Get started with Default VPC in AWS

Overview

A Virtual Private Cloud (VPC) is a virtual network dedicated to your AWS account. It allows you to launch Amazon Web Services (AWS) resources into a virtual network that you've defined. When we talk about a "Default VPC," we are referring to the VPC that AWS automatically creates for your account upon setup. Your Amazon Web Services account, if it was created after 2013-12-04, has a default VPC in each AWS Region, so users can deploy instances (virtual servers) directly without having to create and configure a new VPC first.

Key characteristics and components of a default VPC:

Components:

  1. VPC:

    • A logically isolated section of the AWS cloud with your own IP address range.
  2. Subnets:

    • Each default VPC includes a main route table, network access control list (ACL), and security group.

    • One public subnet per Availability Zone is created, ensuring that resources can be automatically distributed across multiple locations.

  3. Internet Gateway:

    • An Internet Gateway (IGW) is created and attached to your default VPC, allowing instances within the VPC to directly access the internet.
  4. Route Tables:

    • A main route table is associated with the default VPC which has a rule directing traffic to the internet gateway.
  5. Network Access Control Lists and Security Groups:

    • Default NACLs and security groups are configured with basic rules to allow traffic.
  6. IP Addressing:

    • AWS assigns a private IPv4 address from the CIDR range of your default VPC to each instance.

Characteristics:

  1. Ease of Use:

    • Designed to allow users to begin deploying AWS resources like EC2 instances immediately, without needing to build and configure a custom VPC.
  2. Connectivity:

    • Instances that you launch into a default VPC can communicate with the internet, given that they are automatically assigned a private and a public IP address.
  3. Access Control:

    • You have complete control over the virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways.
  4. Default and Custom VPC Differences:

    • Unlike custom VPCs, default VPCs come pre-configured to allow instances to communicate with the internet.

    • Security groups and network ACLs in a default VPC allow all inbound and outbound traffic.

  5. Backward Compatibility:

    • Designed to be compatible with EC2-Classic instances, providing a smooth migration path to a more robust networking model.

Benefits:

  • The default VPC simplifies the process of deploying services and instances within AWS by providing a ready-to-use networking environment.

  • It allows users to focus on instance deployment without worrying about initial network setup and configuration.

  • Ensures that user is utilizing the capabilities of Amazon VPC from the start.

The default VPC is very helpful for new AWS users or scenarios where a simplified networking setup is sufficient. However, for more complex or specific network setups, creating custom VPCs is necessary.

Default VPC components

When AWS create a default VPC, they do the following to set it up for customer:

  • Create a VPC with a size /16 IPv4 CIDR block (172.31.0.0/16). This provides up to 65,536 private IPv4 addresses.

  • Create a size /20 default subnet in each Availability Zone. This provides up to 4,096 addresses per subnet, a few of which are reserved for our use.

  • Create an internet gateway and connect it to your default VPC.

  • Add a route to the main route table that points all traffic (0.0.0.0/0) to the internet gateway.

  • Create a default security group and associate it with your default VPC.

  • Create a default network access control list (ACL) and associate it with your default VPC.

  • Associate the default DHCP options set for your AWS account with your default VPC.

The following figure illustrates the key components that AWS set up for a default VPC.

Default subnets

By default, a default subnet is a public subnet, because the main route table sends the subnet's traffic that is destined for the internet to the internet gateway. You can make a default subnet into a private subnet by removing the route from the destination 0.0.0.0/0 to the internet gateway. However, if you do this, no EC2 instance running in that subnet can access the internet.

Instances that you launch into a default subnet receive both a public IPv4 address and a private IPv4 address, and both public and private DNS hostnames. Instances that you launch into a nondefault subnet in a default VPC don't receive a public IPv4 address or a DNS hostname. You can change your subnet's default public IP addressing behavior. For more information, see Modify the public IPv4 addressing attribute for your subnet.

View your default VPC and default subnets

You can view your default VPC and subnets using the Amazon VPC console or the command line.

To view your default VPC and subnets using the console
  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

  2. In the navigation pane, choose Your VPCs.

  3. In the Default VPC column, look for a value of Yes. Take note of the ID of the default VPC.

  4. In the navigation pane, choose Subnets.

  5. In the search bar, type the ID of the default VPC. The returned subnets are subnets in your default VPC.

  6. To verify which subnets are default subnets, look for a value of Yes in the Default Subnet column.

Describing the Default VPC via AWS CLI

To describe the default VPC in a specific region using the AWS CLI, you can use the describe-vpcs command and filter the results to show only the default VPC. Here's an example of how you might use this command:

aws ec2 describe-vpcs --query 'Vpcs[?IsDefault==`true`]'

Explanation:

  • aws ec2 describe-vpcs: This is the AWS CLI command that retrieves information about your VPCs.

  • --query 'Vpcs[?IsDefault==true]': This is a JMESPath query string that filters the results to show only those VPCs where the IsDefault attribute is true.

Note:

Ensure that the AWS CLI is configured with the required access credentials and default region to execute the commands. If not configured, you might need to specify the region in your AWS CLI command using --region flag, like so:

aws ec2 describe-vpcs --query 'Vpcs[?IsDefault==`true`]' --region us-west-1

Remember to replace "us-west-1" with your desired AWS region.

Create a default VPC

If you delete your default VPC, you can create a new one. You cannot restore a previous default VPC that you deleted, and you cannot mark an existing nondefault VPC as a default VPC.

When you create a default VPC, it is created with the standard components of a default VPC, including a default subnet in each Availability Zone. You cannot specify your own components. The subnet CIDR blocks of your new default VPC may not map to the same Availability Zones as your previous default VPC. For example, if the subnet with CIDR block 172.31.0.0/20 was created in us-east-2a in your previous default VPC, it may be created in us-east-2b in your new default VPC.

If you already have a default VPC in the Region, you cannot create another one.

To create a default VPC using the console
  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

  2. In the navigation pane, choose Your VPCs.

  3. Choose Actions, Create Default VPC.

  4. Choose Create. Close the confirmation screen.

To create a default VPC using the command line

You can use the create-default-vpc AWS CLI command. This command does not have any input parameters.

aws ec2 create-default-vpc

Create a default subnet

You can create a default subnet in an Availability Zone that does not have one. For example, you might want to create a default subnet if you have deleted a default subnet, or if AWS has added a new Availability Zone and did not automatically create a default subnet for that zone in your default VPC.

When you create a default subnet, it is created with a size /20 IPv4 CIDR block in the next available contiguous space in your default VPC. The following rules apply:

  • You cannot specify the CIDR block yourself.

  • You cannot restore a previous default subnet that you deleted.

  • You can have only one default subnet per Availability Zone.

  • You cannot create a default subnet in a nondefault VPC.

If there is not enough address space in your default VPC to create a size /20 CIDR block, the request fails. If you need more address space, you can add an IPv4 CIDR block to your VPC.

If you've associated an IPv6 CIDR block with your default VPC, the new default subnet does not automatically receive an IPv6 CIDR block. Instead, you can associate an IPv6 CIDR block with the default subnet after you create it. For more information, see Add an IPv6 CIDR block to your subnet.

You cannot create a default subnet using the AWS Management Console.

To create a default subnet using the AWS CLI

Use the create-default-subnet AWS CLI command and specify the Availability Zone in which to create the subnet.

aws ec2 create-default-subnet --availability-zone us-east-2a

References

  1. Default VPCs

  2. How do I create, delete, or restore a default VPC in Amazon VPC?

  3. Video instruction