Your Default VPC and Subnets
If you created your AWS account after 2013-12-04, it supports only EC2-VPC. In this case, you'll have a default VPC in each AWS region. A default VPC is ready for you to use — you can immediately start launching instances into your default VPC without having to perform any additional configuration steps. A default VPC combines the benefits of the advanced networking features provided by the EC2-VPC platform with the ease of use of the EC2-Classic platform.
For more information about the EC2-Classic and EC2-VPC platforms, see Supported Platforms.
Default VPC Basics
This section provides information about your default virtual private cloud (VPC) and its default subnets.
If you created your AWS account after 2013-12-04, it supports only EC2-VPC. In this case, we create a default VPC for you in each AWS region. Therefore, unless you create a nondefault VPC and specify it when you launch an instance, we launch your instances into your default VPC.
If you created your AWS account before 2013-03-18, it supports both EC2-Classic and EC2-VPC in regions that you've used before, and only EC2-VPC in regions that you haven't used. In this case, we create a default VPC in each region in which you haven't created any AWS resources. Therefore, unless you create a nondefault VPC and specify it when you launch an instance in a region that you haven't used before, we launch the instance into your default VPC for that region. However, if you launch an instance in a region that you've used before, we launch the instance into EC2-Classic.
If you created your AWS account between 2013-03-18 and 2013-12-04, it may support only EC2-VPC, or it may support both EC2-Classic and EC2-VPC in some of the regions that you've used. For information about detecting the platform support in each region for your AWS account, see Detecting Your Supported Platforms and Whether You Have a Default VPC. For information about when each region was enabled for default VPCs, see Announcement: Enabling regions for the default VPC feature set in the AWS forum for Amazon VPC.
If an AWS account supports only EC2-VPC, any IAM accounts associated with this AWS account also support only EC2-VPC, and use the same default VPC as the AWS account.
If your AWS account supports both EC2-Classic and EC2-VPC and you want the benefits of using EC2-VPC with the simplicity of launching instances into EC2-Classic, you can either create a new AWS account or launch your instances into a region that you haven't used before. If you'd prefer to add a default VPC to a region that doesn't have one, see "I really want a default VPC for my existing EC2 account. Is that possible?" in the Default VPCs FAQ.
When we create a default VPC, we do the following to set it up for you:
Create a default subnet in each Availability Zone.
Create an Internet gateway and connect it to your default VPC.
Create a main route table for your default VPC with a rule that sends all traffic destined for the Internet to the Internet gateway.
Create a default security group and associate it with your default VPC.
Create a default network access control list (ACL) and associate it with your default VPC.
Associate the default DHCP options set for your AWS account with your default VPC.
The following figure illustrates the key components that we set up for a default VPC.
Instances that you launch into a default subnet receive both a public IP address and a private IP address. Instances in a default subnet also receive both public and private DNS hostnames. Instances that you launch into a nondefault subnet in a default VPC don't receive a public IP address or a DNS hostname. You can change your subnet's default public IP addressing behavior. For more information, see Modifying Your Subnet's Public IP Addressing Behavior.
You can use a default VPC as you would use any other VPC; you can add subnets, modify the main route table, add additional route tables, associate additional security groups, update the rules of the default security group, and add VPN connections. You can also create additional VPCs.
You can use a default subnet as you would use any other subnet; you can add custom route tables and set network ACLs. You can also specify a default subnet when you launch an EC2 instance.
The CIDR block for a default VPC is always a /16 netmask, for example, 172.31.0.0/16. This provides up to 65,536 private IP addresses. The netmask for a default subnet is always /20, which provides up to 4,096 addresses per subnet, a few of which are reserved for our use.
By default, a default subnet is a public subnet, because the main route table sends the subnet's traffic that is destined for the Internet to the Internet gateway. You can make a default subnet a private subnet by removing the route from the destination 0.0.0.0/0 to the Internet gateway. However, if you do this, any EC2 instance running in that subnet can't access the Internet.
From time to time, AWS may add a new Availability Zone to a region. In most cases, we’ll automatically create a new default subnet in this Availability Zone for your default VPC. However, if you’ve made any modifications to your default VPC, we do not add a new default subnet. If you want a default subnet for the new Availability Zone, contact AWS Support to create a default subnet for you.
Detecting Your Supported Platforms and Whether You Have a Default VPC
You can launch EC2 instances into a default VPC and use services such as Elastic Load Balancing, Amazon Relational Database Service (Amazon RDS), and Amazon Elastic MapReduce (Amazon EMR) without needing to know anything about Amazon VPC. Your experience with these services is the same whether you are using a default VPC or EC2-Classic. However, you can use the Amazon EC2 console or the command line to determine whether your AWS account supports both platforms and if you have a default VPC.
Detecting Platform Support Using the Console
The Amazon EC2 console indicates which platforms you can launch EC2 instances into, and whether you have a default VPC.
Verify that the region you'll use is selected in the navigation bar.
On the Amazon EC2 console dashboard, look for Supported Platforms
under Account Attributes.
If there are two values,
you can launch instances into either platform.
If there is one value,
VPC, you can launch instances
only into EC2-VPC.
For example, the following indicates that the account supports the EC2-VPC platform only,
and has a default VPC with the identifier
If you delete your default VPC, the Default VPC value displayed is
None. For more information, see Deleting Your Default Subnets and Default VPC.
Detecting Platform Support Using the Command Line
supported-platforms attribute indicates which platforms you can
launch EC2 instances into. To get the value of this attribute for your account, use
one of the following commands:
Also, when you list your VPCs using the following commands, we indicate any default VPCs in the output:
Launching an EC2 Instance into Your Default VPC
When you launch an EC2 instance without specifying a subnet, it's automatically launched into a default subnet in your default VPC. By default, we select an Availability Zone for you and launch the instance into the corresponding subnet for that Availability Zone. Alternatively, you can select the Availability Zone for your instance by selecting its corresponding default subnet in the console, or by specifying the subnet or the Availability Zone in the CLI.
Launching an EC2 Instance Using the Console
To launch an EC2 instance into your default VPC
Open the Amazon EC2 console.
From the console dashboard, click Launch Instance.
Follow the directions in the wizard. Select an AMI, and choose an instance type. You can accept the default settings for the rest of the wizard by clicking Review and Launch. This takes you directly to the Review Instance Launch page.
Review your settings. In the Instance Details section, the default for Subnet is No preference (default subnet in any Availability Zone). This means that the instance is launched into the default subnet of the Availability Zone that we select. Alternatively, you can click Edit instance details and select the default subnet for a particular Availability Zone.
Click Launch to choose a key pair and launch the instance.
Launching an EC2 Instance Using the Command Line
You can use one of the following commands to launch an EC2 instance:
To launch an EC2 instance into your default VPC, use these commands without specifying a subnet or an Availability Zone.
To launch an EC2 instance into a specific default subnet in your default VPC, specify its subnet ID or Availability Zone.
Deleting Your Default Subnets and Default VPC
You can delete a default subnet or default VPC just as you can delete any other subnet or VPC. However, if you delete your default subnets or default VPC, you must explicitly specify a subnet in another VPC in which to launch your instance, because you can't launch instances into EC2-Classic. If you do not have another VPC, you must create a nondefault VPC and nondefault subnet. For more information, see Creating a VPC.
If you delete a default subnet, you can't launch instances into that Availability Zone in your default VPC, unless you create a nondefault subnet in that Availability Zone. If you delete a default subnet and want to restore it, you can create a nondefault subnet and contact AWS Support to mark the subnet as a default subnet. You must provide the following details: your AWS account ID, the region, and the subnet ID. To ensure that your new default subnet behaves as expected, modify the subnet attribute to assign public IP addresses to instances that are launched in that subnet. For more information, see Modifying Your Subnet's Public IP Addressing Behavior. You can only have one default subnet per Availability Zone. You cannot create a default subnet in a nondefault VPC.
If you delete your default VPC and need a new one, you can contact AWS Support to create a new default VPC in that region for you. You cannot mark an existing VPC as a default VPC.
If you try to delete your default subnet or default VPC in the Amazon VPC console, a dialog box displays a warning and requires you to acknowledge that you are aware that you are deleting a default subnet or default VPC.