This blog shows how to create VPC in scratch Create VPC Create 2 Subnets one for public Subnet and another for a private Subnet Create Internet Gateway Create a Route Table Create 2 EC2 Instances one public instance and another one is a private instance Setup NAT Gateway for private EC2 instance Create a VPC Go to VPC and click create VPC, start to enter information to create VPC. Enter any name for the name field IPv4 CIDR, enter IPv4 range as 10.0.0.0/16 Choose Amazon provided IPv6 CIDR block Tenancy, choose Default if wish to use as Tenancy after creating VPC, AWS will generate following AWS default services.

Create Flow logs Select the VPC to want to use flow logs, click action then click Create flow log. Setup Destination log group If you choose to send to CloudWatch logs, you'll have to set up a destination log group. Go to CloudWatch and choose Log groups. Set up IAM role for flow logs Click set up permission on the create VPC flow logs page, this UI will only show on old UI, which will create the following policy to enable flow logs to read and write to cloud watch.

This blog shows how to use VPC Endpoint from private EC2 Instance to S3 without going through the internet, with VPC Endpoint access s3 should be within AWS service which will be no charge. Attach IAM role to private EC2 Instance Since we'll need to access s3 from EC2 private instance, we'll need to set up an s3 full access role for EC2 instance.   Create a new role and select the AmazonS3FullAccess.

This blog will show how to create an AWS application load balancer with custom VPC's EC2 instances. Setup Custom VPC Create VPC Go to VPC and click create VPC, enter the VPC field as below example. Name tag: enter your VPC name IPv4 CIDR block: enter your CIDR block IP range IPv6 CIDR block: choose IPv6 Network Border Group Tenancy: Default (you can choose if you want to single-tenant, dedicated hardware or not) Create Subnet We'll need 2 subnets to create the Application Load Balancer. Name tag: enter any name VPC: choose the VPC just created Availability Zone: choose the availability zone IPv4 CIDR block: 172.0.1.