📋 AWS VPC Design Cheat Sheet

Quick-reference for VPC architecture, CIDR planning, subnets, route tables, NAT, endpoints, and multi-VPC connectivity patterns.

CIDR Planning

  • VPC: /16 to /28 (65,536 to 16 IPs)
  • Cannot change primary CIDR; can add secondary CIDRs
  • RFC 1918: 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16
  • 5 IPs reserved per subnet (network, VPC router, DNS, future, broadcast)

Subnet Design

  • Public subnet: route to IGW (0.0.0.0/0 → igw-xxx)
  • Private subnet: route to NAT GW for internet access
  • Isolated subnet: no internet route at all
  • Spread across AZs for high availability

VPC Endpoints

  • Gateway endpoints: S3 and DynamoDB only, free, route table entry
  • Interface endpoints: ENI-based, PrivateLink, cost per hour + data
  • Endpoint policies: restrict which actions/resources are accessible
  • DNS: private DNS associates endpoint with service domain

Multi-VPC Patterns

  • VPC Peering: 1-to-1, non-transitive, cross-account/cross-region
  • Transit Gateway: hub-and-spoke, transitive, route table isolation
  • PrivateLink: service-to-consumer, unidirectional, cross-account
  • Shared VPC (RAM): share subnets across accounts in Organization

Practice VPC Design Questions

Put your knowledge to the test with practice questions.

VPC Design Questions →Full ANS-C01 Quiz

More ANS-C01 Cheat Sheets

📋AWS Transit Gateway Cheat Sheet📋AWS Direct Connect Cheat Sheet📋Route 53 & Hybrid DNS Cheat Sheet📋Network Security Cheat Sheet📋Network Performance Optimization Cheat Sheet
← ANS-C01 Study HubFree Mock Exam7-Day Study Plan