Q. What is a default VPC?
A default VPC is a logically isolated virtual network in the AWS cloud that is automatically created for your AWS account the first time you provision Amazon EC2 resources. When you launch an instance without specifying a subnet-ID, your instance will be launched in your default VPC.
Q. What are the benefits of a default VPC?
When you launch resources in a default VPC, you can benefit from the advanced networking functionalities of Amazon VPC (EC2-VPC) with the ease of use of Amazon EC2 (EC2-Classic). You can enjoy features such as changing security group membership on the fly, security group egress filtering, multiple IP addresses, and multiple network interfaces without having to explicitly create a VPC and launch instances in the VPC.
Q. What accounts are enabled for default VPC?
If your AWS account was created after March 18, 2013 your account may be able to launch resources in a default VPC. See this Forum Announcement to determine which regions have been enabled for the default VPC feature set. Also, accounts created prior to the listed dates may utilize default VPCs in any default VPC enabled region in which you’ve not previously launched EC2 instances or provisioned Amazon Elastic Load Balancing, Amazon RDS, Amazon ElastiCache, or Amazon Redshift resources.
Q. How can I tell if my account is configured to use a default VPC?
The Amazon EC2 console indicates which platforms you can launch instances in for the selected region, and whether you have a default VPC in that region. Verify that the region you’ll use is selected in the navigation bar. On the Amazon EC2 console dashboard, look for “Supported Platforms” under “Account Attributes”. If there are two values, EC2-Classic and EC2-VPC, you can launch instances into either platform. If there is one value, EC2-VPC, you can launch instances only into EC2-VPC. Your default VPC ID will be listed under “Account Attributes” if your account is configured to use a default VPC. You can also use the EC2 DescribeAccountAttributes API or CLI to describe your supported platforms.
Q. Will I need to know anything about Amazon VPC in order to use a default VPC?
No. You can use the AWS Management Console, AWS EC2 CLI, or the Amazon EC2 API to launch and manage EC2 instances and other AWS resources in a default VPC. AWS will automatically create a default VPC for you and will create a default subnet in each Availability Zone in the AWS region. Your default VPC will be connected to an Internet gateway and your instances will automatically receive public IP addresses, just like EC2-Classic.
Q. What are the differences between instances launched in EC2-Classic and EC2-VPC?
See Differences between EC2-Classic and EC2-VPC in the EC2 User Guide.
Q. Do I need to have a VPN connection to use a default VPC?
No. Default VPCs are attached to the Internet and all instances launched in default subnets in the default VPC automatically receive public IP addresses. You can add a VPN connection to your default VPC if you choose.
Q. Can I create other VPCs and use them in addition to my default VPC?
Yes. To launch an instance into nondefault VPCs you must specify a subnet-ID during instance launch.
Q. Can I create additional subnets in my default VPC, such as private subnets?
Yes. To launch into nondefault subnets, you can target your launches using the console or the –subnet option from the CLI, API, or SDK.
Q. How many default VPCs can I have?
You can have one default VPC in each AWS region where your Supported Platforms attribute is set to “EC2-VPC”.
Q. What is the IP range of a default VPC?
The default VPC CIDR is 172.31.0.0/16. Default subnets use /20 CIDRs within the default VPC CIDR.
Q. How many default subnets are in a default VPC?
One default subnet is created for each Availability Zone in your default VPC.
Q. Can I specify which VPC is my default VPC?
Not at this time.
Q. Can I specify which subnets are my default subnets?
Not at this time.
Q. Can I delete a default VPC?
Yes, you can delete a default VPC. Once deleted, you can create a new default VPC directly from the VPC Console or by using the CLI. This will create a new default VPC in the region. This does not restore the previous VPC that was deleted.
Q. Can I delete a default subnet?
Yes, you can delete a default subnet. Once deleted, you can create a new default subnet in the availability zone by using the CLI or SDK. This will create a new default subnet in the availability zone specified. This does not restore the previous subnet that was deleted.
Q. I have an existing EC2-Classic account. Can I get a default VPC?
The simplest way to get a default VPC is to create a new account in a region that is enabled for default VPCs, or use an existing account in a region you’ve never been to before, as long as the Supported Platforms attribute for that account in that region is set to “EC2-VPC”.
Q. I really want a default VPC for my existing EC2 account. Is that possible?
Yes, however, we can only enable an existing account for a default VPC if you have no EC2-Classic resources for that account in that region. Additionally, you must terminate all non-VPC provisioned Elastic Load Balancers, Amazon RDS, Amazon ElastiCache, and Amazon Redshift resources in that region. After your account has been configured for a default VPC, all future resource launches, including instances launched via Auto Scaling, will be placed in your default VPC. To request your existing account be setup with a default VPC, please go to Account and Billing -> Service: Account -> Category: Convert EC2 Classic to VPC and raise a request. We will review your request, your existing AWS services and EC2-Classic presence and guide you through the next steps.
Q. How are IAM accounts impacted by default VPC?
If your AWS account has a default VPC, any IAM accounts associated with your AWS account use the same default VPC as your AWS account.