AWS Virtual Private Cloud (VPC) Creation Lab Report
Student: Alex Johnson
Date: September 25, 2025
Course: Cloud Computing Infrastructure
Assignment: Creating a Virtual Private Cloud for BitBeat Startup
Introduction and Overview
In this lab, I successfully created and configured an Amazon Virtual Private Cloud (VPC) for BitBeat, a fictional music startup
developing a web-based music mixer application called BitBanger. The goal was to establish a secure, scalable cloud
infrastructure that can host both public-facing web services and private backend resources.
What is a VPC?
A Virtual Private Cloud (VPC) is a virtual network dedicated to your AWS account that is logically isolated from other
virtual networks in the AWS Cloud. It provides complete control over your virtual networking environment, including
selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways. A
VPC enables you to launch AWS resources in a virtual network that you've defined, giving you the security and
isolation of a private network while leveraging the scalability and reliability of AWS infrastructure.
Step-by-Step Implementation
Step 1: Creating the VPC
I began by accessing the AWS Management Console and navigating to the VPC Dashboard. From there, I clicked on
"Your VPCs" and then "Create VPC" to start building the foundation of BitBeat's network infrastructure.
📸 Screenshot: AWS VPC Dashboard showing the "Create VPC" button and navigation menu
What I did: I configured the VPC with the following settings to meet BitBeat's requirements:
Setting Value Reason
VPC Name MyVPC Clear identification for the BitBeat infrastructure
IPv4 CIDR Block [Link]/16 Provides approximately 65,536 IP addresses for future growth
IPv6 CIDR Block No IPv6 CIDR Block IPv4 is sufficient for current requirements
Tenancy Default Cost-effective shared hardware option
📸 Screenshot: VPC creation form with all configuration values filled in as specified above
After clicking "Create," I successfully established the foundational network layer for BitBeat's cloud infrastructure. This
VPC will serve as the isolated environment where all company resources will be deployed.
Step 2: Creating the Public Subnet
Next, I created a public subnet that will host BitBeat's web servers and other internet-facing resources. I navigated to the
Subnets section in the VPC Dashboard and clicked "Create Subnet."
📸 Screenshot: Subnet creation interface showing the subnet configuration form
What I did: I configured the public subnet with these specifications:
Name tag: Public Subnet 1
VPC: Selected MyVPC from the dropdown
Availability Zone: Left as "No Preference" for AWS optimization
IPv4 CIDR Block: [Link]/24 (provides 256 IP addresses)
This subnet will contain resources that need direct internet access, such as web servers, load balancers, and NAT
gateways. The /24 CIDR block gives us 254 usable IP addresses (AWS reserves 5 addresses in each subnet).
Screenshot: Successfully created public subnet showing in the subnets list with correct CIDR and VPC
📸 association
Step 3: Creating the Private Subnet
I then created a private subnet to house BitBeat's backend services, databases, and other internal resources that should
not be directly accessible from the internet.
📸 Screenshot: Private subnet creation form with configuration details
What I did: Following the same process as the public subnet, I configured:
Name tag: Private Subnet 1
VPC: MyVPC
IPv4 CIDR Block: [Link]/24
This private subnet provides an additional layer of security by isolating sensitive backend resources from direct
internet access. Resources in this subnet can only communicate with the internet through NAT gateways or instances
located in the public subnet.
Screenshot: Both subnets now visible in the subnets dashboard, showing public and private subnets with
📸 their respective CIDR blocks
Step 4: Creating the Internet Gateway
To enable internet connectivity for BitBeat's public-facing services, I created an Internet Gateway. This component
allows communication between instances in the VPC and the internet.
📸 Screenshot: Internet Gateway creation page with name field and create button
What I did: I navigated to "Internet Gateways" in the VPC Dashboard and created a new gateway:
Name tag: MyVPC_IG
Clicked "Create" to establish the gateway
Initially, the Internet Gateway shows a "detached" state because it hasn't been associated with any VPC yet. This is
the expected behavior before attachment.
📸 Screenshot: Newly created Internet Gateway showing "detached" state in the dashboard
Step 5: Attaching Internet Gateway to VPC
The Internet Gateway must be attached to our VPC to function. I selected the gateway and used the Actions menu to
attach it to MyVPC.
📸 Screenshot: Actions menu showing "Attach to VPC" option for the selected Internet Gateway
What I did:
1. Selected the MyVPC_IG Internet Gateway
2. Clicked Actions → Attach to VPC
3. Selected "MyVPC" from the dropdown list
4. Clicked "Attach" to complete the connection
After attachment, the gateway state changed from "detached" to "attached," indicating successful integration with our
VPC infrastructure.
📸 Screenshot: Internet Gateway now showing "attached" state with MyVPC association
Step 6: Creating Public Route Table
To enable internet access for resources in the public subnet, I needed to create a custom route table that directs internet-
bound traffic to the Internet Gateway.
📸 Screenshot: Route Table creation form with name and VPC selection fields
What I did: I created a new route table specifically for public subnet routing:
Name tag: MyVPC Public Route Table
VPC: Selected MyVPC
This route table will contain the routing rules that determine where network traffic is directed. By default, it includes a
local route for VPC internal communication.
📸 Screenshot: Successfully created route table showing in the route tables list
Step 7: Configuring Routes for Internet Access
I edited the route table to add a route that directs all internet traffic ([Link]/0) to the Internet Gateway, enabling
resources in the public subnet to communicate with the internet.
📸 Screenshot: Route table editing interface showing existing local route and the option to add new routes
What I did:
1. Selected the Public Route Table and clicked on the "Routes" tab
2. Clicked "Edit Routes" to modify the routing configuration
3. Added a new route with:
Destination: [Link]/0 (all internet traffic)
Target: Internet Gateway → MyVPC_IG
4. Saved the routes to apply the configuration
This configuration creates a pathway for any traffic destined for internet addresses to be routed through our Internet
Gateway, while keeping local VPC traffic within the network.
📸 Screenshot: Route table showing both the local VPC route and the new internet gateway route ([Link]/0)
Step 8: Associating Route Table with Public Subnet
The final step was to associate the public route table with the public subnet, ensuring that resources launched in the public
subnet can access the internet through our configured routing.
📸 Screenshot: Subnet associations tab showing no current associations for the public route table
What I did:
1. With the Public Route Table selected, I clicked on the "Subnet Associations" tab
2. Clicked "Edit subnet associations"
3. Selected the checkbox next to "Public Subnet 1"
4. Clicked "Save" to establish the association
This association ensures that any EC2 instances or other resources launched in the public subnet will
automatically use this route table for their network traffic, giving them internet connectivity through the Internet
Gateway.
Screenshot: Completed subnet association showing Public Subnet 1 now associated with the Public Route
📸 Table
Technical Analysis and Learning Outcomes
VPC Architecture Understanding
Through this lab, I gained hands-on experience with the fundamental components of AWS networking. The VPC serves as the
foundation layer, providing network isolation and security boundaries. Within this isolated environment, I learned how subnets
create logical divisions for different types of resources based on their internet accessibility requirements.
Security Implications
The separation between public and private subnets creates a multi-tier security architecture. Web servers in the public subnet
can serve customer requests directly, while sensitive backend systems in the private subnet remain protected from direct
internet access. This design follows security best practices by implementing defense in depth.
Routing and Connectivity
I learned that route tables are the traffic control mechanism of VPCs. Without proper routing configuration, even resources in
public subnets cannot reach the internet. The [Link]/0 route acts as a default gateway, directing all non-local traffic to the
Internet Gateway for external communication.
Key Technical Concepts Learned:
CIDR Notation: Understanding how /16 and /24 blocks define network size and IP address ranges
Route Tables: How routing rules determine traffic flow within and outside the VPC
Internet Gateways: The role of IGW as the VPC's connection point to the internet
Subnet Types: Functional differences between public and private subnets
Network Segmentation: Using subnets to isolate different tiers of an application
Challenges and Problem-Solving
During this lab, I encountered a few learning moments that enhanced my understanding:
Initial Confusion with Route Tables: At first, I didn't understand why the public subnet couldn't access the internet even after
creating the Internet Gateway. I learned that the gateway must be both attached to the VPC AND properly configured in the
route table. This taught me that AWS networking requires explicit configuration at multiple levels.
CIDR Block Planning: Choosing the right CIDR blocks required careful consideration of future growth. The /16 VPC block
gives BitBeat room for expansion, while /24 subnets provide adequate IP addresses for each tier without waste.
Subnet Association: I initially missed the subnet association step and wondered why my routing wasn't working. This
reinforced the importance of connecting all network components properly - creating them isn't enough; they must be associated
correctly.
Conclusion and Reflection
Successfully completing this VPC creation lab gave me practical experience with foundational AWS networking
concepts. I now understand how to architect a basic multi-tier network infrastructure in the cloud that provides both
internet connectivity and security isolation.
What I Accomplished:
Created a fully functional VPC with proper IP address planning
Implemented network segmentation using public and private subnets
Configured internet connectivity through an Internet Gateway
Set up proper routing for external communication
Established the foundation for BitBeat's cloud infrastructure
Next Steps: This infrastructure now provides the foundation for deploying BitBeat's web application. Future
enhancements would include adding NAT gateways for private subnet internet access, implementing security groups
for instance-level firewalls, and adding load balancers for high availability.
This hands-on experience has significantly improved my understanding of cloud networking fundamentals and
prepared me to work with more complex AWS architectures in future projects.
Lab completed on September 25, 2025 | Total time: Approximately 60 minutes
