Skip to content

Contact sales

By filling out this form and clicking submit, you acknowledge our privacy policy.
  • Labs icon Lab
  • A Cloud Guru
Google Cloud Platform icon

Building a Three-Tier Network VPC from Scratch in AWS

Welcome to this AWS hands-on lab for Building a Three-Tier Network VPC from scratch. This lab provides you with the opportunity to get hands-on experience building and connecting the following components inside AWS: 1) VPC 2) Subnets 3) Internet Gateway 4) Route Tables 5) Nat Gateway 6) Network Access Control Lists (NACLs) These components are the foundation of highly available/fault tolerant networking architecture inside of AWS, while covering concepts such as infrastrucutre, design, routing, and security. The bare-bones architecture we built in this lab is a design you will frequently see when working in AWS. Good luck and enjoy this hands-on lab. Now, go keep learning!

Google Cloud Platform icon

Path Info

Clock icon Intermediate
Clock icon 30m
Clock icon Aug 03, 2020

Contact sales

By filling out this form and clicking submit, you acknowledge our privacy policy.

Table of Contents

  1. Challenge

    Create a VPC

    Create a VPC with the following CIDR Block Range (

    • Navigate to the VPC service in the AWS Console
    • Navigate to "your vpcs"
    • Click on Create VPC
    • Enter VPC name and CIDR block range
    • Create an Internet Gateway and attach it to your VPC.
  2. Challenge

    Create Six Subnets

    Create six subnets in the VPC you just created: one pair of subnets for the DMZ layer, one pair for the App layer, and one pair for the DB layer. Each pair should be split between AZs.

    • In the VPC console, navigate to "subnets".
    • Select "Create subnet".
    • Fill in the form, making sure to select the proper VPC, AZ, and CIDR block range.
    • Repeat five more times to create six total subnets.
  3. Challenge

    Create a NAT Gateway

    Create a NAT Gateway and provide it with a route to the Internet via the public Route Table

    • In the VPC console, navigate to "Nat Gateways"
    • Click on "Create Nat Gateway"
    • Fill out the form, making sure to choose the appropriate subnet AND generating an EIP address
  4. Challenge

    Create Three NACLs and Associate Them with Subnets

    Create three NACLs and associate each to one of the subnet groupings (DMZ, App layer, and DB layer subnets).

    Create three NACLs:

    • In the VPC console, navigate to "Network ACLs".
    • Click on "Create Network ACL".
    • Fill out the form, making sure to select the proper VPC.
    • Repeat twice more to create a total of three NACLs.

    Associate NACLs with subnets:

    • Select one NACL and navigate to the "Subnet Associations" tab.
    • Click on "Edit".
    • Select the two subnets that need to be associated with this NACL.
    • Click "Save".
    • Repeat twice more, associating the remaining NACLs with the remaining subnets.

The Cloud Content team comprises subject matter experts hyper focused on services offered by the leading cloud vendors (AWS, GCP, and Azure), as well as cloud-related technologies such as Linux and DevOps. The team is thrilled to share their knowledge to help you build modern tech solutions from the ground up, secure and optimize your environments, and so much more!

What's a lab?

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Provided environment for hands-on practice

We will provide the credentials and environment necessary for you to practice right within your browser.

Guided walkthrough

Follow along with the author’s guided walkthrough and build something new in your provided environment!

Did you know?

On average, you retain 75% more of your learning if you get time for practice.

Start learning by doing today

View Plans