creating-production-vpc-multi-az

Creating a Production-Ready VPC Across Multiple Availability Zones Overview Domain expertise for creating production-ready VPC infrastructure distributed across multiple Availability Zones. Covers VPC creation with DNS support, public and private subnet layout with automatic CIDR calculation, internet gateway, NAT gateways for high-availability outbound access, route table configuration, and tiered security groups following AWS Well-Architected principles. Create a production VPC To create a fully configured multi-AZ VPC with public/private subnets, NAT gateways, route tables, and security groups, follow the procedure exactly. See Production VPC creation procedure . Key parameters: vpc_name (required): Name prefix for all resources region (required): Target AWS region allowed_web_cidrs (required): CIDR blocks allowed for web access — allow 0.0.0.0/0 only if explicitly requested vpc_cidr (optional, default 10.0.0.0/16 ): VPC CIDR block availability_zones (optional, default 3): Number of AZs (2–6) environment (required): Environment tag enable_ssh_access (optional, default false): Whether to create SSH security group Troubleshooting Insufficient Availability Zones The target region must have at least 2 available AZs. Use aws ec2 describe-availability-zones to verify. NAT Gateway creation delays NAT Gateways can take several minutes to become available. The procedure waits for availability before configuring route tables. Security group CIDR warnings The procedure warns about 0.0.0.0/0 for web access CIDRs and recommends specific IP ranges for production workloads, but allows it if explicitly requested.