Amazon Virtual Private Cloud (VPC) allows you to provision a logically isolated section of the AWS cloud where you can launch AWS resources in a virtual network that you define. This gives you complete control over your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways.

1. VPC: A virtual network dedicated to your AWS account.
2. Subnets: Segments of a VPC's IP address range where you can place groups of isolated resources.
3. Route Tables: Rules that determine where network traffic is directed.
4. Internet Gateway: A gateway that allows communication between instances in your VPC and the internet.
5. NAT Gateway: A network address translation (NAT) service that enables instances in a private subnet to connect to the internet or other AWS services, but prevents the internet from initiating a connection with those instances.
6. Security Groups: Virtual firewalls that control inbound and outbound traffic to instances.
7. Network ACLs: Optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets.

Step-by-Step Guide

1. Open the Amazon VPC Console:

   • Navigate to the VPC Dashboard in the AWS Management Console.

2. Create a VPC:

   • Click on "Create VPC".
   • Enter a name for your VPC.
   • Specify an IPv4 CIDR block (e.g., 10.0.0.0/16).
   • Optionally, specify an IPv6 CIDR block.
   • Choose tenancy (default or dedicated).

3. Create Subnets:

   • Click on "Subnets" in the VPC Dashboard.
   • Click "Create Subnet".
   • Select the VPC you created.
   • Enter a name for the subnet.
   • Specify an IPv4 CIDR block (e.g., 10.0.1.0/24).
   • Choose an Availability Zone.

4. Create an Internet Gateway:

   • Click on "Internet Gateways" in the VPC Dashboard.
   • Click "Create Internet Gateway".
   • Enter a name for the Internet Gateway.
   • Attach the Internet Gateway to your VPC.

5. Update Route Tables:

   • Click on "Route Tables" in the VPC Dashboard.
   • Select the main route table for your VPC.
   • Click "Edit routes".
   • Add a route with destination 0.0.0.0/0 and target as the Internet Gateway.

6. Configure Security Groups:

   • Click on "Security Groups" in the VPC Dashboard.
   • Click "Create Security Group".
   • Enter a name and description.
   • Select your VPC.
   • Add inbound and outbound rules as needed.

Exercise: Create a VPC with two subnets, one public and one private. The public subnet should have access to the internet, while the private subnet should not.

1. Create a VPC with a CIDR block of 10.0.0.0/16.
2. Create a public subnet with a CIDR block of 10.0.1.0/24.
3. Create a private subnet with a CIDR block of 10.0.2.0/24.
4. Create an Internet Gateway and attach it to the VPC.
5. Update the route table for the public subnet to allow internet access.
6. Create a security group that allows SSH access to instances in the public subnet.

Solution:

• Incorrect CIDR Blocks: Ensure that the CIDR blocks for your subnets do not overlap and are within the range of the VPC's CIDR block.
• Route Table Configuration: Make sure to update the route table for the public subnet to include a route to the Internet Gateway.
• Security Group Rules: Be cautious with security group rules. Allow only necessary traffic to minimize security risks.

In this section, you learned about Amazon VPC and its key components, including subnets, route tables, and security groups. You also learned how to create a VPC and configure it for internet access. This foundational knowledge will help you design and manage your AWS network infrastructure effectively. In the next module, we will explore Elastic Load Balancing and how it can be used to distribute traffic across multiple instances.