0
0
AWScloud~5 mins

Creating a custom VPC in AWS - Step-by-Step CLI Walkthrough

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Introduction
Sometimes the default network settings in the cloud do not fit your needs. Creating a custom Virtual Private Cloud (VPC) lets you control your own private network space, like setting up your own neighborhood with streets and houses.
When you want to isolate your cloud resources in a private network for security.
When you need to define your own IP address range for your cloud resources.
When you want to create sub-networks for different parts of your application.
When you want to control internet access and routing for your cloud resources.
When you want to connect your cloud network to your office network securely.
Config File - vpc.yaml
vpc.yaml
AWSTemplateFormatVersion: '2010-09-09'
Description: Custom VPC with public and private subnets
Resources:
  MyVPC:
    Type: AWS::EC2::VPC
    Properties:
      CidrBlock: 10.0.0.0/16
      EnableDnsSupport: true
      EnableDnsHostnames: true
      Tags:
        - Key: Name
          Value: my-custom-vpc
  PublicSubnet:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref MyVPC
      CidrBlock: 10.0.1.0/24
      MapPublicIpOnLaunch: true
      AvailabilityZone: us-east-1a
      Tags:
        - Key: Name
          Value: my-public-subnet
  PrivateSubnet:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref MyVPC
      CidrBlock: 10.0.2.0/24
      MapPublicIpOnLaunch: false
      AvailabilityZone: us-east-1a
      Tags:
        - Key: Name
          Value: my-private-subnet
  InternetGateway:
    Type: AWS::EC2::InternetGateway
    Properties:
      Tags:
        - Key: Name
          Value: my-internet-gateway
  AttachGateway:
    Type: AWS::EC2::VPCGatewayAttachment
    Properties:
      VpcId: !Ref MyVPC
      InternetGatewayId: !Ref InternetGateway
  PublicRouteTable:
    Type: AWS::EC2::RouteTable
    Properties:
      VpcId: !Ref MyVPC
      Tags:
        - Key: Name
          Value: my-public-route-table
  PublicRoute:
    Type: AWS::EC2::Route
    DependsOn: AttachGateway
    Properties:
      RouteTableId: !Ref PublicRouteTable
      DestinationCidrBlock: 0.0.0.0/0
      GatewayId: !Ref InternetGateway
  PublicSubnetRouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      SubnetId: !Ref PublicSubnet
      RouteTableId: !Ref PublicRouteTable

This file creates a custom VPC with a large private IP range (10.0.0.0/16). It defines one public subnet and one private subnet inside the VPC. An Internet Gateway is attached to allow internet access for the public subnet. A route table is created and associated with the public subnet to send internet traffic through the gateway.

MyVPC: The main private network.

PublicSubnet: A subnet that can access the internet.

PrivateSubnet: A subnet isolated from the internet.

InternetGateway: Connects the VPC to the internet.

RouteTable and Route: Directs internet traffic from the public subnet.

Commands
This command creates a new stack in AWS CloudFormation using the custom VPC template file. It sets up the VPC and related resources as defined.
Terminal
aws cloudformation create-stack --stack-name my-custom-vpc-stack --template-body file://vpc.yaml
Expected OutputExpected
An error occurred (ValidationError) when calling the CreateStack operation: Stack with id my-custom-vpc-stack already exists OR { "StackId": "arn:aws:cloudformation:us-east-1:123456789012:stack/my-custom-vpc-stack/abcd1234-5678-90ef-ghij-klmnopqrstuv" }
--stack-name - Names the CloudFormation stack for easy management
--template-body - Specifies the local template file to use
This command checks the status and details of the stack to confirm the VPC was created successfully.
Terminal
aws cloudformation describe-stacks --stack-name my-custom-vpc-stack
Expected OutputExpected
{ "Stacks": [ { "StackName": "my-custom-vpc-stack", "StackStatus": "CREATE_COMPLETE", "Outputs": [] } ] }
--stack-name - Specifies which stack to describe
This command lists the VPCs with the name tag 'my-custom-vpc' to verify the VPC exists and see its details.
Terminal
aws ec2 describe-vpcs --filters Name=tag:Name,Values=my-custom-vpc
Expected OutputExpected
{ "Vpcs": [ { "VpcId": "vpc-0abcd1234efgh5678", "State": "available", "CidrBlock": "10.0.0.0/16", "IsDefault": false, "Tags": [ { "Key": "Name", "Value": "my-custom-vpc" } ] } ] }
--filters - Filters VPCs by tag name
Key Concept

If you remember nothing else from this pattern, remember: a custom VPC lets you control your own private network space in the cloud with your own IP ranges and internet access rules.

Common Mistakes
Not attaching an Internet Gateway to the VPC
Without an Internet Gateway, resources in the public subnet cannot access the internet.
Always create and attach an Internet Gateway and add a route to it in the public route table.
Forgetting to associate the public subnet with the route table
Without this association, the subnet won't use the route table that directs traffic to the internet.
Create a SubnetRouteTableAssociation resource linking the public subnet to the public route table.
Using overlapping or incorrect CIDR blocks
Overlapping IP ranges cause network conflicts and resource failures.
Choose non-overlapping CIDR blocks that fit your network design.
Summary
Create a CloudFormation template defining a custom VPC with public and private subnets.
Use AWS CLI to create the stack from the template and verify its creation.
Check the VPC details by filtering with the name tag to confirm it exists.