Introducing Today's Project!
What is Amazon VPC?
Amazon VPC lets you carve out your own private slice of AWS where you design your network layout; subnets, route tables, gateways, security, just how you want. It gives full control and isolation for hosting secure applications.
How I used Amazon VPC in this project
I used Amazon VPC to build a secure cloud network with a public subnet. I set up routing to an internet gateway, created a security group for safe access, and added a network ACL for extra subnet-level control. It was hands-on and really satisfying!
One thing I didn't expect in this project was...
I followed each step as expected creating the VPC, subnet, internet gateway, and security layers. Everything worked smoothly. It reinforced my understanding without surprises, which made the whole project feel like second nature.
This project took me...
This AWS networking challenge took me about an hour to complete. It covered everything from setting up the VPC and public subnet to configuring route tables, security groups, and custom network ACLs all wrapped into a hands-on one-hour session.
Route tables
Route tables are rule sets that guide data within your AWS VPC. Each subnet is linked to one, determining where traffic flows to. Theyʼre vital for VPC internal communication and external access.
Route tables are needed to make a subnet public because they direct internet-bound traffic from the subnet to an internet gateway. Without this route, even with an internet gateway attached, the subnet canʼt send or receive data from the internet.
Route destination and target
Routes are defined by the destination and target, meaning where the traffic wants to go and how it gets there. The destination is the IP range the traffic aims for,, the target is the path it follows like “local” for internal or “igw-” for internet.
The route in my route table has destinations 0.0.0.0/0(all IPv4 addresses) for all IP other than VPC's and 10.0.0.0/16(local) for resources inside the VPC, and a target of 'igw-***' going outside the VPC and 'local' within the VPC.
Security groups
Security groups are sets of rules that control what traffic can enter or leave a specific AWS resource, like an EC2 instance. They act like security checkpoints for each resource, regulating access based on IP address, protocol, and port number.
Inbound vs Outbound rules
Inbound rules are filters that control incoming traffic to your VPC resources. I configured an inbound rule that allows HTTP (port 80) from any IPv4 address (0.0.0.0/0), so anyone can access my instance over the web. It's essential for public apps.
Outbound rules are the permissions that control which traffic your resources can send out. By default, my security group's outbound rule allows all outbound traffic to any IP, meaning resources can initiate external communications freely.
Network ACLs
Network ACLs are subnet-level security layers in your VPC, checking data packets as they enter or exit. By default, custom ACLs deny all traffic until you add rules. Each rule defines allowed IPs, protocols, and ports.
Security groups vs. network ACLs
The difference between a security group and a network ACL is that security groups act like resource-level guards, controlling traffic to individual instances, while network ACLs set broad traffic rules for entire subnets layer security.
Default vs Custom Network ACLs
Similar to security groups, network ACLs use inbound and outbound rules
By default, a network ACL's inbound and outbound rules will allow all traffic. AWS sets up default ACLs to be fully permissive unless you customize them, with catch-all rules letting any IP, port, or protocol pass through.
In contrast, a custom ACLʼs inbound and outbound rules are automatically set to 'deny all traffic'. Until you add specific allow rules, no data packets can enter or exit the subnet it's associated with. Itʼs a lockdown by default approach.
🤝Next in the series builds on this, which is "Creating a Private Subnet"
Top comments (0)