AWS Virtual Private Clouds (VPCs)


AWS Networking Basics
IP Addressing
Start course

AWS 160, from Cloud Academy's comprehensive Amazon Web Services learning tracks series, provides a full introduction to AWS networking. You'll get a good first look at some of the key structural elements of AWS traffic control, like Virtual Private Clouds (VPCs), security groups, and IP addressing. We'll also briefly discuss such critical networking services as CloudFront, Route53, Auto Scaling, and Load Balancing.

AWS160 is part of the 100 level course series (the AWS Technical Foundation Track) which, in turn, lays the groundwork for our 200 series (intermediate level skills) and 300 series (advanced skills).

If you have thoughts or suggestions for this course, please contact Cloud Academy at


In this video we'll describe what makes Virtual Private Clouds, VPCs so useful and introduce you to the key elements require to make them work. An Amazon VPC is a controlled access private network where you can group together, store and deploy your digital resources in whichever way best suits your needs. By isolating them, integrating them with other networks or some blend of the two. Your goal is to expose only precisely what you'd like to expose and allow external access only according to what your project demands. So for instance, a web server whose resources must be wide open to internet HTTP traffic will require certain ports to be open like AVN 433 and certain data to be exposed like the web pages you want to use or to read, but everything else shut type. You could also create a completely private internet with only a single encrypted external access link exposed exclusively to your local data center you're in charge. I should mention that your if AWS account is a bit older then when launching say an EC2 instance you may have to choose between EC2 classic and one or more VPC networks. In newer accounts the EC2 classic option no longer exist. You can think of EC2 classic instances as computers living within the limits of the whole AWS network in which they are by default at least force to accept IP address and access rule patterns that fit the larger environment. VPCs on the other hand are designed by default to exist much more independently, a lot like the way the computers in your own office or data center can be freely isolated or open up according to your needs. Therefore for instance you can customize your VPC IP addresses and subnets much more precisely than with EC2 classic. As EC2 classic networks generally don't play much of a role in AWS computing these days, we won't spend anymore time describing them. As always Amazon has plenty of excellent written documentation available on their website on all AWS topics.

VPCs however couldn't be more important to us so let's take a good look at their structure. VPCs like most AWS elements exist within a specified region. Each of the nine regions that are currently accessible to normal account is created with a default VPC. Any new VPCs that you create will exist in whichever region you selected at the time. Many of the resources you can choose to run within region are in turn place within one of that region's availability zones. As we saw in the previous video every VPC is assigned a block of IP addresses. Amazon automatically divides these addresses among between three and five availability zones creating a single subnet for each availability zone, and availability zone by the way is a geographic area served by a single Amazon data center. This means that all virtual machines hosted say in availability zone us-east-1a might be assign addresses starting at which will be designated as part of the subnet who's ID is made up of a nine-digit hex code. While those in us-east-1b might get address starting with say and subnet with a different ID. As you work with various infrastructure elements like internet gateways or security groups you'll find the subnets are sometimes identified by the English name of their availability zone us-east-1b for instance.

Sometimes by their hex code ID and sometimes by their IP address range. It's good to be aware of all these possibilities. You'll want to pay close attention to those availability zones because they can determine the way you'll design your infrastructure. If for instance you want the lowest possible latency between two virtual machines placing them within a single availability zone might be best. On the other hand is the application you're deploying simply cannot ever go down then you might want to spread redundant application servers between multiple availability zones, so that if one data center should somehow go offline your users will still have access to the redundant instance hosted in the data center in the second availability zone. We'll talk about the tools you can use to control access into and out of a VPC in the next video.

About the Author
Learning Paths

David taught high school for twenty years, worked as a Linux system administrator for five years, and has been writing since he could hold a crayon between his fingers. His childhood bedroom wall has since been repainted.

Having worked directly with all kinds of technology, David derives great pleasure from completing projects that draw on as many tools from his toolkit as possible.

Besides being a Linux system administrator with a strong focus on virtualization and security tools, David writes technical documentation and user guides, and creates technology training videos.

His favorite technology tool is the one that should be just about ready for release tomorrow. Or Thursday.