Software development
Artificial Intelligence
Cloud
View all courses
Learn
Connect
Blog
Resource hub
Featured resource
2025 Tech Upskilling Playbook
Tech Upskilling Playbook

Build future-ready tech teams and hit key business milestones with seven proven plays from industry leaders.

Check it out
  • Lab
    • Libraries: If you want this lab, consider one of these libraries.
Google Cloud Platform icon
Labs

Build a Three-Tier Network VPC from Scratch in AWS

In this lab, learners build a three-tier VPC network architecture (web, application, database) from scratch. The focus is on CIDR planning, routing behavior, NAT-based egress, and NACL-based traffic control. ## Scenario Your organization is migrating a legacy three-tier web application to AWS. As the network engineer, you are responsible for designing the foundational VPC networking layer before any application teams deploy compute or databases. The security team has mandated the following: - Clear network segmentation between web, application, and database tiers - No direct internet access to application or database tiers - Controlled outbound-only internet access for patching and updates - Stateless network controls to complement security groups You must deliver a minimal but production-aligned VPC design that meets these requirements and can scale later without redesign.

Get started Contact sales
Google Cloud Platform icon
Lab platform
Lab Info
Level
Advanced
Last updated
Jan 13, 2026
Duration
30m

Contact sales

By clicking submit, you agree to our Privacy Policy and Terms of Use, and consent to receive marketing emails from Pluralsight.
Table of Contents

  1. Challenge

    Objective One: Create VPC

    Create a new VPC with a 10.0.0.0/16 CIDR block in the us-east-1 Region

  2. Challenge

    Objective Two: Create Subnets

    Create six total subnets across two availability zones with /27 CIDR blocks:

    • Two public
    • Two app
    • Two database

  3. Challenge

    Objective Three: Configure IGW and NAT Gateway
    • Create and attach an Internet Gateway to the VPC
    • Create a Regional NAT Gateway to enable internet connectivity for the VPC

  4. Challenge

    Objective Four: Configure Route Tables

    Create three route tables:

    • Public
    • App
    • Database

    Add the appropriate routes to Internet Gateway for the public subnets, and routes to the NAT Gateway for the app tier subnets. The database subnets should not have internet access.

    Associate each tier of subnets accordingly.

  5. Challenge

    Objective Five: Configure Network ACLs

    Create three Network ACLs, one for each of the subnet tiers:

    • Public
    • App
    • Database

    Add stateless inbound and outbound rules to control traffic flow at the subnet level.

    Public Rules

    • Outbound: Allow all traffic to any destination
    • Inbound: Allow all traffic from any source

    App Rules

    • Outbound: Allow all traffic to any destination
    • Inbound: Allow all traffic from ephemeral ports (1024-65535). Allow all traffic from VPC CIDR block.

    Database Rules

    • Outbound: Allow all traffic to any destination
    • Inbound: Allow MySQL/Aurora traffic from the app tier CIDR blocks only

  6. Challenge

    Objective Six: Validate Traffic Flow

    Create EC2 instances in all three tiers with SSM access using the provided IAM role and instance profile (Example: test-StartingRoleInstanceProfile-8zkcxy9E1RpG) to test and validate connectivity and routing through the three-tier architecture.

About the author
Pluralsight Skills - Labs - Pluralsight
Pluralsight Skills

Pluralsight Skills gives leaders confidence they have the skills needed to execute technology strategy. Technology teams can benchmark expertise across roles, speed up release cycles and build reliable, secure products. By leveraging our expert content, skill assessments and one-of-a-kind analytics, keep up with the pace of change, put the right people on the right projects and boost productivity. It's the most effective path to developing tech skills at scale.

Real skill practice before real-world application

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Learn by doing

Engage hands-on with the tools and technologies you’re learning. You pick the skill, we provide the credentials and environment.

Follow your guide

All labs have detailed instructions and objectives, guiding you through the learning process and ensuring you understand every step.

Turn time into mastery

On average, you retain 75% more of your learning if you take time to practice. Hands-on labs set you up for success to make those skills stick.

Get started with Pluralsight

View individual plans View team plans
Related Pages