Getting Started with VPC
Introduction to VPC
Create your first VPC
PREVIEW10m 21s
Advanced concepts
7m 52s
Practical Example
Start course

Amazon VPCs - virtual networks allowing you to to provision a logically isolated section of your cloud where you can deploy AWS resources and have full control over your virtual networking environment - are a cornerstone of AWS computing. VPCs provide unique and customizable IP address ranges, subnets, route tables, and network gateways. They play an important role in a wide range of scenarios, from the complex to the relatively straightforward.

Mastering VPC concepts is not easy, so our expert Linux System Administrator David Clinton created this course to help you to get started. When you're done, you should be able to intelligently integrate VPC configuration into your cloud architecture. You learn about basic VPC usage, how to create a subnet, and how to deploy a whole virtual intranet in your cloud.

Who should take this course

As this is an intermediate to advanced course, you will need some previous experience with AWS to fully understand it. Basic knowledge about EC2 and IAM will be taken for granted, and in particular you should have a good knowledge of the TCP/IP stack to fully appreciate some course elements.

If you'd like to improve your EC2 and general AWS knowledge, check out our other courses. Also, you may want to challenge yourself with our questions if you want to test your knowledge after taking this course.


Hi, and welcome to's video series on Amazon VPCs, virtual private clouds. In this video, we're going to explain a little bit about how VPC subnetting works. Subnetting allows you to separate resources from each other in a highly structured and organized way. So for instance, you could use a public subnet for resources that must be connected to the internet, and a private subnet for resources that by default you'd prefer to not have internet access. Both these subnets could be part of the same master network, but each will behave differently according to your needs. It all works with IP addresses. Amazon, by the way, uses IPv4 addressing and not IPv6. In fact, most networking these days is still done with IPv4, even though IPv6 was supposed to have been phased in years ago. VPCs will use NAT, network address translation reserved address ranges. These addresses could fall in the range or or 192.168.x.x. In most cases, AWS will assign a VPC initially a 172.x.x.x address. By way of a very quick review in subnetting, let's break down that address just a bit. There are four octets in this address. Each one is made up of eight bits. Eight bits, of course, in binary, adds up to 256 or between 0 and 255. An IPv4 address contains two types of addresses: network addresses and nodes.

If you have an address, let's say,, that means that 16 bits or the first two octets of the address are going to be reserved for network addresses, and only 16 more bits, the second two octets of the address are left for node. If on the other hand, your subnet mask is /24, that means the first 24 bits of the address, or the first three octets, are going to be used for network addresses, and only eight, the last single octet is available for nodes. Another way to notate that, by the way, /16 might also be described as And /24 might be described as So let's take a typical example from AWS' VPC configuration. Let's say that your DPC has been assigned a default address of That means your network gateway address is and only the first two octets are reserved for network addresses. The remaining two octets, which comes to a total of about 255 times 255, that is the number of available nodes.

However, the default subnet that AWS might have assigned one of your EC2 instances is That means its net mass is not 16 nor is it 24, but it's 20. That means the first two octets are reserved for networks, and the first four bits of the third octet are also reserved for network addresses. That might mean your EC2 instance is given a private address of 172.31.0, which is a network address that's compatible with the VPC address, but .5. That is the specific EC2 instance will be identified as the fifth or perhaps sixth node on this network. If there was another EC2 instance, and let's say its subnet was, then private addresses under that subnet might be given an address like or .10 or .15.

Isolating subnets makes it easy to control access between them. With this basic addressing information, you can look at the addresses that AWS has given you, and you've got what you need to create the routing and ACL policies necessary to get your VPC working the way it should.

About the Author
David Clinton
Linux SysAdmin
Learning Paths

David taught high school for twenty years, worked as a Linux system administrator for five years, and has been writing since he could hold a crayon between his fingers. His childhood bedroom wall has since been repainted.

Having worked directly with all kinds of technology, David derives great pleasure from completing projects that draw on as many tools from his toolkit as possible.

Besides being a Linux system administrator with a strong focus on virtualization and security tools, David writes technical documentation and user guides, and creates technology training videos.

His favorite technology tool is the one that should be just about ready for release tomorrow. Or Thursday.