Lab Steps

Logging In to the Amazon Web Services Console
Creating a VPC
Creating a VPC Internet Gateway
Creating a Public Subnet
Creating a Bastion Host
Creating a Private Subnet
Creating a Network ACL for a Private Subnet
Adding Rules to a Private Network ACL
Launching an EC2 Instance on a Private Subnet
Launching a Network Address Translation (NAT) Gateway
Testing access of Private Subnet Instances
Highlights of Securing your VPC
Need help? Contact our support team

Here you can find the instructions for this specific Lab Step.

If you are ready for a real environment experience please start the Lab. Keep in mind that you'll need to start from the first step.

You can pause this lab for
(up to) 1h


Amazon Virtual Private Cloud (Amazon VPC) enables you to launch AWS resources into a virtual network you have defined. This virtual network closely resembles a traditional network that you would operate in your own data center with the benefits of using the scalable infrastructure of AWS. It is logically isolated from other virtual networks in the AWS cloud.

In this lab, you will create a new VPC using the AWS Management Console. Once created, you will create other EC2 and VPC resources mimicking a common two-tiered (front-end and back-end) architecture in the cloud.



1. In the AWS Management Console search bar, enter VPC, and click the VPC result under Services:



2. Click Your VPCs in the left navigation pane: 


The Your VPCs page lists all previously created VPCs. All new AWS accounts come with a default, fully-working VPC.

Note: Although all Cloud Academy student accounts originally have a default VPC, some accounts had the default VPC inadvertently removed. A default VPC has the Default VPC column set to Yes. If you don't see a default VPC in your lab environment, do not worry. You will create a new VPC and use it regardless.


3. Click Create VPC to begin creating a new VPC. A Create VPC dialog box is opened for you. Specify the following VPC details:

  • Resources to create: Select VPC only
  • Name tag: Enter cloudacademy-labs (This is the name for your VPC. A tag will be created with a key of Name and the value "cloudacademy-labs".)
  • CIDR block: Enter  (This is a CIDR block from the private (non-publicly routable) IP address ranges as specified in RFC 1918.)
  • Tenancy: Select Default  (Dedicated tenancy ensures your instances run on single-tenant hardware. For the purposes of this Lab, the default is fine though.) 



Notice the VPC and more. option. Choosing this option launches a wizard that makes setting up and configuring a new VPC very simple.

In this lab, you are creating the VPC manually to aid understanding of underlying Amazon VPC concepts.


4. Scroll to the bottom of the page and click Create VPC.

Amazon creates the requested VPC and the following linked services:

  • DHCP options set:  Enables DNS for instances that need to communicate over the VPC's Internet gateway
  • Main route table:  Table that contains a set of rules, called routes, that are used to determine where network traffic is directed
  • Network ACL:  List of rules to determine whether traffic is allowed in or out of any subnet associated with the network ACL


Note: A red warning might pop up saying "Failed to load rule groups," it is okay to ignore that.

No Subnets or Internet Gateways were automatically created with the VPC. You need to add them autonomously.

Now you are ready to create your VPC subnets and customize the routing table. 



In this lab, you created the non-default VPC that will be configured with private and public subnets.

Validation checks
Created VPC

Created a non-default VPC

Amazon VPC