🌐 AWS 127: Building from Scratch - Creating a Custom Public VPC
Source: Dev.to
Hey Cloud Architects 👋
Welcome to Day 27 of the #100DaysOfCloud Challenge!
Today we’re stepping away from the default AWS settings and building our own custom VPC. The Networking Team needs a dedicated space for public‑facing services, complete with automated IP assignment and secure SSH access.
This task is part of my hands‑on practice on the KodeKloud Engineer platform, which I highly recommend for anyone looking to master real‑world DevOps scenarios.
🎯 Objective
- Create a custom VPC named
devops-pub-vpc. - Create a public subnet named
devops-pub-subnet. - Enable Auto‑assign public IPv4 address for the subnet.
- Launch a
t2.microinstance nameddevops-pub-ec2inside this network. - Ensure port 22 (SSH) is open to the internet.
💡 Why a Custom VPC Is Essential
While AWS provides a default VPC, professional DevOps teams build custom networks to ensure:
- Better security
- Isolation
- Control over IP addressing
🔹 Key Concepts
- VPC (Virtual Private Cloud) – A logically isolated section of the AWS Cloud where you can launch resources in a virtual network that you define.
- Internet Gateway (IGW) – The “bridge” that connects your VPC to the Internet. Without an IGW, a “public” subnet remains private.
- Route Tables – Act as the “GPS” for your network, directing traffic to the Internet Gateway (or other targets) so it can leave the VPC.
🛠️ Step‑by‑Step: Custom Networking Workflow
We’ll move from Network Creation → Routing → Instance Provisioning.
🔹 Phase A – Create the VPC & Subnet
Create VPC
- Open the VPC Dashboard → Create VPC.
- Name the VPC
devops-pub-vpc.
Create Subnet
- Create a subnet inside the VPC and name it
devops-pub-subnet.
Enable Public IPs
- In Subnet Settings, tick “Enable auto‑assign public IPv4 address.”
This ensures every instance launched in the subnet receives a public IP automatically.
🔹 Phase B – Configure Internet Access (The “Public” Part)
Internet Gateway
- Create an Internet Gateway (IGW) and attach it to
devops-pub-vpc.
Update Route Table
- Locate the route table associated with
devops-pub-subnet. - Add a route:
| Destination | Target |
|---|---|
0.0.0.0/0 | Your Internet Gateway |
🔹 Phase C – Launch the Public Instance
Provision EC2
- Launch a
t2.microinstance nameddevops-pub-ec2.
Network Settings
- Choose
devops-pub-vpcanddevops-pub-subnetin the launch wizard.
Security Group
- Create a new security group that allows Inbound SSH (Port 22) from Anywhere (
0.0.0.0/0).
✅ Verify Success
Check Connectivity
When the instance is Running, copy its public IP address.
Terminal Test
ssh -i your-key.pem ubuntu@<public‑ip>
If you can connect via SSH, your custom VPC, subnet, route table, and security group are all correctly configured. Happy cloud building! 🚀
🎉 Confirm
If you successfully log in, your custom network is officially open for business!
📝 Key Takeaways
- 🚀 Default vs. Custom: Custom VPCs let you define your own CIDR blocks (IP ranges).
- 🔗 Implicit Dependency: A subnet is only public if it has a route to an Internet Gateway.
- 🛡️ Security Groups: Even in a public VPC, your instances are protected by security groups. Always apply the principle of least privilege.
🚫 Common Mistakes
- Forgetting the IGW: Attaching an Internet Gateway is a two‑step process—create it and then attach it to the VPC.
- Missing Route Table Entry: If you can’t SSH in, verify that the route table points to the IGW.
- Auto‑Assign Public IP Disabled: If the instance lacks a public IP in the console, you forgot to enable the auto‑assign setting on the subnet.
🌟 Final Thoughts
You’ve just built the backbone of cloud computing! Understanding VPCs, subnets, and routing separates a “Cloud User” from a “Cloud Architect.” This setup is the foundation for hosting websites, APIs, and much more.
🌟 Practice Like a Pro
If you want to try these tasks yourself in a real AWS environment, check out:
👉 KodeKloud Engineer – Practice Labs – where I sharpen my skills daily!
🔗 Let’s Connect
- 💬 LinkedIn: Hritik Raj
- ⭐ Support my journey on GitHub: 100 Days of Cloud