create a virtual private cloud in aws
14 Jan 2020

How to Create a Virtual Private Cloud in AWS?

Suppose You have users who are going to work on your project. And you have to create an isolated Lab 2 – VPC – Virtual Private Cloud network in AWS for your project. That thing can be done with VPC service.

In three-tier architecture there is one web server and one database server. As per the requirement, we need 2 networks in a single VPC. create 2 different subnets

  1. RedPublic –
  2. RedPrivate – 10.0..2.0/24

Subnet, where you are going to configure your web server, will be connected to the internet and another where you have DB server should not be connected to the internet. You will also need a bastion server to connect your private VM’s.

 You will need an Internet Gateway to communicate outside your VPC, also a route table that will route traffic outside the VPC using Internet Gateway.

Create 03 security group for

  1. webServer,
  2. DB Server and
  3. Bastion Host.

And manage inbound traffic for security.

Finally, your architecture looks like below.

Virtual Private Cloud

Create a Virtual Private Cloud in AWS

1.1 Login in your AWS console with your admin user.

1.2 Click on services and then search for VPC.

1.3 Click on VPC

1.4 You will get a VPC dashboard

1.5 Change your region to US-EAST (Ohio)

1.6 Click on Your VPC’s from the left side features list.   

1.7 Click on Create VPC

1.8 Add entries as follow

                        Name tag – RedVPC

                        IPv4 CIDR block –

                        IPv6 CIDR block – No IPv6 CIDR Block

                        Tenancy – Default



1.9 Click on Create 

Create a Subnet

2.1 Select subnet from left side under VPC.

2.2 Click on  Create Subnet

            Fill up info like

            VPC id will change. Select your RedVPC from Drop down menu

2.3 Create Second subnet with following info

Instances which will be created on private subnet should get public ipv4 ip automatically. For that do this

2.4 Select check box of RedPublic -> Click on Actions –>  Modify auto-assign IP settings –>


2.5 Click check box of Enable auto-assign public IPv4 address

2.6   Save

Create an Internet Gateway

3.1 Internet gateways form features list which is at the left side under route table

3.2 Click on   Create Internet Gateway

3.3 Name tag:  RedIG

3.4  click on    Create

3.5 Status of Internet Gateway detached

3.6 Select check box of RedIG

3.7 Click on Actions –> Attach to VPC

3.8 Select vpc RedVPC

3.9  Attach

3.10 Check out the status of RedIG. It should be attached.

Edit route table

4.1 Click on Route Tables under Subnets from features list.

4.2 Your Route Table is created automatically  when VPC created.

4.4 Resize width of VPC ID column to see VPC name.

4.5 Add name tag for appropriate route table to RedRT

Associate Route table to public subnet

4.6 Select PublicRT –> Actions –> Edit Subnet Association

4.7 Select RedPublic and Save

Add route for internet through an internet gateway

4.8  Select RedRT –> Actions –> Edit Routes

3.9 Click on Add Route

      Destination :

      Target : Internet Gateway –> Select RedIG

3.10 Click on Save Routes


Security Group

Create 03 security groups each for

  1. webServer,
  2. DB Server and
  3. Bastion Host.


4.1  Scroll down in features of VPC. Under security section click on Security Group.

4.2       Click on Create security group

4.3 Security group name: WebSG

Description:     for Linux web servers

VPC:           RedVPC

4.4       create

4.5 Create two more with following details


Security group name: BastionSG

Description:     for the windows bastion host

VPC:           RedVPC


Security group name: DBSG

Description:     for Linux DB servers

VPC:           RedVPC 


Edit inbound rule in Each SG

4.6 Select BastionSG –> Actions –> Edit Inbound rules


4.7 Add the following rule


Type:           RDP

Source:       Anywhere


Type:           All ICMP – IPv4

Source:       Anywhere 

Save Rules 


4.8 Edit WebSG using following inbound rule


Type   :         HTTP

Source:        Anywhere


Type:           SSH

Source:       Custom


Type:           All ICMP – IPv4

Source:       Custom


4.9 Edit DBSG using following inbound rule


Type:           MYSQL/Aurora

Source:       Custom


Type:           SSH

Source:       Custom


Type:           All ICMP – IPv4

Source:       Custom