Guided Walkthroughs

Configuration Packages

By Implementation

Service Control PoliciesConfig RulesAuto Remediation RulesConformance PacksAmazon GuardDutyAmazon InspectorAWS Security HubAWS Network FirewallRoute53 Resolver SecurityAmazon MacieS3 Bucket PoliciesCloudWatch Alarms and Event RulesAWS WAFAWS Secrets ManagerAWS Systems ManagerSecurity Groups & NACLsAWS KMSAWS SSOIAM PoliciesVPC Endpoint PoliciesCloudFormation Guard RulesLoad BalancersRDS Event SubscriptionsAWS Resource Access Manager (RAM)

By Service Protected

Reference Guides

Other

Guided Walkthroughs

Configuration Packages

By Service Protected

By Implementation

Reference Guides

Other

Guided Walkthroughs

Amazon VPC Configuration Guide

Overview

This guided walkthrough includes configuration for the following:

  • Create new or update an existing VPC 
  • Configure VPC Flow Logs and/or DNS Logging using Route53 Resolver Query Logging feature
  • Create VPC Endpoint(s)
  • Configure VPC Peering with existing VPCs in the same or different AWS accounts
  • Configure Site-to-Site VPN tunnels

A premium subscription is required for this content


Configuration

Account & Environment
VPC Architecture
Logging
VPC Endpoints
Site-to-Site VPN
VPC Peering
Or

Account Summary

Select AWS account and region to display account summary
Hide Info

AWS Account/Region

Select the AWS account and region in which you wish to deploy this configuration. By selecting an AWS account and region, existing VPCs in the account can be referenced directly in the configuration.

Create New VPC

Specify whether to create a new VPC or select an existing VPC to be updated with the configuration settings available in this guide.

Deploy

VPC Configuration

Items
39
Size
8.3 KB
AWSTemplateFormatVersion: "2010-09-09"
Description: ""
Resources:
  Vpc:
    Type: "AWS::EC2::VPC"
    Properties:
      CidrBlock: "10.0.0.0/16"
      EnableDnsHostnames: true
      EnableDnsSupport: true
      InstanceTenancy: "default"
  VpcSubnet0:
    Type: "AWS::EC2::Subnet"
    Properties:
      CidrBlock: "10.0.0.0/24"
      MapPublicIpOnLaunch: false
      VpcId:
        Ref: "Vpc"
      AvailabilityZone:
        Fn::Select:
          - "0"
          - Fn::GetAZs:
              Ref: "AWS::Region"
      Tags:
        - Key: "Name"
          Value: "Public Subnet 1"
  VpcSubnet1:
    Type: "AWS::EC2::Subnet"
    Properties:
      CidrBlock: "10.0.1.0/24"
      MapPublicIpOnLaunch: false
      VpcId:
        Ref: "Vpc"
      AvailabilityZone:
        Fn::Select:
          - "1"
          - Fn::GetAZs:
              Ref: "AWS::Region"
      Tags:
        - Key: "Name"
          Value: "Public Subnet 2"
  VpcSubnet2:
    Type: "AWS::EC2::Subnet"
    Properties:
      CidrBlock: "10.0.2.0/24"
      MapPublicIpOnLaunch: false
      VpcId:
        Ref: "Vpc"
      AvailabilityZone:
        Fn::Select:
          - "2"
          - Fn::GetAZs:
              Ref: "AWS::Region"
      Tags:
        - Key: "Name"
          Value: "Public Subnet 3"
  VpcSubnet3:
    Type: "AWS::EC2::Subnet"
    Properties:
      CidrBlock: "10.0.10.0/24"
      MapPublicIpOnLaunch: false
      VpcId:
        Ref: "Vpc"
      AvailabilityZone:
        Fn::Select:
          - "0"
          - Fn::GetAZs:
              Ref: "AWS::Region"
      Tags:
        - Key: "Name"
          Value: "Private Subnet 1"
  VpcSubnet4:
    Type: "AWS::EC2::Subnet"
    Properties:
      CidrBlock: "10.0.11.0/24"
      MapPublicIpOnLaunch: false
      VpcId:
        Ref: "Vpc"
      AvailabilityZone:
        Fn::Select:
          - "1"
          - Fn::GetAZs:
              Ref: "AWS::Region"
      Tags:
        - Key: "Name"
          Value: "Private Subnet 2"
  VpcSubnet5:
    Type: "AWS::EC2::Subnet"
    Properties:
      CidrBlock: "10.0.12.0/24"
      MapPublicIpOnLaunch: false
      VpcId:
        Ref: "Vpc"
      AvailabilityZone:
        Fn::Select:
          - "2"
          - Fn::GetAZs:
              Ref: "AWS::Region"
      Tags:
        - Key: "Name"
          Value: "Private Subnet 3"
  VpcSubnet6:
    Type: "AWS::EC2::Subnet"
    Properties:
      CidrBlock: "10.0.20.0/24"
      MapPublicIpOnLaunch: false
      VpcId:
        Ref: "Vpc"
      AvailabilityZone:
        Fn::Select:
          - "0"
          - Fn::GetAZs:
              Ref: "AWS::Region"
      Tags:
        - Key: "Name"
          Value: "Protected Subnet 1"
  VpcSubnet7:
    Type: "AWS::EC2::Subnet"
    Properties:
      CidrBlock: "10.0.21.0/24"
      MapPublicIpOnLaunch: false
      VpcId:
        Ref: "Vpc"
      AvailabilityZone:
        Fn::Select:
          - "1"
          - Fn::GetAZs:
              Ref: "AWS::Region"
      Tags:
        - Key: "Name"
          Value: "Protected Subnet 2"
  VpcSubnet8:
    Type: "AWS::EC2::Subnet"
    Properties:
      CidrBlock: "10.0.22.0/24"
      MapPublicIpOnLaunch: false
      VpcId:
        Ref: "Vpc"
      AvailabilityZone:
        Fn::Select:
          - "2"
          - Fn::GetAZs:
              Ref: "AWS::Region"
      Tags:
        - Key: "Name"
          Value: "Protected Subnet 3"
  VpcIgw:
    Type: "AWS::EC2::InternetGateway"
    Properties: {}
  VpcIgwAttachment:
    Type: "AWS::EC2::VPCGatewayAttachment"
    Properties:
      InternetGatewayId:
        Ref: "VpcIgw"
      VpcId:
        Ref: "Vpc"
  VpcEipNatGw0:
    Type: "AWS::EC2::EIP"
    Properties:
      Domain: "vpc"
  VpcNatGw0:
    Type: "AWS::EC2::NatGateway"
    Properties:
      SubnetId:
        Ref: "VpcSubnet0"
      ConnectivityType: "public"
      AllocationId:
        Fn::GetAtt:
          - "VpcEipNatGw0"
          - "AllocationId"
  VpcRouteTable0:
    Type: "AWS::EC2::RouteTable"
    Properties:
      VpcId:
        Ref: "Vpc"
      Tags:
        - Key: "Name"
          Value: "Public Route Table"
  VpcRouteTable0Assoc0:
    Type: "AWS::EC2::SubnetRouteTableAssociation"
    Properties:
      RouteTableId:
        Ref: "VpcRouteTable0"
      SubnetId:
        Ref: "VpcSubnet0"
  VpcRouteTable0Assoc1:
    Type: "AWS::EC2::SubnetRouteTableAssociation"
    Properties:
      RouteTableId:
        Ref: "VpcRouteTable0"
      SubnetId:
        Ref: "VpcSubnet1"
  VpcRouteTable0Assoc2:
    Type: "AWS::EC2::SubnetRouteTableAssociation"
    Properties:
      RouteTableId:
        Ref: "VpcRouteTable0"
      SubnetId:
        Ref: "VpcSubnet2"
  VpcRouteTable0VpcRoute0:
    Type: "AWS::EC2::Route"
    Properties:
      DestinationCidrBlock: "0.0.0.0/0"
      RouteTableId:
        Ref: "VpcRouteTable0"
      GatewayId:
        Ref: "VpcIgw"
  VpcRouteTable1:
    Type: "AWS::EC2::RouteTable"
    Properties:
      VpcId:
        Ref: "Vpc"
      Tags:
        - Key: "Name"
          Value: "Private Route Table 1"
  VpcRouteTable1Assoc3:
    Type: "AWS::EC2::SubnetRouteTableAssociation"
    Properties:
      RouteTableId:
        Ref: "VpcRouteTable1"
      SubnetId:
        Ref: "VpcSubnet3"
  VpcRouteTable1VpcRoute0:
    Type: "AWS::EC2::Route"
    Properties:
      DestinationCidrBlock: "0.0.0.0/0"
      RouteTableId:
        Ref: "VpcRouteTable1"
      NatGatewayId:
        Ref: "VpcNatGw0"
  VpcRouteTable2:
    Type: "AWS::EC2::RouteTable"
    Properties:
      VpcId:
        Ref: "Vpc"
      Tags:
        - Key: "Name"
          Value: "Private Route Table 2"
  VpcRouteTable2Assoc4:
    Type: "AWS::EC2::SubnetRouteTableAssociation"
    Properties:
      RouteTableId:
        Ref: "VpcRouteTable2"
      SubnetId:
        Ref: "VpcSubnet4"
  VpcRouteTable2VpcRoute0:
    Type: "AWS::EC2::Route"
    Properties:
      DestinationCidrBlock: "0.0.0.0/0"
      RouteTableId:
        Ref: "VpcRouteTable2"
      NatGatewayId:
        Ref: "VpcNatGw0"
  VpcRouteTable3:
    Type: "AWS::EC2::RouteTable"
    Properties:
      VpcId:
        Ref: "Vpc"
      Tags:
        - Key: "Name"
          Value: "Private Route Table 3"
  VpcRouteTable3Assoc5:
    Type: "AWS::EC2::SubnetRouteTableAssociation"
    Properties:
      RouteTableId:
        Ref: "VpcRouteTable3"
      SubnetId:
        Ref: "VpcSubnet5"
  VpcRouteTable3VpcRoute0:
    Type: "AWS::EC2::Route"
    Properties:
      DestinationCidrBlock: "0.0.0.0/0"
      RouteTableId:
        Ref: "VpcRouteTable3"
      NatGatewayId:
        Ref: "VpcNatGw0"
  VpcRouteTable4:
    Type: "AWS::EC2::RouteTable"
    Properties:
      VpcId:
        Ref: "Vpc"
      Tags:
        - Key: "Name"
          Value: "Private Route Table NaN"
  VpcRouteTable4AssocNaN:
    Type: "AWS::EC2::SubnetRouteTableAssociation"
    Properties:
      RouteTableId:
        Ref: "VpcRouteTable4"
      SubnetId:
        Ref: "VpcSubnetNaN"
  VpcRouteTable4VpcRoute0:
    Type: "AWS::EC2::Route"
    Properties:
      DestinationCidrBlock: "0.0.0.0/0"
      RouteTableId:
        Ref: "VpcRouteTable4"
      NatGatewayId:
        Ref: "VpcNatGw0"
  VpcRouteTable5:
    Type: "AWS::EC2::RouteTable"
    Properties:
      VpcId:
        Ref: "Vpc"
      Tags:
        - Key: "Name"
          Value: "Protected Route Table 1"
  VpcRouteTable5Assoc6:
    Type: "AWS::EC2::SubnetRouteTableAssociation"
    Properties:
      RouteTableId:
        Ref: "VpcRouteTable5"
      SubnetId:
        Ref: "VpcSubnet6"
  VpcRouteTable6:
    Type: "AWS::EC2::RouteTable"
    Properties:
      VpcId:
        Ref: "Vpc"
      Tags:
        - Key: "Name"
          Value: "Protected Route Table 2"
  VpcRouteTable6Assoc7:
    Type: "AWS::EC2::SubnetRouteTableAssociation"
    Properties:
      RouteTableId:
        Ref: "VpcRouteTable6"
      SubnetId:
        Ref: "VpcSubnet7"
  VpcRouteTable7:
    Type: "AWS::EC2::RouteTable"
    Properties:
      VpcId:
        Ref: "Vpc"
      Tags:
        - Key: "Name"
          Value: "Protected Route Table 3"
  VpcRouteTable7Assoc8:
    Type: "AWS::EC2::SubnetRouteTableAssociation"
    Properties:
      RouteTableId:
        Ref: "VpcRouteTable7"
      SubnetId:
        Ref: "VpcSubnet8"
  VpcRouteTable8:
    Type: "AWS::EC2::RouteTable"
    Properties:
      VpcId:
        Ref: "Vpc"
      Tags:
        - Key: "Name"
          Value: "Protected Route Table NaN"
  VpcRouteTable8AssocNaN:
    Type: "AWS::EC2::SubnetRouteTableAssociation"
    Properties:
      RouteTableId:
        Ref: "VpcRouteTable8"
      SubnetId:
        Ref: "VpcSubnetNaN"
Parameters: {}
Metadata: {}
Conditions: {}