VPC Architecture and CIDR Blocks
Design a VPC with an appropriate CIDR range, divide it into public and private subnets across Availability Zones.
What Is a VPC?
An Amazon Virtual Private Cloud (VPC) is a logically isolated private network within an AWS Region that you define and control. Every AWS account comes with a default VPC (CIDR 172.31.0.0/16) in each Region, but production architectures always use custom VPCs. A VPC spans all Availability Zones in its Region and gives you full control over IP addressing, subnets, route tables, internet gateways, and security. Resources inside a VPC are isolated from other VPCs and from the internet unless you explicitly configure connectivity.
# Create a custom VPC
aws ec2 create-vpc \
--cidr-block 10.0.0.0/16 \
--tag-specifications 'ResourceType=vpc,Tags=[{Key=Name,Value=production-vpc}]'CIDR Blocks: IP Address Ranges
A CIDR (Classless Inter-Domain Routing) block defines the IP address range of a VPC or subnet using the format x.x.x.x/prefix. The prefix length determines how many IP addresses are in the range: /16 = 65,536 addresses, /24 = 256 addresses, /28 = 16 addresses (minimum subnet size on AWS). For VPCs, AWS allows CIDR blocks from /16 (largest) to /28 (smallest). Choose a VPC CIDR that: (1) does not overlap with on-premises networks (for future VPN/Direct Connect), (2) is large enough for your planned subnets, and (3) uses private RFC 1918 address space (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16).
# Common VPC CIDR choices:
# 10.0.0.0/16 -> 65,534 usable IPs (largest common choice)
# 10.0.0.0/20 -> 4,094 usable IPs
# 10.0.0.0/24 -> 254 usable IPs (too small for most VPCs)
# AWS reserves 5 IPs in each subnet:
# x.x.x.0 Network address
# x.x.x.1 VPC router
# x.x.x.2 DNS server
# x.x.x.3 Future use
# x.x.x.255 BroadcastAll lessons in this course
- VPC Architecture and CIDR Blocks
- Internet Gateway and Route Tables
- NAT Gateway and Private Subnets
- Network ACLs vs Security Groups