19
AWS Basics: What's in a default AWS VPC and how to recreate one.
AWS make it pretty easy to consume their services in the quickest way possible. Once you have created an account and attached a credit card for billing you are pretty much ready to to start building and deploying some really cool stuff.
Some of those AWS services don't need a VPC, object storage though an s3 bucket is a good example or compute, storage, databases, networking and containers through AWS LightSail is also a good example 👇🏼
Some AWS services need to be hosted in a VPC, like production ec2 instances, vpn and direct connect connectivity and all sorts of other services that you want to wrap more control and high availability around.
Having a default VPC makes it pretty easy to programmatically launch AWS services into an existing pre built VPC without needing to know how to build your own AWS VPC with a public and private subnet. Otherwise you would need to know how to do this 👇🏼
There are many AWS partner integrations out there that assume that you have a default VPC if you are deploying their products to AWS.
Every AWS account has one default VPC for each AWS Region (Not sure if that applies to regions that you haven't actually activated yet, doubt it).
When AWS create a default VPC for, they do the following to set it up:
Create a VPC with a size /16 IPv4 CIDR block (172.31.0.0/16). This provides up to 65,536 private IPv4 addresses.
Create a size /20 default subnet in each Availability Zone. This provides up to 4,096 addresses per subnet, a few of which are reserved for our use.
Create an internet gateway and connect it to your default VPC.
Add a route to the main route table that points all traffic (0.0.0.0/0) to the Internet gateway.
Create a default security group and associate it with your default VPC.
Create a default network access control list (ACL) and associate it with your default VPC.
Associate the default DHCP options set for your AWS account with your default VPC.
That list is a great footprint for learning more about creating your own VPC and what should potentially be in it and here is an example schematic:
Your default VPC is also extensible, meaning you add other stuff to it:
Add additional nondefault subnets.
Modify the main route table.
Add additional route tables.
Associate additional security groups.
Update the rules of the default security group.
Add AWS Site-to-Site VPN connections.
Add more IPv4 CIDR blocks.
If you have deleted your default VPC, you can't restore it 😭 but you can easily recreate it 🛠
If you want to re-create a default VPC using the Amazon VPC console, do this:
Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
In the navigation pane, choose Your VPCs.
Choose Actions, Create Default VPC.
Choose Create. Close the confirmation screen.
That was easy!
Or if you want to do it from the AWS CLI
aws ec2 create-default-vpc
There we go, everything you need to know about default VPC's and how to recreate one.
19