A Default VPC in AWS


Amazon tries to lower your barrier to entry when it comes to quickly making resources available via the cloud. As such, you are built a nice default VPC. This post walks you through what is created for you.

  • The default VPC itself – there is a unique ID associated with this for identification and a CIDR range (
  • Subnets – you get a subnet in each of your Availability Zones; these subnets are publicly reachable; they are /20 and feature 4091 available addresses
  • Route Table – there is a route table constructed for you; it directs to stay local, and there is a default route ( directing traffic to an Internet Gateway constructed for you
  • Internet Gateway – this allows your default VPC resources to reach the outside world
  • DHCP Options Set – there is an entry done for you which contains the domain name associated with your default VPC
  • Network ACL – there is a Network ACL associated with all three of your subnets; it is completely permissive by default; it allows all traffic inbound and all traffic outbound
  • Security Group – there is a default security group created for you; it is restrictive in nature in that it permits no traffic inbound

Note there are plenty of other VPC components available for your default VPC, but you would need to configure them. These components include:

  • Egress only Internet Gateways
  • Elastic IPs
  • Endpoints
  • Endpoint Services
  • NAT Gateways
  • Peering Connections
  • Customer Gateways
  • Virtual Private Gateways
  • VPN Connections


Leave a Reply

Your email address will not be published. Required fields are marked *