Did this page help you? Yes No Tell us about it...

Get Started with Amazon VPC

Amazon Virtual Private Cloud enables you to create a virtual network topology—including subnets and routing—for your Amazon Elastic Compute Cloud (EC2) resources.

If you're familiar with Amazon EC2, you know that each instance you launch is randomly assigned a public IP address in the Amazon EC2 address space. Amazon VPC enables you to create an isolated portion of the Amazon Web Services (AWS) cloud—a VPC—and launch Amazon EC2 instances that have private (RFC 1918) addresses in the range of your choice (e.g., 10.0.0.0/16). You can define subnets within your VPC that enable you to group similar kinds of instances based on IP address range.

You can attach different types of gateways to your VPC to enable communication with the Internet or with your home network (over an IPsec VPN tunnel). You can set up routing and security to control the flow of traffic in and out of the instances and subnets.

This guide gives you a hands-on introduction to using Amazon VPC through the AWS Management Console. The exercise in this guide walks you through a simple scenario in which you set up a VPC with a single public subnet containing a running instance with an Elastic IP address. The following flow diagram shows the tasks you complete:

Overview of the Exercise

The following diagram and table summarize the tasks you perform in the exercise in this guide.

	Create a VPC, which is an isolated portion of the AWS cloud.
	Create and attach an Amazon VPC Internet gateway, which connects your VPC directly to the Internet and provides access to other AWS resources such as Amazon Simple Storage Service (Amazon S3).
	Create an Amazon VPC subnet, which is a segment of a VPC's IP address range that you launch Amazon EC2 instances into. Subnets enable you to group instances based on your security and operational needs.
	Set up routing in the VPC to enable traffic to flow between the subnet and the Internet.
	Set up a security group to control the inbound and outbound traffic for the instances you launch.
	Launch an instance in the subnet (either a Linux/UNIX instance or Windows instance depending on your preference). The instance has a private IP address from the subnet's range of addresses.
	Assign an Elastic IP address to the instance. An Elastic IP address is a static, public address you can assign to any instance in your VPC. This assignment gives the instance a public IP address in addition to its private address. For an instance in your VPC to be reachable from the Internet, it must have an Elastic IP address.

After you complete the tasks in this exercise, you have a VPC with a running instance in it. You can connect to the instance from your home network using SSH (for a Linux/UNIX instance) or Remote Desktop (for a Windows instance). Because you've added an Elastic IP address to the otherwise private instance, the instance can be reached from the Internet (e.g., it could act as a web server). The security group that you've put the instance in opens only specific ports on the instance, effectively locking it down according to the rules you specify.

	Important
	Amazon VPC doesn't have a sandbox. When you do the exercise in this guide, you're charged the normal AWS rates for the Amazon EC2 instances you launch. (The charges are minimal—typically less than a few dollars.) For information about how you're charged for Amazon EC2 instances, go to the Amazon EC2 product page.

	Tip
	Two alternative versions of the scenario presented here include an IPsec VPN connection from your VPC to your data center, either instead of or in addition to the Internet gateway. To learn more about using a VPN connection with your VPC, go to Adding an IPsec Hardware Virtual Private Gateway to Your VPC in the Amazon Virtual Private Cloud User Guide.

To start, click the following Get Started button.

Document Conventions
Terms of Use

Did this page help you? Yes No Tell us about it...