Think of a VPC as a virtual data center in the cloud. It's a logically isolated part of AWS Cloud where you can define your own network. Complete control of virtual network, including your own IP address range, subnets, route tables, and network gateways.
It's a fully customisable network. Typically you have a 3tier network:
When you create a VPC, you need to choose a IP range (best practice: 10.0.0.0/x) These IP ranges should change per subnet to avoid clashing.
Creating a VPC automatically creates a route table an access control list (ACL).
1 subnet is always in 1 AZ
Possible naming convention for subnets: <CIDR Range> - <AZ>
AWS reserves some IP addresses, 10.0.0.0-3, and 10.0.0.255 A setting exists to auto assign IP addresses for a subnet. Useful for public subnets, this means that any EC2 instances that's put into said subnet will automatically get assigned a IP address.
Only one internet gateway per VPC
Every time you create a subnet it is automatically associated with the main route table. Because of this it's best practice to have a separate route table for any routes out to the internet, just in case something leaks.
The basic flow from the internet is: Internet Gateway -> Router -> Route Table -> Network ACL -> Subnet -> Security Group
TODO - split this doc up
![[[VPC Example.png]]](/VPC-Example.png){kind=link}