AWS Cloud Practitioner CLF-C02
Technology Part One
Networking Default VPC
In this lesson, we delve into the concept of default VPCs, compare them with custom VPCs, and explain the automated networking configuration that AWS provides. You'll gain insight into how these preconfigured environments enable rapid deployment and internet connectivity.
AWS provides two types of Virtual Private Clouds (VPCs):
- Default VPCs: Automatically created in every region when you open an AWS account. They include preconfigured settings designed for quick access and straightforward deployment.
- Custom VPCs: Require manual configuration of settings such as internet connectivity, subnets, and security policies.
Note
Default VPCs are ideal for users who want a ready-to-use network environment that supports internet-accessible resources without manual setup.
Default VPC Structure
Each default VPC in AWS exhibits the following characteristics:
- Single VPC per Region: Every region has one default VPC.
- CIDR Block: The default VPC is assigned a /16 CIDR block, specifically 172.31.0.0/16, offering 65,536 IP addresses.
- Default Subnets: For each availability zone in a region, a default subnet is created. For instance, if a region has two availability zones, there will be two subnets. These subnets are typically configured with a /20 mask (e.g., 172.31.0.0/20 and 172.31.16.0/20).
- Internet Gateway: An Internet Gateway is automatically attached to the default VPC, and a default route is configured to direct all outbound traffic to the gateway. This ensures that every subnet within the default VPC is public, allowing resources to be accessed from the internet.
- Security Configurations: Default security groups and Network Access Control Lists (NACLs) are set up to manage and control traffic.
Below is an image that illustrates a typical default VPC setup, showcasing the Internet Gateway, public subnets, and security configurations:
Summary of Default VPC Features
Every AWS region comes configured with a default VPC that includes:
- CIDR Block: 172.31.0.0/16 for the entire VPC.
- Subnets: One default subnet per availability zone.
- Internet Access: An attached Internet Gateway enables outbound connectivity.
- Security: Default security groups support outbound traffic, and default NACLs are open for inbound and outbound traffic.
The following image summarizes these core features—subnets, security groups, NACLs, CIDR allocation, internet access, and availability zones:
Quick Reference
For further details and best practices on configuring VPCs, consider exploring the AWS VPC Documentation.
Watch Video
Watch video content