bit number then lock the “slash” digits on the left. The remaining digits on the right can be changed to any you want. The more digits you can change, the larger your address range is.
You should definitely check out my introduction tp IPv4 addresses and CIDR blocks if you want a more gentle introduction.
Finishing up the VPC creation
Here’s the VPC I’m going to create.
Click Create to make it so, and you’ll see this confirmation message:
vpc-0c99a53d76dbd21b0 is the VPC’s globally-unique ID. You can enter any name you like, but the ID is randomly generated and can’t be changed.
Click Close and – alright! – now we can see our new Virtual Private Cloud in the list.
If you don’t see the “Name” column then click the cog on the right to launch the column chooser, then pick “Name” in there.
So, there’s your first VPC!
What can you do with it? Well… not much. But you can click through to part two to create a subnet!