Chapter 4 — Virtual Private Cloud (VPC)
📖 Story First
Our school campus has been set up in Mumbai.
Now imagine the campus does not have any walls or fences around it. Anyone from the street can just walk in. Students from other schools can enter any classroom. People from outside can access the library, the labs, the office — everything.
That would be complete chaos. It would be dangerous. Private school records would be exposed. Students would not be safe.
So what does the school do?
They build walls and a fence around the entire campus. Now there is a clear boundary. Everything inside the boundary is the school's private property. Outsiders cannot just walk in. The school controls who can enter, who can exit, and who can access which part of the campus.
This boundary — this private, controlled space — is what AWS calls a VPC.
🎯 Learning Objectives
By the end of this chapter, you will be able to:
- ✅ Explain what a VPC is in simple terms
- ✅ Understand why VPCs are needed
- ✅ Know the default VPC
- ✅ Understand VPC CIDR blocks at a high level
- ✅ Create a VPC in AWS
🏫 School Analogy
┌─────────────────────────────────────────────────────────┐
│ SCHOOL ←→ VPC MAPPING │
├──────────────────────────┬──────────────────────────────┤
│ SCHOOL CONCEPT │ AWS CONCEPT │
├──────────────────────────┼──────────────────────────────┤
│ The whole campus │ VPC │
│ Campus boundary/walls │ VPC IP address range (CIDR) │
│ Inside the campus │ Private cloud space │
│ Campus rules │ VPC routing and security │
│ Multiple campuses │ Multiple VPCs per account │
└──────────────────────────┴──────────────────────────────┘
☁️ The Actual Concept
A VPC (Virtual Private Cloud) is your own private, isolated section of the AWS cloud.
When you create a VPC, you are creating a virtual network that belongs only to you. Nobody else can see it or access it unless you specifically allow them to.
Think of it as building your own private network — like your home WiFi network — but hosted inside AWS.
🏠 The Real-World Analogy (Bonus)
Imagine an apartment building.
The building has hundreds of apartments. Each apartment is separate. You cannot walk into someone else's apartment. Your apartment has its own lock, its own rules, its own furniture.
The building = AWS Cloud Your apartment = Your VPC Other apartments = Other customers' VPCs
You are all in the same building, but you are completely isolated from each other.
📋 VPC Key Facts
┌─────────────────────────────────────────────────────────┐
│ VPC KEY FACTS │
├─────────────────────────────────────────────────────────┤
│ │
│ • Created per Region (not per AZ) │
│ • You can have up to 5 VPCs per Region (default) │
│ • Each VPC has its own IP address range (CIDR) │
│ • VPCs are isolated from each other by default │
│ • AWS gives you a Default VPC in each Region │
│ • You can connect VPCs using VPC Peering │
│ │
└─────────────────────────────────────────────────────────┘
🏢 Default VPC
When you create an AWS account, AWS automatically creates a Default VPC in each Region.
This default VPC is like the school having a basic campus layout already set up for you on your first day. You do not have to build it from scratch immediately.
The Default VPC:
- Has CIDR block: 172.31.0.0/16
- Has one public subnet in each AZ
- Has an Internet Gateway attached
- Is ready to use immediately
⚠️ NOTE FOR BEGINNERS:
For learning purposes, the Default VPC is fine.
For production (real work), always create a custom VPC.
The Default VPC is like using the school's basic
borrowed equipment. For serious work, you bring your own.
🧪 Hands-On Lab — Create Your First VPC
STEP 1: Log into AWS Console
Go to: console.aws.amazon.com
STEP 2: Search for "VPC" in the search bar
Click on "VPC" service
STEP 3: In the left menu, click "Your VPCs"
You will see the Default VPC already there
STEP 4: Click "Create VPC"
STEP 5: Fill in the details:
Name tag: MyFirstVPC
IPv4 CIDR block: 10.0.0.0/16
Tenancy: Default
STEP 6: Click "Create VPC"
✅ Congratulations! You just created your own
private network in the AWS cloud!
💡 Pro Tips
💡 Tip 1: Always tag your VPC with a meaningful name. In real projects, you will have multiple VPCs and clear names keep things organized.
💡 Tip 2: Use the IP range 10.0.0.0/16 for your custom VPC. This is a common best practice and gives you 65,536 IP addresses to work with.
💡 Tip 3: Never use the Default VPC for production workloads. Always create a custom VPC with your own design.
❓ Quick Quiz
🎤 Interview Questions
Q: What is a VPC and why is it important?
A VPC (Virtual Private Cloud) is a logically isolated section of the AWS cloud where you can launch your resources in a virtual network that you define. It is important because it provides security and isolation — your resources are not accessible to other AWS customers, and you have full control over your network configuration including IP ranges, subnets, routing, and security.
Q: What is the difference between the Default VPC and a Custom VPC?
The Default VPC is automatically created by AWS in each Region and is pre-configured with public subnets and an internet gateway, making it easy to get started. A Custom VPC is one you create yourself with your own CIDR range, subnets, and routing configuration. Custom VPCs are recommended for production because you have full control over the network design.
📝 Chapter Summary
┌─────────────────────────────────────────────────────────┐
│ CHAPTER 4 SUMMARY │
├─────────────────────────────────────────────────────────┤
│ │
│ ✅ VPC = Your private, isolated network in AWS │
│ ✅ Like walls around a school campus │
│ ✅ Created per Region │
│ ✅ Resources in your VPC are isolated by default │
│ ✅ Default VPC exists in every Region automatically │
│ ✅ For production, always create a custom VPC │
│ ✅ Each VPC has an IP range called a CIDR block │
│ │
└─────────────────────────────────────────────────────────┘