Bird
Raised Fist0
AWScloud~5 mins

Creating a custom VPC in AWS - Step-by-Step CLI Walkthrough

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Introduction
Sometimes the default network settings in the cloud do not fit your needs. Creating a custom Virtual Private Cloud (VPC) lets you control your own private network space, like setting up your own neighborhood with streets and houses.
When you want to isolate your cloud resources in a private network for security.
When you need to define your own IP address range for your cloud resources.
When you want to create sub-networks for different parts of your application.
When you want to control internet access and routing for your cloud resources.
When you want to connect your cloud network to your office network securely.
Config File - vpc.yaml
vpc.yaml
AWSTemplateFormatVersion: '2010-09-09'
Description: Custom VPC with public and private subnets
Resources:
  MyVPC:
    Type: AWS::EC2::VPC
    Properties:
      CidrBlock: 10.0.0.0/16
      EnableDnsSupport: true
      EnableDnsHostnames: true
      Tags:
        - Key: Name
          Value: my-custom-vpc
  PublicSubnet:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref MyVPC
      CidrBlock: 10.0.1.0/24
      MapPublicIpOnLaunch: true
      AvailabilityZone: us-east-1a
      Tags:
        - Key: Name
          Value: my-public-subnet
  PrivateSubnet:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref MyVPC
      CidrBlock: 10.0.2.0/24
      MapPublicIpOnLaunch: false
      AvailabilityZone: us-east-1a
      Tags:
        - Key: Name
          Value: my-private-subnet
  InternetGateway:
    Type: AWS::EC2::InternetGateway
    Properties:
      Tags:
        - Key: Name
          Value: my-internet-gateway
  AttachGateway:
    Type: AWS::EC2::VPCGatewayAttachment
    Properties:
      VpcId: !Ref MyVPC
      InternetGatewayId: !Ref InternetGateway
  PublicRouteTable:
    Type: AWS::EC2::RouteTable
    Properties:
      VpcId: !Ref MyVPC
      Tags:
        - Key: Name
          Value: my-public-route-table
  PublicRoute:
    Type: AWS::EC2::Route
    DependsOn: AttachGateway
    Properties:
      RouteTableId: !Ref PublicRouteTable
      DestinationCidrBlock: 0.0.0.0/0
      GatewayId: !Ref InternetGateway
  PublicSubnetRouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      SubnetId: !Ref PublicSubnet
      RouteTableId: !Ref PublicRouteTable

This file creates a custom VPC with a large private IP range (10.0.0.0/16). It defines one public subnet and one private subnet inside the VPC. An Internet Gateway is attached to allow internet access for the public subnet. A route table is created and associated with the public subnet to send internet traffic through the gateway.

MyVPC: The main private network.

PublicSubnet: A subnet that can access the internet.

PrivateSubnet: A subnet isolated from the internet.

InternetGateway: Connects the VPC to the internet.

RouteTable and Route: Directs internet traffic from the public subnet.

Commands
This command creates a new stack in AWS CloudFormation using the custom VPC template file. It sets up the VPC and related resources as defined.
Terminal
aws cloudformation create-stack --stack-name my-custom-vpc-stack --template-body file://vpc.yaml
Expected OutputExpected
An error occurred (ValidationError) when calling the CreateStack operation: Stack with id my-custom-vpc-stack already exists OR { "StackId": "arn:aws:cloudformation:us-east-1:123456789012:stack/my-custom-vpc-stack/abcd1234-5678-90ef-ghij-klmnopqrstuv" }
--stack-name - Names the CloudFormation stack for easy management
--template-body - Specifies the local template file to use
This command checks the status and details of the stack to confirm the VPC was created successfully.
Terminal
aws cloudformation describe-stacks --stack-name my-custom-vpc-stack
Expected OutputExpected
{ "Stacks": [ { "StackName": "my-custom-vpc-stack", "StackStatus": "CREATE_COMPLETE", "Outputs": [] } ] }
--stack-name - Specifies which stack to describe
This command lists the VPCs with the name tag 'my-custom-vpc' to verify the VPC exists and see its details.
Terminal
aws ec2 describe-vpcs --filters Name=tag:Name,Values=my-custom-vpc
Expected OutputExpected
{ "Vpcs": [ { "VpcId": "vpc-0abcd1234efgh5678", "State": "available", "CidrBlock": "10.0.0.0/16", "IsDefault": false, "Tags": [ { "Key": "Name", "Value": "my-custom-vpc" } ] } ] }
--filters - Filters VPCs by tag name
Key Concept

If you remember nothing else from this pattern, remember: a custom VPC lets you control your own private network space in the cloud with your own IP ranges and internet access rules.

Common Mistakes
Not attaching an Internet Gateway to the VPC
Without an Internet Gateway, resources in the public subnet cannot access the internet.
Always create and attach an Internet Gateway and add a route to it in the public route table.
Forgetting to associate the public subnet with the route table
Without this association, the subnet won't use the route table that directs traffic to the internet.
Create a SubnetRouteTableAssociation resource linking the public subnet to the public route table.
Using overlapping or incorrect CIDR blocks
Overlapping IP ranges cause network conflicts and resource failures.
Choose non-overlapping CIDR blocks that fit your network design.
Summary
Create a CloudFormation template defining a custom VPC with public and private subnets.
Use AWS CLI to create the stack from the template and verify its creation.
Check the VPC details by filtering with the name tag to confirm it exists.

Practice

(1/5)
1. What is the main purpose of creating a custom VPC in AWS?
easy
A. To automatically create public IP addresses for all instances
B. To connect your AWS account to social media platforms
C. To enable AWS to manage your network without your input
D. To have a private network with a specific IP range for your resources

Solution

  1. Step 1: Understand what a VPC is

    A VPC is a private network in AWS where you control IP ranges and network settings.

  2. Step 2: Identify the purpose of a custom VPC

    Creating a custom VPC lets you choose your IP range and control network setup for your resources.

  3. Final Answer:

    To have a private network with a specific IP range for your resources -> Option D

  4. Quick Check:

    Custom VPC = Private network with chosen IP range [OK]
Hint: Custom VPC means your own private network in AWS [OK]
Common Mistakes:
  • Thinking VPC automatically assigns public IPs
  • Believing AWS manages the network without user control
  • Confusing VPC with external internet connections
2. Which of the following is the correct way to specify the CIDR block when creating a custom VPC?
easy
A. 192.168.1.256/24
B. 255.255.255.0
C. 10.0.0.0/16
D. 10.0.0.0/33

Solution

  1. Step 1: Understand CIDR notation

    CIDR block defines IP range with format like x.x.x.x/y where y is between 0 and 32.

  2. Step 2: Check each option for validity

    10.0.0.0/16 is valid CIDR (10.0.0.0/16). 255.255.255.0 is a subnet mask, not CIDR. 192.168.1.256/24 has invalid IP (256). 10.0.0.0/33 has invalid prefix length (33).

  3. Final Answer:

    10.0.0.0/16 -> Option C

  4. Quick Check:

    CIDR block format = x.x.x.x/y with y ≤ 32 [OK]
Hint: CIDR uses / and prefix ≤ 32, IP parts ≤ 255 [OK]
Common Mistakes:
  • Using subnet mask instead of CIDR
  • Using invalid IP numbers like 256
  • Using prefix length greater than 32
3. Given this AWS CLI command to create a VPC:
aws ec2 create-vpc --cidr-block 10.1.0.0/16 --tag-specifications 'ResourceType=vpc,Tags=[{Key=Name,Value=MyVPC}]'

What will be the result?
medium
A. A VPC with CIDR 10.1.0.0/16 and a Name tag 'MyVPC' will be created
B. The command will fail due to incorrect tag syntax
C. A VPC with default CIDR will be created ignoring the specified CIDR
D. A subnet will be created instead of a VPC

Solution

  1. Step 1: Analyze the CLI command structure

    The command uses 'create-vpc' with a valid CIDR block and correct tag specification syntax.

  2. Step 2: Understand the effect of the command

    This creates a VPC with the given CIDR and applies the Name tag 'MyVPC' to it.

  3. Final Answer:

    A VPC with CIDR 10.1.0.0/16 and a Name tag 'MyVPC' will be created -> Option A

  4. Quick Check:

    Valid CLI command creates VPC with CIDR and tags [OK]
Hint: Tags use 'ResourceType' and 'Tags' in CLI [OK]
Common Mistakes:
  • Incorrect tag syntax causing command failure
  • Confusing subnet creation with VPC creation
  • Ignoring the CIDR block parameter
4. You created a custom VPC but forgot to enable DNS hostnames. What is the best way to fix this?
medium
A. Modify the VPC attribute to enable DNS hostnames using AWS console or CLI
B. Delete the VPC and create a new one with DNS hostnames enabled
C. Create a new subnet with DNS hostnames enabled
D. DNS hostnames cannot be enabled after VPC creation

Solution

  1. Step 1: Understand DNS hostnames setting in VPC

    DNS hostnames is a VPC attribute that can be enabled or disabled after creation.

  2. Step 2: Identify how to enable DNS hostnames

    You can modify the VPC attribute via AWS console or CLI without deleting the VPC.

  3. Final Answer:

    Modify the VPC attribute to enable DNS hostnames using AWS console or CLI -> Option A

  4. Quick Check:

    DNS hostnames can be enabled post-creation [OK]
Hint: VPC attributes can be changed anytime without deletion [OK]
Common Mistakes:
  • Thinking you must delete and recreate the VPC
  • Trying to enable DNS hostnames on a subnet instead of VPC
  • Believing DNS hostnames are enabled by default always
5. You want to create a custom VPC with two public subnets in different availability zones and enable DNS support and hostnames. Which sequence of steps is correct?
hard
A. Attach internet gateway first, then create VPC and subnets, DNS settings are automatic
B. Create VPC with CIDR, enable DNS support and hostnames, create two public subnets in different AZs, attach internet gateway
C. Create VPC with CIDR, create subnets, attach internet gateway, then enable DNS support and hostnames
D. Create two subnets first, then create VPC, enable DNS hostnames, attach internet gateway

Solution

  1. Step 1: Create the VPC with chosen CIDR block

    The VPC must exist before creating subnets or attaching gateways.

  2. Step 2: Enable DNS support and hostnames on the VPC

    This ensures resources inside can resolve names properly.

  3. Step 3: Create two public subnets in different availability zones

    Subnets must be inside the VPC and in separate AZs for high availability.

  4. Step 4: Attach an internet gateway to allow internet access

    This makes the subnets public.

  5. Final Answer:

    Create VPC with CIDR, enable DNS support and hostnames, create two public subnets in different AZs, attach internet gateway -> Option B

  6. Quick Check:

    VPC -> DNS -> Subnets -> Internet Gateway [OK]
Hint: VPC first, then DNS settings, subnets, internet gateway [OK]
Common Mistakes:
  • Creating subnets before the VPC exists
  • Attaching internet gateway before VPC creation
  • Assuming DNS settings are automatic