Learn AWS networking through interactive simulation. Build, connect, and export Terraform code.
Every network starts with a boundary — your Virtual Private Cloud. Think of it like drawing a fence around your AWS environment. Everything you build will live inside it.
Drag a VPC node onto the canvas — it's just a container, not functional logic yet. Only one VPC is allowed for now. Gateways can be placed outside the VPC container.
Try placing two EC2 instances inside the same VPC. Notice how they still need to be connected to a Subnet before they can communicate.
Inside your VPC, you divide your network into smaller zones called Subnets. Each one can be Public (connected to the internet) or Private (isolated and secure).
Drag a Subnet node into the VPC and set its type. EC2s connect to Subnet nodes with visible links to define their network placement.
Connect two EC2 instances to the same Subnet and see how they can communicate. Try connecting them to different Subnets — they won't connect yet.
Every subnet follows a map called a Route Table — it decides where traffic goes. Without it, your subnet doesn't know how to reach the internet or other networks.
Drag a Route Table node and connect Subnet → Route Table. This sequence is enforced. Watch how traffic flows through the connections you build.
Try building this flow: EC2 → Public Subnet → Route Table → Internet Gateway. Watch how the route lights up when connected correctly.
To reach the internet, your network needs gateways — like bridges. A Public Subnet uses an Internet Gateway (IGW). A Private Subnet needs a NAT Gateway to go out safely.
Connect Public Subnet → Route Table → IGW or Private Subnet → Route Table → NAT → IGW. IGW and NAT nodes live outside the VPC visually.
Make a private subnet's EC2 reach the internet: EC2 → Private Subnet → Route Table → NAT → IGW.
You've mastered the fundamentals. Now experiment with real AWS networking patterns and export deployable Terraform code.