Building a Three-Tier Network VPC from Scratch in AWS

30 minutes
  • 4 Learning Objectives

About this Hands-on Lab

Welcome to this AWS hands-on lab for Building a Three-Tier Network VPC from scratch.

This lab provides you with the opportunity to get hands-on experience building and connecting the following components inside AWS:

1) VPC
2) Subnets
3) Internet Gateway
4) Route Tables
5) Nat Gateway
6) Network Access Control Lists (NACLs)

These components are the foundation of highly available/fault tolerant networking architecture inside of AWS, while covering concepts such as infrastrucutre, design, routing, and security.

The bare-bones architecture we built in this lab is a design you will frequently see when working in AWS. Good luck and enjoy this hands-on lab. Now, go keep learning!

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Create a VPC

Create a VPC with the following CIDR Block Range (

  • Navigate to the VPC service in the AWS Console
  • Navigate to "your vpcs"
  • Click on Create VPC
  • Enter VPC name and CIDR block range
  • Create an Internet Gateway and attach it to your VPC.
Create six (6) Subnets

Create six (6) subnets in the VPC you just created. One pair of subnets for the DMZ layer, one pair for the AppLayer, and one pair for the DBLayer. Each pair should be split between AZs.

  • In the VPC console, navigate to "subnets"
  • Select "create subnet"
  • Fill in the form, making sure to select the proper VPC, AZ, and CIDR block range
  • Repeat 5 more times to create six total subnets
Create a NAT Gateway

Create a NAT Gateway and provide it with a route to the Internet via the public Route Table

  • In the VPC console, navigate to "Nat Gateways"
  • Click on "Create Nat Gateway"
  • Fill out the form, making sure to choose the appropriate subnet AND generating an EIP address
Create three (3) NACLs and associate them with subnets

Create three NACLs and associate each to one of the subnet groupings (DMZ, AppLayer, and DB layer subnets)

Create Three NACLs:

  • In the VPC console, navigate to "Network ACLs"
  • Click on "Create Network ACL"
  • Fill out the form, making sure to select the proper VPC.
  • Repeat twice more to create a total of three NACLs

Associate NACLs with Subnets:

  • Select one NACL and navigate to the "Subnet Associations" tab
  • Click on "Edit"
  • Select the two subnets that need to be associated with this NACL.
  • Click "Save"
  • Repeat twice more, associating the remaining NACLs with the remaining subnets.

Additional Resources

Please log in to the AWS environment using the cloud_user credentials provided on the lab instructions page.

Once inside the AWS account, make sure you are using us-east-1 (N. Virginia) as the selected region.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?