Bird
Raised Fist0
AWScloud~10 mins

Creating a custom VPC in AWS - Visual Walkthrough

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Process Flow - Creating a custom VPC
Start
Define VPC CIDR
Create VPC
Create Subnets
Create Internet Gateway
Attach Internet Gateway to VPC
Create Route Table
Add Route to Internet Gateway
Associate Route Table with Subnets
End: Custom VPC Ready
The flow shows the steps to create a custom VPC: define IP range, create VPC, add subnets, set up internet gateway, route table, and associate them.
Execution Sample
AWS
aws ec2 create-vpc --cidr-block 10.0.0.0/16
aws ec2 create-subnet --vpc-id vpc-1234 --cidr-block 10.0.1.0/24
aws ec2 create-internet-gateway
aws ec2 attach-internet-gateway --vpc-id vpc-1234 --internet-gateway-id igw-1234
aws ec2 create-route-table --vpc-id vpc-1234
aws ec2 create-route --route-table-id rtb-1234 --destination-cidr-block 0.0.0.0/0 --gateway-id igw-1234
aws ec2 associate-route-table --subnet-id subnet-1234 --route-table-id rtb-1234
This sequence creates a VPC with a subnet, internet gateway, route table, and connects them for internet access.
Process Table
StepActionResource Created/ModifiedID/ValueState After Action
1Create VPC with CIDR 10.0.0.0/16VPCvpc-1234VPC vpc-1234 created with CIDR 10.0.0.0/16
2Create Subnet in VPC vpc-1234 with CIDR 10.0.1.0/24Subnetsubnet-1234Subnet subnet-1234 created in vpc-1234
3Create Internet GatewayInternet Gatewayigw-1234Internet Gateway igw-1234 created
4Attach Internet Gateway igw-1234 to VPC vpc-1234Attachmentigw-1234 attachedInternet Gateway attached to VPC
5Create Route Table in VPC vpc-1234Route Tablertb-1234Route Table rtb-1234 created
6Create Route 0.0.0.0/0 via igw-1234 in rtb-1234Routeroute-1Route to internet added in route table
7Associate Route Table rtb-1234 with Subnet subnet-1234Associationassoc-1Subnet uses route table with internet access
8EndN/AN/ACustom VPC setup complete with internet access
💡 All resources created and connected; VPC is ready for use with internet access.
Status Tracker
ResourceInitialAfter Step 1After Step 2After Step 3After Step 4After Step 5After Step 6After Step 7Final
VPCNonevpc-1234 (CIDR 10.0.0.0/16)vpc-1234vpc-1234vpc-1234vpc-1234vpc-1234vpc-1234vpc-1234
SubnetNoneNonesubnet-1234 (CIDR 10.0.1.0/24)subnet-1234subnet-1234subnet-1234subnet-1234subnet-1234 (associated)subnet-1234 (associated)
Internet GatewayNoneNoneNoneigw-1234igw-1234 attachedigw-1234 attachedigw-1234 attachedigw-1234 attachedigw-1234 attached
Route TableNoneNoneNoneNonertb-1234rtb-1234 with routertb-1234 with routertb-1234 with routertb-1234 with route
Key Moments - 3 Insights
Why do we need to attach the Internet Gateway to the VPC after creating it?
Creating the Internet Gateway alone does not connect it to the VPC. Step 4 attaches it, enabling internet traffic routing as shown in execution_table row 4.
What happens if we don't associate the route table with the subnet?
Without association (step 7), the subnet won't use the route table with internet access, so instances can't reach the internet. See execution_table row 7 for association importance.
Why define CIDR blocks when creating VPC and subnet?
CIDR blocks define IP address ranges. The VPC CIDR (step 1) is large, and subnet CIDR (step 2) is a smaller part inside it, ensuring organized IP allocation.
Visual Quiz - 3 Questions
Test your understanding
Look at the execution_table at step 3. What resource is created?
ARoute Table rtb-1234
BSubnet subnet-1234
CInternet Gateway igw-1234
DVPC vpc-1234
💡 Hint
Check the 'Resource Created/Modified' column at step 3 in execution_table.
At which step does the subnet get associated with the route table?
AStep 7
BStep 6
CStep 5
DStep 4
💡 Hint
Look for 'Associate Route Table' action in execution_table rows.
If the Internet Gateway was not attached to the VPC, what would be the state of internet access?
AInternet access would work normally
BInternet access would fail because IGW is not attached
CSubnet would have internet access without IGW
DRoute table would automatically fix it
💡 Hint
Refer to key_moments explanation about attaching IGW and execution_table step 4.
Concept Snapshot
Creating a custom VPC:
- Define a CIDR block (IP range) for the VPC
- Create the VPC resource
- Create subnets inside the VPC with smaller CIDRs
- Create and attach an Internet Gateway for internet access
- Create a route table and add a route to the IGW
- Associate the route table with subnets
- Result: VPC with internet connectivity ready for instances
Full Transcript
To create a custom VPC, start by defining the IP address range using a CIDR block. Then create the VPC resource with this CIDR. Next, create one or more subnets inside the VPC, each with a smaller CIDR block. Create an Internet Gateway and attach it to the VPC to enable internet access. Create a route table for the VPC and add a route that sends all internet traffic (0.0.0.0/0) to the Internet Gateway. Finally, associate this route table with the subnets so that instances inside can use it. This setup allows instances in the subnet to communicate with the internet through the VPC.

Practice

(1/5)
1. What is the main purpose of creating a custom VPC in AWS?
easy
A. To automatically create public IP addresses for all instances
B. To connect your AWS account to social media platforms
C. To enable AWS to manage your network without your input
D. To have a private network with a specific IP range for your resources

Solution

  1. Step 1: Understand what a VPC is

    A VPC is a private network in AWS where you control IP ranges and network settings.

  2. Step 2: Identify the purpose of a custom VPC

    Creating a custom VPC lets you choose your IP range and control network setup for your resources.

  3. Final Answer:

    To have a private network with a specific IP range for your resources -> Option D

  4. Quick Check:

    Custom VPC = Private network with chosen IP range [OK]
Hint: Custom VPC means your own private network in AWS [OK]
Common Mistakes:
  • Thinking VPC automatically assigns public IPs
  • Believing AWS manages the network without user control
  • Confusing VPC with external internet connections
2. Which of the following is the correct way to specify the CIDR block when creating a custom VPC?
easy
A. 192.168.1.256/24
B. 255.255.255.0
C. 10.0.0.0/16
D. 10.0.0.0/33

Solution

  1. Step 1: Understand CIDR notation

    CIDR block defines IP range with format like x.x.x.x/y where y is between 0 and 32.

  2. Step 2: Check each option for validity

    10.0.0.0/16 is valid CIDR (10.0.0.0/16). 255.255.255.0 is a subnet mask, not CIDR. 192.168.1.256/24 has invalid IP (256). 10.0.0.0/33 has invalid prefix length (33).

  3. Final Answer:

    10.0.0.0/16 -> Option C

  4. Quick Check:

    CIDR block format = x.x.x.x/y with y ≤ 32 [OK]
Hint: CIDR uses / and prefix ≤ 32, IP parts ≤ 255 [OK]
Common Mistakes:
  • Using subnet mask instead of CIDR
  • Using invalid IP numbers like 256
  • Using prefix length greater than 32
3. Given this AWS CLI command to create a VPC:
aws ec2 create-vpc --cidr-block 10.1.0.0/16 --tag-specifications 'ResourceType=vpc,Tags=[{Key=Name,Value=MyVPC}]'

What will be the result?
medium
A. A VPC with CIDR 10.1.0.0/16 and a Name tag 'MyVPC' will be created
B. The command will fail due to incorrect tag syntax
C. A VPC with default CIDR will be created ignoring the specified CIDR
D. A subnet will be created instead of a VPC

Solution

  1. Step 1: Analyze the CLI command structure

    The command uses 'create-vpc' with a valid CIDR block and correct tag specification syntax.

  2. Step 2: Understand the effect of the command

    This creates a VPC with the given CIDR and applies the Name tag 'MyVPC' to it.

  3. Final Answer:

    A VPC with CIDR 10.1.0.0/16 and a Name tag 'MyVPC' will be created -> Option A

  4. Quick Check:

    Valid CLI command creates VPC with CIDR and tags [OK]
Hint: Tags use 'ResourceType' and 'Tags' in CLI [OK]
Common Mistakes:
  • Incorrect tag syntax causing command failure
  • Confusing subnet creation with VPC creation
  • Ignoring the CIDR block parameter
4. You created a custom VPC but forgot to enable DNS hostnames. What is the best way to fix this?
medium
A. Modify the VPC attribute to enable DNS hostnames using AWS console or CLI
B. Delete the VPC and create a new one with DNS hostnames enabled
C. Create a new subnet with DNS hostnames enabled
D. DNS hostnames cannot be enabled after VPC creation

Solution

  1. Step 1: Understand DNS hostnames setting in VPC

    DNS hostnames is a VPC attribute that can be enabled or disabled after creation.

  2. Step 2: Identify how to enable DNS hostnames

    You can modify the VPC attribute via AWS console or CLI without deleting the VPC.

  3. Final Answer:

    Modify the VPC attribute to enable DNS hostnames using AWS console or CLI -> Option A

  4. Quick Check:

    DNS hostnames can be enabled post-creation [OK]
Hint: VPC attributes can be changed anytime without deletion [OK]
Common Mistakes:
  • Thinking you must delete and recreate the VPC
  • Trying to enable DNS hostnames on a subnet instead of VPC
  • Believing DNS hostnames are enabled by default always
5. You want to create a custom VPC with two public subnets in different availability zones and enable DNS support and hostnames. Which sequence of steps is correct?
hard
A. Attach internet gateway first, then create VPC and subnets, DNS settings are automatic
B. Create VPC with CIDR, enable DNS support and hostnames, create two public subnets in different AZs, attach internet gateway
C. Create VPC with CIDR, create subnets, attach internet gateway, then enable DNS support and hostnames
D. Create two subnets first, then create VPC, enable DNS hostnames, attach internet gateway

Solution

  1. Step 1: Create the VPC with chosen CIDR block

    The VPC must exist before creating subnets or attaching gateways.

  2. Step 2: Enable DNS support and hostnames on the VPC

    This ensures resources inside can resolve names properly.

  3. Step 3: Create two public subnets in different availability zones

    Subnets must be inside the VPC and in separate AZs for high availability.

  4. Step 4: Attach an internet gateway to allow internet access

    This makes the subnets public.

  5. Final Answer:

    Create VPC with CIDR, enable DNS support and hostnames, create two public subnets in different AZs, attach internet gateway -> Option B

  6. Quick Check:

    VPC -> DNS -> Subnets -> Internet Gateway [OK]
Hint: VPC first, then DNS settings, subnets, internet gateway [OK]
Common Mistakes:
  • Creating subnets before the VPC exists
  • Attaching internet gateway before VPC creation
  • Assuming DNS settings are automatic