Building an AWS VPC with Terraform: step‑by‑step creation of a 10.0.0.0/16 VPC, public subnet, IGW, routing, and deployment commands
Build a complete AWS VPC with Terraform: step-by-step creation of a 10.0.0.0/16 VPC, a 10.0.1.0/24 public subnet, IGW, routing, and deployment commands.
Why this Terraform VPC lab matters
This guide walks through building a complete AWS VPC using Terraform and explains why that foundation matters for any cloud architecture. The walkthrough focuses on a minimal, practical network layout created with Terraform: a single VPC allocated at 10.0.0.0/16, a public subnet at 10.0.1.0/24, an Internet Gateway (IGW), and the routing pieces that provide internet access. The primary goal is to move beyond theory and give a concrete, reproducible configuration that demonstrates how Terraform resources relate to one another and how a basic AWS network is assembled.
What a VPC is and what it controls
A Virtual Private Cloud (VPC) is an isolated network environment you create inside AWS. Within a VPC you define the IP address range and partition that range into subnets, add routing and gateways, and control which resources can reach the internet. At the most basic level, a VPC lets you control IP addressing, subnets, routing, and internet access — the four elements this tutorial centers on.
Architecture we’ll build with Terraform
The target layout is intentionally minimal so the relationships between resources are clear:
VPC (10.0.0.0/16)
│
├── Public Subnet (10.0.1.0/24)
│ └── Internet Gateway
This structure provides a simple public-facing subnet inside a self-contained VPC. It serves as a starting point for adding compute, load balancers, and databases later in the learning path.
Project layout and files
The example workspace is compact and organized for clarity. The repository for the lab contains a top-level folder and two Terraform files:
vpc-lab/
main.tf
variables.tf
main.tf holds the resource definitions and variables.tf contains any input variables the configuration requires. Keeping this layout keeps the example focused on the VPC resources and their relationships.
Provider configuration
Before declaring AWS resources, the Terraform AWS provider must be configured. In this lab the provider region is set to ap-southeast-1. That region setting directs Terraform to create the VPC and related resources in that AWS region.
Creating the VPC resource
The first Terraform resource declared is the VPC itself. In the example the VPC is created with a cidr_block of 10.0.0.0/16 and tagged with the Name terraform-vpc. Declaring the VPC establishes the isolated network boundary that all other network resources attach to.
Adding a public subnet
With the VPC in place, the configuration adds a public subnet. The subnet in the example uses the CIDR 10.0.1.0/24 and references the VPC by its resource ID. The subnet is given a Name tag of public-subnet. This subnet is where publicly reachable resources would be placed and is associated with the route table that provides internet access.
Creating an Internet Gateway
To allow internet-bound traffic from the public subnet, the configuration provisions an Internet Gateway attached to the VPC. The IGW is created and tagged main-igw. Attaching an IGW to the VPC is the step that enables routing from private AWS IP space to the public internet when a route exists.
Route table, internet route, and subnet association
Routing is provided by a route table resource that is created within the VPC. The example adds a route that sends all 0.0.0.0/0 traffic to the Internet Gateway, enabling internet access for the subnet once associated. The final linkage is a route table association that ties the public subnet to the public route table so the defined internet route applies to instances launched in that subnet.
- Route table resource: created and tied to the VPC.
- Route resource: destination_cidr_block set to 0.0.0.0/0 with gateway_id pointing to the IGW.
- Route table association: links the public subnet to the public route table.
These three pieces implement the routing behavior for the public subnet.
Deploying the infrastructure with Terraform
The recommended command sequence to bring this example to life is the standard Terraform workflow:
terraform init
terraform plan
terraform apply
That sequence initializes the working directory, shows the planned changes, and applies them to create the VPC, subnet, IGW, route table, route, and association. When the lab is no longer needed, the guide emphasizes cleaning up created AWS resources to avoid ongoing charges using:
terraform destroy
Using destroy removes the resources provisioned by this configuration and helps avoid unnecessary AWS costs.
What you will have after applying
Applying this configuration results in a minimal but functional AWS network foundation:
- A VPC (10.0.0.0/16).
- A public subnet (10.0.1.0/24).
- Internet access provisioned via an Internet Gateway.
- Routing configuration that sends internet-bound traffic from the subnet to the IGW.
These elements form the fundamental network layer on which additional AWS services and application tiers can be deployed.
How Terraform resource relationships are demonstrated
This lab highlights direct resource relationships that are central to Terraform usage: resources reference one another by ID (for example, subnet references aws_vpc.main.id and route references aws_internet_gateway.igw.id). Those references demonstrate how Terraform models dependencies between infrastructure pieces so that creation and updates occur in the correct order. That pattern—declare resources, reference other resources’ attributes, and let Terraform manage orchestration—is the practical lesson at the heart of the example.
DevOps insight: why VPC → Subnets → Routing matters
Almost every AWS architecture starts with the sequence VPC → Subnets → Routing. Because the VPC defines the IP space and boundaries, subnets carve that space for placement of application components, and routing determines flow to other networks and to the internet, these three layers are the typical first engineering decisions in any AWS design. In this lab the minimal configuration reinforces that pattern and makes the necessary building blocks explicit.
Practical audience and use cases
This example is aimed at anyone learning to translate basic network design into Terraform code: infrastructure engineers, DevOps practitioners, and developers who want to manage networking with infrastructure-as-code. The minimal pattern shown is a repeatable starting point for labs, tests, sandbox environments, and as the initial step in a staged build toward production architectures.
Analysis: implications for teams and projects
By codifying a VPC and its network elements in Terraform, teams gain a reproducible, reviewable artifact for foundational networking. The configuration in this lab demonstrates how to capture networking intent in code so it can be versioned, reviewed, and applied consistently across environments. That approach reduces manual console work and supports collaboration: team members can inspect the same main.tf and variables.tf files to understand how networking is provisioned. The minimal example also illustrates the separation of concerns—networking is defined independently from compute and application layers—so teams can iterate on higher layers (for example, compute, load balancing, and data stores) without reworking the VPC definition.
What you learn beyond the code
Working through the example teaches a few discipline-level lessons in addition to the technical ones: keep configuration focused and small for learning, name resources consistently with tags, and remove ephemeral resources when they are no longer needed. The lab explicitly points out the need to clean up with terraform destroy to avoid cost—an operational habit that matters in both learning and production contexts.
Next steps in the learning series
This VPC lab is part of a broader Terraform learning series. The previous entry covered workspaces versus environments, and the next planned topic is a 3‑tier architecture that combines an Application Load Balancer (ALB), EC2 instances, and a database layer. Completing this VPC step prepares you to attach those compute and application resources into a network that already provides the correct IP space, subnets, and internet routing.
About the author and the series context
The lab is authored by Ahkar, who shares DevOps, AWS, and infrastructure knowledge. The example references the author’s site for additional content. This post is listed as the VPC lab within a multi-part Terraform Learning Series, positioned between a workspaces vs environments piece and a forthcoming 3‑tier architecture walkthrough.
Building the minimal VPC with Terraform converts abstract networking concepts into concrete, version-controlled resources and demonstrates how Terraform expresses dependencies and orchestration between cloud components. That clarity makes subsequent additions—application servers, load balancers, databases—easier to plan and implement within the same code-driven workflow.
Looking ahead, the next logical stage is to reuse this network foundation while incrementally introducing the ALB + EC2 + DB components called out in the series; keeping networking in code simplifies that expansion and helps teams maintain consistent environment topology as the architecture grows.
