Environment and Base Setup
Design Decisions Before You Click Anything
Before opening the AWS console, settle two decisions that affect everything downstream.
Region selection. Choose a region close to your users or your organization’s primary location. For this lab, any region works. Use a consistent region throughout. Changing regions mid-lab is the most common source of confusion for beginners.
AZ selection. You will use two AZs within your chosen region (e.g., us-east-1a and us-east-1b). AWS does not guarantee that AZ names map to the same physical facilities across accounts. If you are building for a team, note that us-east-1a in your account is not necessarily the same physical AZ as us-east-1a in a colleague’s account.
Subnet CIDR plan. With a /16 VPC, a common pattern is to use /24 subnets (256 addresses, 251 usable — AWS reserves 5). This gives you 256 possible subnets and is easy to reason about.
| Subnet | AZ | CIDR |
|---|---|---|
| public-az1 | AZ-1 | 10.0.1.0/24 |
| public-az2 | AZ-2 | 10.0.2.0/24 |
| private-app-az1 | AZ-1 | 10.0.11.0/24 |
| private-app-az2 | AZ-2 | 10.0.12.0/24 |
| private-db-az1 | AZ-1 | 10.0.21.0/24 |
| private-db-az2 | AZ-2 | 10.0.22.0/24 |
The gap between the public range (1-2), app range (11-12), and DB range (21-22) is intentional. It leaves room to add subnets to each tier later without renumbering.
Creating the VPC
Navigate to VPC > Your VPCs > Create VPC. Select “VPC only” (not the wizard — the wizard obscures the learning). Configure:
- Name tag:
lab-vpc - IPv4 CIDR:
10.0.0.0/16 - Tenancy: Default (dedicated tenancy multiplies costs by 10x with no benefit for this lab)
After creation, enable DNS hostnames on the VPC: Actions > Edit VPC settings > Enable DNS hostnames. This is required for EC2 instances to receive resolvable hostnames, which matters for service discovery and RDS endpoint resolution.
What you should see: The VPC appears with state “Available”. Note the VPC ID — you will reference it throughout.
Creating Subnets
Create all six subnets using the table above. For each:
- VPC: select
lab-vpc - Availability Zone: set explicitly per the table — do not leave it as “No preference”
- Name tag: follow the naming in the table exactly
For the two public subnets, after creation: select the subnet, go to Actions > Edit subnet settings > Enable auto-assign public IPv4 address. This ensures EC2 instances launched in public subnets receive a public IP by default. Do not enable this for private subnets.
What you should see: Six subnets, each with the correct AZ, CIDR, and auto-assign setting. Subnets in the same AZ should be visible as a logical group.
Common misconfiguration: Creating all subnets in the same AZ. Verify the AZ column in the subnet list before proceeding.
Attaching the Internet Gateway
Navigate to VPC > Internet Gateways > Create internet gateway. Name it lab-igw. After creation, it will show state “Detached.” Select it and choose Actions > Attach to VPC, then select lab-vpc.
What you should see: IGW state changes to “Attached”. There is only one IGW per VPC. Attempting to create a second one and attach it will fail.
In this section, I confirmed:
0 of 5 completed