| « PreviousNext » | |
   | Did this page help you? Yes | No | Tell us about it... |
Your Default VPC and Subnets
A default VPC combines the benefits of the advanced networking features provided by the EC2-VPC platform with the ease of use of the EC2-Classic platform.
For more information about the EC2-Classic and EC2-VPC platforms, see Supported Platforms.
Topics
Default VPC Basics
This section provides information about your default virtual private cloud (VPC) and its default subnets.
Availability
For information about detecting the platform support in each region for your AWS account, see Detecting Your Supported Platforms and Whether You Have a Default VPC.
If an AWS account supports only EC2-VPC, any IAM accounts associated with this AWS account also support only EC2-VPC, and use the same default VPC as the AWS account.
Components
When we create a default VPC, we do the following to set it up for you:
Create a default subnet in each Availability Zone.
Create an Internet gateway and connect it to your default VPC.
Create a main route table for your default VPC with a rule that sends all traffic destined for the Internet to the Internet gateway.
Create a default security group and associate it with your default VPC.
Create a default network access control list (ACL) and associate it with your default VPC.
Associate the default DHCP options set for your AWS account with your default VPC.
The following figure illustrates the key components that we set up for a default VPC.
Each instance that you launch into a default VPC receives both a public IP address and a private IP address. Each instance also receives both public and private DNS hostnames.
A default VPC is like any other VPC; you can add subnets, modify the main route table, add additional route tables, associate additional security groups, update the rules of the default security group, and add VPN connections. You can also create additional VPCs.
A default subnet is like any other subnet; you can add custom route tables and set network ACLs. You can also specify a default subnet when you launch an EC2 instance.
Default Subnets
The CIDR block for a default VPC is always 172.31.0.0/16. This provides up to 65,536 private IP addresses. The netmask for a default subnet is always /20, which provides up to 4,096 addresses per subnet, a few of which are reserved for our use.
By default, a default subnet is a public subnet, because the main route table sends the subnet's traffic that is destined for the Internet to the Internet gateway. You can make a default subnet a private subnet by removing the route from the destination 0.0.0.0/0 to the Internet gateway. However, if you do this, any EC2 instance running in that subnet can't access the Internet or other AWS products, such as Amazon Simple Storage Service (Amazon S3).
Detecting Your Supported Platforms and Whether You Have a Default VPC
You can launch EC2 instances into a default VPC and use services such as Elastic Load Balancing, Amazon Relational Database Service (Amazon RDS), and Amazon Elastic MapReduce (Amazon EMR) without needing to know anything about Amazon VPC. Your experience with these services is the same whether you are using the default VPC or EC2-Classic. However, you can tell whether your AWS account supports both platforms and if you have a default VPC. The next sections show you how to do so using the Amazon EC2 console, the Amazon EC2 command line interface, and the Amazon EC2 API actions.
AWS Management Console
The Amazon EC2 console indicates which platforms you can launch EC2 instances into, and whether you have a default VPC.
Verify that the region you'll use is selected in the navigation bar. On the Amazon EC2 console dashboard, look for Supported Platforms under Account Attributes.
If there are two values, EC2-Classic and EC2-VPC, you can launch instances into either platform.
If there is one value, EC2-VPC, you can launch instances only into EC2-VPC.
For example, the following indicates that the account supports the EC2-VPC platform only,
and has a default VPC with the identifier vpc-1a2b3c4d.
If you delete your default VPC, the Default VPC value displayed is
None. For more information, see Deleting Your Default VPC.
Command Line Interface
The supported-platforms attribute indicates which platforms you can
launch EC2 instances into. To get the value of this attribute for your account, use the
ec2-describe-account-attributes command as follows.
ec2-describe-account-attributes supported-platformsIf this attribute has two values, EC2-Classic and EC2-VPC, the
account can launch an EC2 instance into either platform. If you don't specify a VPC
when you launch an instance, it's launched into EC2-Classic.
If this attribute has one value, EC2-VPC, the account can launch instances
into EC2-VPC only. If you don't specify a VPC when you launch an instance, it's
launched into your default VPC.
The following is example output that indicates that you always launch instances into EC-VPC.
ACCOUNTATTRIBUTE supported-platforms VALUE EC2-VPC
The default-vpc attribute indicates whether you have a default VPC, and if
so, displays its identifier. To get the value of this attribute, use the
ec2-describe-account-attributes command. You can specify both
attributes, supported-platforms and default-vpc, on the same
command line, or you can use them separately as shown here.
ec2-describe-account-attributes default-vpcThe following is example output that indicates that you have a default VPC with the ID vpc-1a2b3c4d.
ACCOUNTATTRIBUTE default-vpc VALUE vpc-1a2b3c4d
Also, when you list your VPCs using the ec2-describe-vpcs command, we indicate the
default VPC in the output. When you list your subnets using the ec2-describe-subnets command,
we indicate the default subnet for each Availability Zone in the output.
For more information, see ec2-describe-account-attributes, ec2-describe-vpcs, and ec2-describe-subnets in the Amazon Elastic Compute Cloud Command Line Reference.
API
The supported-platforms attribute indicates which platforms you can launch
EC2 instances into.
The default-vpc attribute indicates whether you have a default VPC, and if so, displays its identifier.
To get the value of these attribute for your account, use the
DescribeAccountAttributes API action.
Also, when you list your VPCs using the DescribeVpcs API action, we indicate the
default VPC in the response. When you list your subnets using the DescribeSubnets API action,
we indicate the default subnet for each Availability Zone in the response.
For more information, see DescribeAccountAttributes, DescribeVpcs, and DescribeSubnets in the Amazon Elastic Compute Cloud API Reference.
Launching an EC2 Instance into Your Default VPC
When you launch an EC2 instance without specifying a subnet, it's automatically launched into a default subnet in your default VPC. By default, we select an Availability Zone for you and launch the instance into the corresponding subnet for that Availability Zone. Alternatively, you can select the Availability Zone for your instance by selecting its corresponding default subnet in the console, or by specifying the subnet or the Availability Zone in the CLI.
AWS Management Console
To launch an EC2 instance into your default VPC
Sign in to the AWS Management Console and open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
From the Amazon EC2 console dashboard, click Launch Instance.
On the Create a New Instance page, click Quick Launch Wizard. Follow the directions in the wizard. Specify a name for your instance, create a key pair, and select an AMI. Use the default security group.
Review your settings. The default for Launch into is Default Subnet in any AZ. This means that the instance is launched into the default subnet of the Availability Zone that we select. Alternatively, you can click Edit details and select the default subnet for a particular Availability Zone.
Click Launch to launch the instance.
Command Line Interface
To launch an EC2 instance into your default VPC, use the ec2-run-instances
command to launch your instance without specifying a subnet or an Availability Zone. For example:
ec2-run-instances ami-b232d0db
To launch an EC2 instance into a specific subnet in your default VPC, specify an Availability Zone.
ec2-run-instances ami-b232d0db --availability-zone us-east-1a
Alternatively, use the ec2-describe-subnets command to list your subnets and
display which are the default subnets for their Availability Zones.
ec2-describe-subnets SUBNET subnet-9d4a7b6c available vpc-1a2b3c4d 10.0.1.0/24 250 us-east-1a true true
Then, use ec2-run-instances to launch your instance into the default subnet
for the Availability Zone. For example:
ec2-run-instances ami-b232d0db -s subnet-9d4a7b6c
Deleting Your Default VPC
You can delete one or more of your default subnets just as you can delete any other subnet. However, after you've deleted a default subnet, it's gone. Now, you can't launch EC2 instances into that Availability Zone in your default VPC, unless you create a subnet in that Availability Zone and explicitly launch instances into that subnet. If you delete all default subnets for your default VPC, then you must specify a subnet in another VPC when you launch an EC2 instance, because you can't launch instances into EC2-Classic.
If you try to delete your default subnet, the Delete Subnet dialog box displays a warning and requires you to acknowledge that you are aware that you are deleting a default subnet.
You can delete your default VPC just as you can delete any other VPC. However, after you've deleted your default VPC, it's gone. Now, you must specify a subnet in another VPC when you launch an EC2 instance, because you can't launch instances into EC2-Classic. If you try to delete your default VPC, the Delete VPC dialog box displays a warning and requires you to acknowledge that you are aware that you are deleting a default VPC.
If you delete your default VPC and then need to restore it, you can contact AWS Support to have your account reset so that we can create a new default VPC for you.
