Build a Scalable VPC for Your AWS Environment

VPC Architecture for DEMO VPC

In this post, you will learn how to build a scalable VPC for your AWS Cloud. By this, we’re going to create Amazon Private Cloud (VPC), a public and private subnet in a single Availability Zone, public and private routes, a NAT Gateway and an internet gateway. These services are the foundation of networking architecture inside the AWS Cloud. The architectural design covers concepts of infrastructure, design, routing and security. You can Allocate, Associate, Disassociate and Release Elastic IP Address from an EC2 Instance within your AWS Cloud. Please see Quick Steps in Setting Up AWS VPC, the Various ways to restart an AWS EC2 instance, How to create AWS Flow logs Role, and how to Fix Elastic IP Address Could not be Associated.

Amazon Web Services (AWS)

AWS is one of the most popular public cloud platforms used by many organizations around globe to build and host scalable applications. In this article, I show you how build a scalable VPC for your AWS Cloud Environment. Before we go straight into the lab, let’s talk briefly about Amazon VPC – Amazon Virtual Private Cloud. Amazon Virtual Private Cloud (Amazon VPC) is a service provided by Amazon Web Services (AWS) that allows you to create a virtual network in the AWS cloud.

It enables you to launch AWS resources, such as Amazon EC2 instances, within a defined virtual network. It provides you with control over the virtual network environment, including IP address ranges, subnets, routing tables, and network gateways. Sometimes you might be unable to Ping an EC2 Instance due to the rules you defined in your security group. Do more with AWS Directory Services by joining EC2 instance to AWS Managed AD.

How Does Amazon VPC Work?

Amazon VPC works in a such way that you can easily launch AWS resources in a logically isolated virtual network that you’ve defined. Below are steps on how Amazon VPC works. Please see how to Fix Elastic IP Address Could not be Associated.

Define Your VPC

You start by defining the IP address range for your VPC, which determines the private IP address space available for your resources. You can choose from predefined ranges or define a custom range.

Create Subnets

Within your VPC, you create subnets in different Availability Zones (AZs). Subnets are segments of your VPC IP address range and are associated with specific AZs. They provide isolation and allow you to deploy resources in different availability zones for high availability and fault tolerance.

Configure Routing

You create route tables to control the traffic within your VPC. Each subnet is associated with a route table that defines how traffic should flow within the VPC and to external networks. You can configure routes to direct traffic between subnets, to an internet gateway for internet access, or to virtual private gateways for VPN connections.

Internet Connectivity

To enable internet access for your resources, you attach an Internet Gateway (IGW) to your VPC. The IGW allows traffic to flow between your VPC and the internet, enabling instances with public IP addresses to access the internet directly.


Amazon VPC provides security features to control access to your resources. You can use security groups to define inbound and outbound traffic rules at the instance level and network access control lists (ACLs) at the subnet level. These security mechanisms help protect your resources from unauthorized access.

Connect to On-Premises Networks

If you have an on-premises network, you can establish secure connections to your VPC. This can be achieved through VPN connections using the public internet or through AWS Direct Connect, which provides a dedicated network connection.

VPC Peering

VPC peering allows you to connect multiple VPCs together, enabling them to communicate with each other using private IP addresses. This simplifies network connectivity between VPCs and allows you to create complex architectures

Build a Scalable VPC for your AWS Cloud

To build a scalable VPC for your AWS Cloud, follow the below steps:

Step 1 – Create Amazon VPC

To create Amazon VPC, sign into to AWS Management console. As part of the requirement to follow along with this demonstration, you must have an active AWS account with the appropriate permissions. If you don’t have an active AWS account, you can sign up for AWS free tier now to get started.

When you have logged into the console, search for and open VPC and then click on the “Your VPCs” tab from the left side of the screen. Click on Create VPC

Creating Amazon VPC

With the “VPC only” selected, we need to specify the Name tag for the vpc (although specifying the name tag is option but it’s very helpful in making it easy for your identify your resources). So we provided the Name tag as “DEMO VPC”. We specified the Classless Inter-Domain Routing (CIDR) to the range of IP Address of This CIDR range includes all IP addressess starting with 10.0.x.x. This range contains over 65,000 addresses.

Defining the VPC specs

Finally, click on Create VPC to create the VPC. The output show appear successful.

Amazon VPC Created Successfully

Step 2: Enable DNS for the VPC

To enable DNS, go back to the VPC dashbash and select the demo VPC and then choose the action button. Ciick on Edit VPC settings


From the DNS settings section, select Enable DNS hostnames and click on save.

Enabling Hostnames

With hostname enabled any Amazon EC2 instnaces launched into the DEMO VPC now will automatically receive a DNS hostname.

Step 3: Creating public and private subnets

In this section, we create a public and private subnets in the DEMO VPC. In order to do this successfully, we must specify an IPv4 CIDR block for the subnet from the range of DEMO VPC. We can also specify the Availability Zone in which we want the subnet to reside.

Note: You can have multiple subnets in the same Availability Zone.

The first subnet to create if the public subnet. To do this, navigate to the left pane of the VPC and click on Subnets -> Create subnets. Make sure you select the VPC ID to be the DEMO VPC and specify the name tag and define the IPv4 CIDR block and then click on Create subnet.

Now we have the public subnet created, it’s time to create the private subnet.

Repeat the above steps to create the private subnet but specify the name tag as “private subnet” and allocate as as the CIDR range to it.

Public subnet is used for internet-facing resources while the private subnet is used for resources that are to be isolated from the internet 

Step 4: Creating the Internet Gateway

In this step, we create internet gateway (1GW), which is neccessary so that internet traffic can access the public subnet. This helps grant access to and from the internet for instances in a subnet in a VPC. We will create one and attach it to the DEMO VPC and add a route to the subnet’s route table that direct internet-bound traffic to the internet gateway.

To create 1GW from the left pan of the VPC dashboard, click on Internet gateways. Click on Create internet gateway and then specify the name tag and click on Create internet gateway.

Creating 1GW

Immediately after creating the 1GW, you will be prompted to attach it to VPC. Follow the prompt to attach it to the DEMO VPC.

Once it is attached successfully, you the state will be displayed as Attached”

1GW Attached to DEMO VPC

Step 5: Creating Route table

Route table helps in directing traffic from the internet to your internet gateway. Subnet in your VPC must be associated with a route table which controls the routing for it.

Note that a subnet can only be associated with one route table at a time, but you can associate multiple subnet with the same route table. 

To create a route table, click on Route tables from the left side of the VPC dashboard. Click on Create route table. From the list of VPCs, select DEMO VPC and click on Create route table. Note, here we specify the name as public-route-table.

Creating a Route table

After creating the route table, we need to add a route to it. To do this, locate the Routes tab at the bottom of the route table’s page.

Choose Edit routes and the click on Add route and then configure the destination to be and target to be the internet gateway (DEMO-1GW) you created above and click save. 

The next thing is to associate the public subnet we create earlier to the route table. To do so, in the route table’s bottom page, choose the Subnet association tab. In the Edit subnet associations‘ page, select public subnet.


The subnet is now publicly accessible now because it has a route to internet through the internet gateway.

Step 6: Creating security groups

Security groups act as a virtual firewall for your EC2 instances to control incoming and outgoing traffic. By using security groups, you can specify inbound and outbound network traffic that is allowed to and from your Amazon EC2 instances.

To create security group, still on the VPC dashboard, locate Security groups from the left navigation pane. Click on Create a Security Group and configure the name tag, the descriptions and select the DEMO VPC as the VPC.

Creating Security group

In the Inbound rule section, click on Add rule. Select rule type as HTTP and source as Anywhere IPv4 (


In the tag section, specify the tag and click on Create security group.


Step 7: Launch an EC2 Instance into the Public Subnet

The last step in this demo is to launch an Amazon EC2 into the public subnet we created. To enable communication to your Amazon EC2 over the internet, the instance must have a public IPv4 address that is associated with the private IPv4 address on your instance.

Note Amazon EC2 instances are only aware of the private IPv4 address defined within your VPC and subnet by default. 

To create Amazon EC2, review my previous post on how to create Amazon EC2 via the AWS Management console here.

Here, we launched an EC2 instance named public-instance into the DEMO VPC. Under the Network settings, we selected the VPC as DEMO VPC and subnet as public subnet, select Enable Auto-assign public IP, and then selected public-sg as the security group.

Defining Network settings for public Amazon EC2 Instance

Proceed to create the NAT Gateway and launch an Amazon EC2 instance into the private subnet.

In this post, you have learned the step-by-step methods to build a Scalable VPC for Your AWS Environment. By leveraging Amazon VPC, you can create and manage a virtual network infrastructure in the AWS cloud with full control over IP addressing, routing, security, and connectivity. This allows you to build scalable and secure architectures for your applications and services.

Notify of

Inline Feedbacks
View all comments
Would love your thoughts, please comment.x