Build a Network Foundation in AWS

Learn On Demand
Learn On Demand Pro Series

In this hands-on challenge, from IT Pro, you create an Amazon Web Services (AWS) customized virtual private cloud (VPC) with subnets and gateways associated with a configured route table. Network and AWS Engineers, Cloud Specialists, and System Administrators develop foundational private cloud network capabilities.

1 hour
Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »


This hour-long lab teaches you how to make an Amazon Web Services (AWS) virtual private cloud (VPC) and build its networking requirements through new subnets and internet and NAT gateways. Then you customize route tables to associate network traffic with the subnets and gateways created previously. At the end of the lab, you understand the network components necessary for an AWS environment.

Those advanced learners with fundamental knowledge about the cloud and networking services have the background to succeed in this lab. Participants must set a full hour to complete the lab as they cannot return to work in progress. This challenge sets up a new AWS cloud environment and requires users to create network resources. Learners have options to use Amazon’s VPC Wizard, GUI, or Amazon’s command-line interface (CLI) during the lab tasks. So, the lab fosters different approaches to setting up parts of the VPC network.

System Administrators and Network Engineers benefit greatly in demonstrating knowledge about how to set up a VPC. Companies set up VPCs to secure data between customers and to save costs. Only when someone uses a business’ VPC does that business gets charged. Since VPC’s operate on an as-needed basis, the configurations take up less computing power. The benefits rely on correct VPC configurations and hands-on knowledge.

Understanding the Scenario:

You are a system administrator for a company that is establishing a new Amazon Web Services (AWS) environment. You need to create a VPC and subnets that provide high availability by using multiple availability zones in a region. Your customized network must adhere to AWS best practices. First, you will use the VPC Wizard to create a network foundation of a VPC, an internet gateway (IGW), a NAT gateway, and two subnets in a single availability zone. Next, you will create two additional subnets in a second availability zone. Finally, you will create and associate route tables with your subnets.

Create a New VPC:

This lab exercise instructs you to create a VPC and an IPv4 CIDR block. A Classless Interdomain Routing (CIDR) allocates IP addresses more efficiently, to particular computers. Also, you familiarize yourself with the VPC dashboard and functionality. At the end of this module, you define the network address space when creating your VPC. AWS makes this network space elastic, meaning you do not have to consider VPC resources that sit idle, as you would in a physical data center.

Create the VPC Subnets:

In this section of the challenge, you make public and private subnets placed in different availability zones (AZ). A subnet comprises a subset of VPC network addresses that balance traffic and improve security. If you decide to use the wizard, AWS proceeds to create a public VPC subnet. You can delete this one and add those specified by the lab instructions. To finish this section, you put one of your private and public subnets in other availability zones. Assigning subnets to different AZ creates network redundancy in case of the AWS servers, in a particular zone, go offline.

Create the VPC Gateways:

You attach an Internet gateway to a VPC through using an elastic IP address. Then you create a Network Address Translation (NAT) gateway to function within a public subnet. The Internet Gateway acts as a pathway used by network packets between the VPC and the internet. An elastic IP address quickly remaps your cloud connection with the internet upon failure.

A NAT acts as a local area network, allowing multiple instances on the private cloud. For example, a company, customers, and a vendor could all communicate data over a NAT gateway. Building the NAT gateway takes about three minutes.

Configure Route Tables:

In this last lab exercise, you customize private and public route tables to direct network packets through a rule set. Here you associate the subnets and gateways constructed in the previous lab modules. Note that you need to create a public route table for your internet gateway. A private route table does not allow any outbound transmission to the internet.


You have demonstrated that you can build a network foundation in AWS through the successful completion of this lab. You:

  • Created a custom VPC with public and private subnet and internet and NAT gateways.
  • Configured route tables to direct traffic through subnets and gateways.

You know how to secure network traffic and keep down costs through AWS VPC.