Lab Steps

Logging in to the Amazon Web Services Console
Creating a VPC
Creating a VPC Internet Gateway
Creating a Public Subnet
Creating a Bastion Host
Creating a Private Subnet
Creating a Network ACL for a Private Subnet
Adding Rules to a Private Network ACL
Launching an EC2 Instance on a Private Subnet
Launching a Network Address Translation (NAT) Instance
Testing access of Private Subnet Instances
Highlights of Securing your VPC
Need help? Contact our support team

Here you can find the instructions for this specific Lab Step.

If you are ready for a real environment experience please start the Lab. Keep in mind that you'll need to start from the first step.


Amazon Virtual Private Cloud (Amazon VPC) enables you to launch AWS resources into a virtual network you have defined. This virtual network closely resembles a traditional network that you would operate in your own data center with the benefits of using the scalable infrastructure of AWS. It is logically isolated from other virtual networks in the AWS cloud.

In this lab, you will create a new VPC using the AWS Management Console. Once created, you will create other EC2 and VPC resources mimicking a common two-tiered (front-end and back-end) architecture in the cloud.



1. In the AWS Management Console search bar, enter VPC, and click the VPC result under Services:



2. Click Your VPCs in the left navigation pane: 

AWS VPC dashboard

The Your VPCs page lists all previously created VPCs. All new AWS accounts come with a default, fully-working VPC.

Note: Although all Cloud Academy student accounts originally have a default VPC, some accounts had the default VPC inadvertently removed. A default VPC has the Default VPC column set to Yes. If you don't see a default VPC in your lab environment, do not worry. You will create a new VPC and use it regardless.


3. Click Create VPC to begin creating a new VPC. A Create VPC dialog box is opened for you. Specify the following VPC details:

  • Name tag: Enter cloudacademy-labs (This is the name for your VPC. A tag will be created with a key of Name and the value "cloudacademy-labs".)
  • CIDR block: Enter  (This is a CIDR block from the private (non-publicly routable) IP address ranges as specified in RFC 1918.)
  • Tenancy: Select Default  (Dedicated tenancy ensures your instances run on single-tenant hardware. For the purposes of this Lab, the default is fine though.) 



4. Click Create VPC.

Amazon creates the requested VPC and the following linked services:

  • DHCP options set:  Enables DNS for instances that need to communicate over the VPC's Internet gateway
  • Main route table:  Table that contains a set of rules, called routes, that are used to determine where network traffic is directed
  • Network ACL:  List of rules to determine whether traffic is allowed in or out of any subnet associated with the network ACL


Note: No Subnets or Internet Gateways were automatically created with the VPC. You need to add them autonomously. Now you are ready to create your VPC subnets and customize the routing table. 



In this lab, you created the non-default VPC that will be configured with private and public subnets.

Validation checks
Created VPC

Created a non-default VPC

Amazon VPC