Lab Steps

Logging In to the Amazon Web Services Console
Creating a VPC
Creating a VPC Internet Gateway
Creating a Public Subnet
Creating a Bastion Host
Creating a Private Subnet
Creating a Network ACL for a Private Subnet
Adding Rules to a Private Network ACL
Launching an EC2 Instance on a Private Subnet
Launching a Network Address Translation (NAT) Gateway
Testing access of Private Subnet Instances
Highlights of Securing your VPC
Need help? Contact our support team

Here you can find the instructions for this specific Lab Step.

If you are ready for a real environment experience please start the Lab. Keep in mind that you'll need to start from the first step.

You can pause this lab for
(up to) 1h


As implied by the name, a public subnet will hold resources that require ingress and/or egress to the public internet. A common use case for this is a DNS server, or a load balancer sitting in front of front-end web servers or web applications.

In this lab step, you will create a public subnet in your VPC.



1. In the VPC Dashboard, click Subnets in the left navigation pane: 


The Subnets page lists all previously created subnets.


2. Click Create subnet:


3. Configure the following subnet details:

  • VPC ID: Select  cloudacademy-labs
  • Subnet name: Enter Public-A (This is the name for your subnet. A tag with a key of Name and the value "Public-A" is created)
  • Availability Zone: Select us-west-2a from the drop-down menu
  • CIDR block: Enter


4. Click Create subnet:


The new subnet will be deployed into the selected VPC, and into the selected Availability Zone.

Next, you will need to set up the route table.

A route table contains a set of rules, called routes, that are used to determine where network traffic is directed. Each route in a table specifies a destination CIDR and a target (for example, traffic destined for is targeted for the virtual private gateway).  If a subnet has a route with the destination ( and Internet Gateway as the target, the subnet is known as a public subnet. You can create a custom route table for your VPC using the Amazon VPC console.


5. In the left-hand navigation pane, click the Filter by VPC field and select the cloudacademy-labs VPC from the drop-down:



Note: You may need to refresh your browser tab to be able to select the cloudacademy-labs VPC from the Filter by VPC field.


6. In the left navigation pane, click Route Tables:



7. Click Create route table:



8. Configure the following route table settings:


  • Name: Enter PublicRouteTable
  • VPC: Select the cloudacademy-labs VPC from the drop-down menu



9. Scroll to the bottom of the page and click Create route table:



10. On the route details page, switch to the Routes tab and click Edit routes:



11. Click Add route:



12. Configure the following route settings:

  • Destination: Enter
  • Target: Select Internet Gateway, then labs-gw


13. Click Save changes:


Up next, you will change the default route table of the public subnet to include the new route table.


14. In the left-hand navigation pane, click Subnets.


15. Select the Public-A subnet and click the Route table tab


16. Click the Edit route table association button:



17.  Select PublicRouteTable from the Route table ID drop-down menu and confirm the following routes:


Note: The internet gateway under your target will differ from the ID above.


18. Click Save:


This subnet will require a route to the internet, so the associated route table has now been configured to use PublicRouteTable to determine traffic rules.



In this lab, you created a public subnet in your VPC and associated it with a route table with access to the public internet.

Validation checks
Connected Internet Gateway to the Route Table

Connected an internet gateway to a non-default VPC route table

Networking for AWS