Day 3: Create your VPC (AWS foundation begins)
How to create a Virtual Private Cloud (VPC) in AWS - your AI agent's private territory
Your AI agent needs a homeโ
Days 1-2: Your AI caller agent ran on your laptop.
Today: We're moving it to the cloud
But before your AI caller agent can live in AWS, it needs a home: a private, isolated network where only your resources cab communicate.
That's what a VPC is.
What is a VCP?โ
Think of it like this:
AWS is a massive city with millions of buildings (servers)
A VPC is your gated neighborhood in that city
Only you control who gets in, who gets out and what happens inside
Here's a visual:
A Virtual Private Cloud VPC is your own private cloud territory
By the end of today, you'll have:
โ
Your own private cloud territory
โ
A foundation for everything we build next
โ
Complete control over your network
What you'll build todayโ
A Virtual Private Cloud (VPC) with:
โ
Your own IP address range (172.31.0.0/16)
โ
Isolated from all other AWS users
โ
Ready for subnets, security groups and more
This takes 5 minutes to set up, but it's the foundation for Days 4-24.
You might be thinking: "Can't we just deploy the code first?"
No. Here's why;
Without a VPC:
โ Your AI agent has no place to run
โ No security boundaries
โ No control over traffic
With a VPC:
โ
Complete network isolation
โ
You control all access
โ
Production-ready security
We're building the foundation first, then putting the AI on top.
What you'll learnโ
- What a VPC actually is (and why you need one)
- How IP address ranges work (CIDR blocks)
- Why we use
172.31.0.0/16 - How to navigate the AWS console
- The difference between default VPC and custom VPC
But if you want:
โ
Complete codebase (one clean repo)
โ
Complete walkthroughs
โ
Support when stuck
โ
Production templates
โ
Advanced features
Join the waitlist for the full course (launching February 2026):
Building something with AI calling? Let's chat about your use case! Schedule a free call โ - no pitch, just two builders talking.
Time requiredโ
5 minutes
Prerequisitesโ
1. An AWS accountโ
Log in to console.aws.amazon.com โ
That's it. No code today. Just infrastructure.
Understanding VPCs (2-minute primer)โ
Before we create one, let's understand what a VPC actually is.
What is a VPC?โ
VPC = Virtual Private Cloud
It's a logically isolated section of AWS where you launch resources like:
- Servers (EC2, Fargate)
- Databases (RDS, DynamoDB)
- Load balancers (ALB)
Key point: Resources in your VPC are isolated from other AWS users.
Why do you need a VPC?โ
Without a VPC:โ
- Your AI agent runs on a shared network
- Anyone could potentially access it
- No control over traffic flow
With a VPC:โ
- Your AI agent runs in your private network
- You control who gets in/out
- Production-grade security
It's like the difference between:
โ Renting a desk in a shared office (no VPC)
โ
Owning your own office building (VPC)
What is a CIDR block?โ
CIDR = Classless Inter-Domain Routing
It'sa way to specify an IP address range.
Example: 172.31.0.0/16
What it means:
172.31.0.0= Starting IP address/16= How many IP addresses you get
Think of it like:
I want all IP addresses from
172.31.0.0to172.31.255.255
That's 64,536 IP addresses, more than enough for our AI calling agent.
Understanding CIDR notation
CIDR deep dive
| CIDR | # of IPs | Range Example |
|---|---|---|
/16 | 65,536 | 172.31.0.0 โ 172.31.255.255 |
/20 | 4,096 | 172.31.0.0 โ 172.31.15.255 |
/24 | 256 | 172.31.1.0 โ 172.31.1.255 |
Rule of thumb:
- Smaller number (
/16) = more IPs - Larger number (
/24) = fewer IPs
For this tutorial, we use /16 because:
โ
Plenty of IPs for all our resources
โ
Easy to subdivide into subnets (Day 4)
โ
Standard practice for VPCs
Step 1: Go to the VPC consoleโ
Open the AWS Console โIn the search bar at the top, type VPC and click VPC from the dropdown:
In the search bar at the top, type VPC and click VPC from the dropdown
You'll see the VPC dashboard:
You'll see the VPC dashboard
Step 2. Check for default VPCโ
Click Your VPCs in the left menu:
Click Your VPCs in the left menu
You should see one default VPC:
โ
One VPC with CIDR 172.31.0.0/16
โ
Status: Available
This is your default VPC.
You should see one default VPC
For this tutorial, yes.
Why?โ
- Already exists
- Pre-configured with internet gateway
- Saves time
- Works perfectly for our AI calling agent
When would you create a custom VPC?โ
- Production systems with specific security requirements
- Multi-VPC architectures
- Compliance requirements
For learning? The default VPC is perfect.
Step 3: Verify your VPCโ
Click on your default VPC, you'll see the details:
Click on your default VPC, you'll see the details
Confirm these settings:
| Setting | Value | Why |
|---|---|---|
| IPv4 CIDR | 172.31.0.0/16 | Your IP address range |
| Tenancy | Default | Shared hardware (cheaper) |
| DNS resolution | Enabled | Allows friendly domain names |
| DNS hostnames | Enabled | Resources get DNS names |
If you see all of these โ you're good! โ
Step 4: Verify internet gatewayโ
Your VPC needs an Internet Gateway (IGW) to communicate with the outside world.
Click Internet Gateways in the left sidebar:
Click Internet Gateways in the left sidebar
You should see one Internet Gateway already attached to your VPC:
You should see one Internet Gateway already attached to your VPC
Confirm:
โ
State: Attached
โ
VPC ID: matches your VPC
This is what allows your AI agent to:
- Call Twilio
- Reach OpenAO
- Respond to phone calls
Without an IGW, your AI agent is isolated from the internet.
โ Today's winโ
If you completed all the steps:
โ
You have a VPC 172.31.0.0/16
โ
It has an Internet Gateway attached
โ
DNS is enabled
โ
You can see it in the AWS Console
Tomorrow we'll divide this territory into neighborhoods (subnets).
Understanding what you buildโ
Let's visualize what you have:
Internet Gateway = Your neighborhood's gate to the internet
What you have:
โ
A private network (VPC)
โ
A door to the internet (IGW)
โ
65,536 IP addresses to use
What you don't have yet:
โ Subnets (Day 4)
โ Security rules (Day 7)
โ Load balancer (Day 9)
โ Running containers (Day 17)
We're building layer by layer, just like real infrastructure.
You might be wondering: "Why that specific IP range?"
Deep dive
Three common private IP ranges:
| Range | CIDR | Used For |
|---|---|---|
10.0.0.0/8 | 16.7 million IPs | Large corporate networks |
172.16.0.0/12 | 1 million IPs | AWS default VPCs |
192.168.0.0/16 | 65,536 IPs | Home networks |
AWS default VPCs use 172.31.0.0/16 because:
- It's a subset of the
172.16.0.0/12range - Unlikely to conflict with home networks
- Big enough for most projects
- Standard across all AWS accounts
Think of it like a phone area code: Everyone in your "area" (VPC) has the same prefix (172.31), but different endings (.X.X).
Troubleshootingโ
I don't see a default VPC
If you deleted your default VPC:
- Go to Your VPCs
- Click Actions โ Create default VPC
- AWS will recreate it for you
- Wait 30 seconds
- Refresh the page
OR create a new custom VPC:
- Go to Your VPCs
- Click Create VPC
Click Create VPC
- Name:
my-ai-vpc - IPv4 CIDR:
172.31.0.0/16 - Click Create
No Internet Gateway attached
- Go to Internet Gateways
- Click Create internet gateway
Create internet gateway
- Name:
my-igw - Click Create
- Select your new IGW
- Click Actions โ Attach to VPC
- Select you VPC
- Click Attach
I'm in the wrong AWS region
Check the region in the top-right corner of the AWS Console:
Check the region in the top-right corner of the AWS Console
For this tutorial, use: us-east-1 (N. Virginia)
To change:
- Click the region dropdown
- Select US East (N. Virginia)
- Refresh the VPC page
Tomorrow's previewโ
Today: You claimed your territory (VPC)
Tomorrow (Day 4): We divide it into neighborhoods
You'll create 4 subnets:
- 2 public (for the load balancer)
- 2 private (for your AI containers)
Each subnet will be in a different availability zone for high availability.
What we learned todayโ
1. What a VPC isโ
A private, isolated network in AWS where your resources run:
A Virtual Private Cloud VPC is your own private cloud territory
2. What CIDR blocks meanโ
172.31.0.0/16 = Your IP address range (65,536 IPs)
3. Why Internet Gateways matterโ
Without one, your VPC can't reach the internet (no Twilio, no OpenAI):
Internet Gateway = Your neighborhood's gate to the internet
4. Default vs custom VPCsโ
Default VPCs work great for learning and small projects
The foundation is laidโ
Days 1-2: Local development (your laptop) โ
Day 3: Infrastructure begins (VPC) โ YOU ARE HERE โ
Days 4-8: Networking (subnets, routing, security)
Days 9-12: Gateway (load balancer, DNS, SSL)
Days 13-17: Deployment (Docker, ECS, production!)
Days 18-24: Features (API, frontend, polish)
By Day 24, your AI will run in THIS VPC, 24/7, handling real calls.
Share your progressโ
Got your VPC set up? Share it!
Twitter/X:
"Day 3: Created my VPC in AWS. My AI calling agent now has a home in the cloud. Following @norahsakal's advent calendar ๐"
LinkedIn:
"Day 3 of building AI calling agents: Just set up my VPC in AWS. The foundation is laid. Ready for subnets tomorrow!"
Tag me! I want to see your progress! ๐
Want the full course?โ
But if you want:
โ
Complete codebase (one clean repo)
โ
Complete walkthroughs
โ
Support when stuck
โ
Production templates
โ
Advanced features
Join the waitlist for the full course (launching February 2026):
Need help with deployment? Want to brainstorm your AI calling idea? Grab a free 30-min call โ - happy to help.
Tomorrowโ
Tomorrow: Day 4 - Create Subnets (Build Your Neighborhoods) ๐๏ธ
We'll divide your VPC into public and private zones. Your load balancer gets the front yard, your AI gets the pool in back.
Read Day 4 โ
See you then!
โ Norah