Featured resource
2025 Tech Upskilling Playbook
Tech Upskilling Playbook

Build future-ready tech teams and hit key business milestones with seven proven plays from industry leaders.

Check it out
  • Lab
    • Libraries: If you want this lab, consider one of these libraries.
    • Cloud
Google Cloud Platform icon
Labs

Configuring a Basic VPC in AWS

In this hands-on lab scenario, you’re a cloud network engineer tasked with setting up the security and network architecture for your organization's production environment. You'll have the opportunity to explore and understand the relationship between networking components. We will create a virtual private cloud (VPC), subnets across multiple availability zones (AZs), routes, and an internet gateway, as well as adding security using security groups and network access control lists (NACLs). These services are the foundation of networking architecture inside of AWS, and this lab will cover concepts such as infrastructure, design, routing, and security.

Google Cloud Platform icon
Lab platform
Lab Info
Level
Intermediate
Last updated
Oct 20, 2025
Duration
1h 45m

Contact sales

By clicking submit, you agree to our Privacy Policy and Terms of Use.
Table of Contents
  1. Challenge

    Create a VPC

    Navigate to the VPC console.

    Note: Do not use the VPC Wizard to create your VPC; instead, configure your VPC from scratch and use the VPC Only option.

    Create a new VPC with the following values:

    • VPC Name: HoLVPC
    • IPv4 CIDR block: 10.0.0.0/16
    • IPv6 CIDR block: No IPv6 CIDR block
    • Tenancy: Default Tenancy

    Note: Windows users who will be using PuTTY will need to enable DNS hostnames for the VPC once it has been created.

  2. Challenge

    Create a Public and Private Subnet

    Build two subnets for your VPC. One will be public to allow access from the internet and one will be private. Ensure you are assigning the valid CIDR blocks when creating your subnets.

    Create Public Subnet

    In the VPC console, create a new subnet with the following values:

    • Name: hol-public-a
    • VPC: Use the VPC ID of HoLVPC
    • Availability Zone: us-east-1a
    • IPv4 CIDR Block: 10.0.1.0/24

    Note: Although the name of our subnet is hol-public-a, it is not actually public until the subnet has a route to an internet gateway. We will set this up later on in the lab.

    Create Private Subnet

    In the VPC console, create a new subnet with the following values:

    • Name: hol-private-b
    • VPC: Use the VPC ID of HoLVPC
    • Availability Zone: us-east-1b
    • IPv4 CIDR Block: 10.0.2.0/24
  3. Challenge

    Create Routes and Internet Gateway

    Auto-Assign Public IPv4 Address

    Automatically request a public IPv4 address for instances launched into the public subnet.

    In the VPC console, enable the Auto-assign public IPv4 address feature for the hol-public-a subnet.

    Configure Internet Gateway

    An internet gateway enables communication over the internet.

    In the VPC console, create a new internet gateway with the name hol-VPCIGW and attach the newly created internet gateway to HoLVPC.

    Configure Routing

    • Create a new route table for HoLVPC to tell traffic in the public subnet, hol-public-a, how to get to the Internet. Use the following values:
      • Name Tag: publicRT
      • VPC: HoLVPC
    • Add a new route to the publicRT route table, with the following values:
      • Destination: 0.0.0.0/0
      • Target: Use the ID of the hol-VPCIGW internet gateway

    Associate with Subnets

    In the VPC console, update the publicRT route table so that the hol-public-a subnet is associated with the public route table and will have access to the internet.

  4. Challenge

    Launch EC2 Instances in the Subnets

    Launch an EC2 Instance in the Public Subnet

    • Navigate to the EC2 service.

    • Launch a new EC2 instance with the following configuration and values:

      • Name: hol-pub-instance
      • Amazon Machine Image (AMI): Use the latest Amazon Linux 2 AMI
      • Architecture: 64-bit (x86)
      • Instance Type: t3.micro
      • Key Pair: Create a new key pair called vpcpubhol
      • VPC: Use the VPC ID of HoLVPC
      • Subnet: Use the hol-public-a subnet
      • Auto-assign public IP: enable
    • While creating the EC2 instance, also create a new security group for the instance called holpubSG.

    • Create a new rule for the security group to allow SSH traffic from the HoLVPC network (10.0.0.0/16) and your own IP address.

    • Launch the new public instance and wait a few minutes for the instance to go into a running state.

    Launch an EC2 Instance in the Private Subnet

    In the EC2 console, launch a new EC2 instance with the following configuration and values:

    • Name: hol-priv-instance

    • Amazon Machine Image (AMI): Use the latest Amazon Linux 2 AMI

    • Architecture: 64-bit (x86)

    • Instance Type: t3.micro

    • Key Pair: Create a new key pair called vpcprivhol

    • VPC: Use the VPC ID of HoLVPC

    • Under Security group name, change the name by typing in holprivSG.

    • Under Description - required, type holprivSG.

    • Under Security Group rule 1, set the following fields:

    • Type: Select ssh

    • Source type: Select Custom

    • Source: Type 10.0.0.0/16

    • Subnet: Use the hol-private-b subnet

    • Auto-assign public IP: disabled

    Access Instances

    After the state on both Instances show as Running and have 2/2 status checks, connect to the EC2 instances using the SSH client of your choice and the key pair for the instance.

    Note: You will be able to connect to the public instance using the assigned public IP address, but to connect to the private instance, you will need to copy the vpcprivhol key to the public instance. From the public instance, using the vpcprivhol key, you will be able to SSH into the private instance with the private IP address.

  5. Challenge

    Add a Network ACL
    • In the VPC console, add the following rule to the Network ACL for the HoLVPC VPC:

      • Rule #: 50
      • Type: All Traffic
      • Source: Use your IP address
      • Allow/Deny: DENY
    • Attempt to connect to your public instance using the SSH client of your choice. You should receive an error message.

    • Update the Network ACL for HoLVPC and remove rule #50.

    • Once again, attempt to connect to your public instance using the SSH client of your choice. You should be able to connect successfully now.

About the author

Pluralsight Skills gives leaders confidence they have the skills needed to execute technology strategy. Technology teams can benchmark expertise across roles, speed up release cycles and build reliable, secure products. By leveraging our expert content, skill assessments and one-of-a-kind analytics, keep up with the pace of change, put the right people on the right projects and boost productivity. It's the most effective path to developing tech skills at scale.

Real skill practice before real-world application

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Learn by doing

Engage hands-on with the tools and technologies you’re learning. You pick the skill, we provide the credentials and environment.

Follow your guide

All labs have detailed instructions and objectives, guiding you through the learning process and ensuring you understand every step.

Turn time into mastery

On average, you retain 75% more of your learning if you take time to practice. Hands-on labs set you up for success to make those skills stick.

Get started with Pluralsight