Work with a Custom VPC

Custom or nondefault VPCs are networks we create and administer based on our requirements. They are isolated networks that don’t permit inbound or outbound traffic, unless we set explicit network configurations according to our requirements.

Contrary to the default VPC, which is always created with the same network configuration, a custom VPC give us the choice to design a VPC with our own network configuration.

Determining VPC CIDR

The first question to be answered before creating a custom VPC is with what network CIDR Classless Inter-Domain Routing should the VPC be formed. To put it another way, how many IP addresses should our VPC have?

First, we need to determine the number of IP addresses that are required for our custom VPC network. As each resource will use an IP address, it is necessary to estimate how many resources, such as EC2 instances, RDS instances, etc., will be deployed within the VPC, while also taking into account the rate at which resource utilization is expected to increase in the future.

Next, we need to determine the IP ranges to avoid using for the VPC network. It is advisable to avoid choosing the commonly used CIDR ranges and CIDR ranges that overlap with other network environments that might need to communicate with our VPC. For example, our custom VPC might need to communicate with an on premises private network, another Amazon VPC, or any other private cloud network. To ensure proper communication, it is required that communicating networks don’t have overlapping IP addresses. Therefore, it is advised to avoid using conflicting and overlapping IP ranges.

After we have determined the answers to the above questions, we can decide on the CIDR block for our VPC.

Note: The allowed network block size in an Amazon VPC is between /16 (65536 IPs) and /28 (16 IPs), inclusive.

It’s advised to choose a network CIDR from the private IP address range provided by the RFC 1918 standard.