AWS Default VPC

AWS Regions and Availability Zones

Diagram 1: us-west-2 Region and its 4 Availability Zones

Default VPC and Default Subnets

When a AWS user chooses to work in us-west-2 region, the system will automatically create a default VPC for this region along with 4 default subnets. A subnet each in every Availability Zone(us-west-2a /us-west-2b /us-west-2c /us-west-2d)

Diagram 2: Default VPC
Diagram 3: VPC Dashboard for us-west-2
Diagram 4: CIDR allocation for Default VPC and Default Subnets
Diagram 5: IP addresses of EC2 instances created in 2 AZs
Diagram 6: EC2 Instances

Default Security Group

The default security group comprises of the following rules (inbound and outbound). The security group provides “Stateful Firewall” functionality bound to the interface of the instances. So the traffic in reverse direction will not require any explicit rules.

Diagram 7: Default Security Group Rules

Internet Connectivity

The default VPC provides Internet connectivity via an Internet Gateway and public IP addressing.

Diagram 8Internet Gateway
Diagram 9: Inbound Rule added to default security group to allow SSH access
Diagram 10: Instance3 Details

Internet Gateway

The internet connectivity is provided by the default route in EC2 instances which point to the Next-Hop VPC route table addresses

Digaram 11: Inbound SSH Session to Instance3
Diagram 12: Interface IP and Routing Table of the Instance3

Internal VPC and Internet connectivity route lookups

Lets check the route lookups(host level and VPC level)for Intra-AZ, Inter-AZ and Internet connectivity

VPC Route Table

The instances will have the following as Next-Hop Address in their routing table for Inter-AZ and Internet connectivity

Diagram 13: VPC Route Table and Next-Hop Addresses

Scenario1: Intra-AZ connectivity (Instance1 <-> Instance2)

Host Lookup: The packet to be routed via eth0 on to VPC

Diagram 14: Local Subnet route lookup on Instance1
Diagram 15: VPR Route Table Lookup for Intra-AZ Lookup
Diagram 16: Successful Ping from Src:Instance1 to Dst:Instance2

Scenario2: Inter-AZ connectivity(Instance1 <-> Instance3)

Host Lookup: The packet to be routed to VPC Router address 172.31.48.1

Diagram: VPC Route Table Lookup for Inter-AZ Connectivity
Diagram 16: Successful Ping from Src:Instance1 to Dst:Instance3

Scenario3: Internet Connectivity(Instance1 <-> Internet)

Host Lookup: The packet to be routed to VPC Router address 172.31.48.1

Diagram 16: Successful Ping from Src:Instance1 to Dst:Internet

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store