Amazon VPC
Virtual Private Cloud - Your isolated network in AWS
šµ Cost: VPC itself is FREE. However, NAT Gateway costs ~$32/month per AZ (fixed) + data processing fees. Internet Gateway is free. Use public subnets for cost savings in dev/test environments. Prices shown are for US East - verify at aws.amazon.com/vpc/pricing.
See our Costs & Cleanup Guide for detailed breakdown.
What is a VPC?
A Virtual Private Cloud (VPC) is your own isolated section of the AWS cloud. Think of it as your private data center in the cloud where you control the network configuration, IP addresses, and security rules.
Real-World Analogy
A VPC is like renting a floor in a secure office building. You get your own space (network), can divide it into rooms (subnets), control who enters (security groups), and connect it to the outside world (internet gateway).
Why Do You Need a VPC?
- Isolation: Your resources are separated from other AWS customers
- Security: Control inbound and outbound traffic with security groups and NACLs
- Customization: Define your own IP address ranges, subnets, and routing
- Connectivity: Connect to on-premises networks via VPN or Direct Connect
VPC Components
| Component | Purpose | Example |
|---|---|---|
| Subnets | Divide your VPC into smaller networks | Public subnet for web servers, private for databases |
| Internet Gateway | Allows internet access for public subnets | Users accessing your website |
| NAT Gateway | Allows private subnets to access internet (outbound only) | Private servers downloading updates |
| Route Tables | Define where network traffic goes | Send 0.0.0.0/0 to internet gateway |
| Security Groups | Firewall rules for individual resources | Allow port 443 from anywhere |
| NACLs | Firewall rules at subnet level | Block specific IP ranges |
Plain Text
VPC (10.0.0.0/16)
āāā Public Subnet (10.0.1.0/24)
ā āāā Has route to Internet Gateway
ā āāā Resources get public IP addresses
ā āāā Used for: Load balancers, bastion hosts
ā
āāā Private Subnet (10.0.2.0/24)
āāā No direct internet access
āāā Uses NAT Gateway for outbound traffic
āāā Used for: App servers, databases, ECS tasksDefault VPC
AWS creates a default VPC in each region with public subnets. While convenient for learning, production workloads should use custom VPCs with proper public/private subnet separation.