Day 3: Create your VPC (AWS foundation begins)
How to create a Virtual Private Cloud (VPC) in AWS - your AI agent's private territory
Your AI agent needs a homeโ
Days 1-2: Your AI caller agent ran on your laptop.
Today: We're moving it to the cloud
But before your AI caller agent can live in AWS, it needs a home: a private, isolated network where only your resources cab communicate.
That's what a VPC is.
What is a VCP?โ
Think of it like this:
AWS is a massive city with millions of buildings (servers)
A VPC is your gated neighborhood in that city
Only you control who gets in, who gets out and what happens inside
Here's a visual:
A Virtual Private Cloud VPC is your own private cloud territory
By the end of today, you'll have:
โ
Your own private cloud territory
โ
A foundation for everything we build next
โ
Complete control over your network
What you'll build todayโ
A Virtual Private Cloud (VPC) with:
โ
Your own IP address range (172.31.0.0/16)
โ
Isolated from all other AWS users
โ
Ready for subnets, security groups and more
This takes 5 minutes to set up, but it's the foundation for Days 4-24.
You might be thinking: "Can't we just deploy the code first?"
No. Here's why;
Without a VPC:
โ Your AI agent has no place to run
โ No security boundaries
โ No control over traffic
With a VPC:
โ
Complete network isolation
โ
You control all access
โ
Production-ready security
We're building the foundation first, then putting the AI on top.
What you'll learnโ
- What a VPC actually is (and why you need one)
- How IP address ranges work (CIDR blocks)
- Why we use
172.31.0.0/16 - How to navigate the AWS console
- The difference between default VPC and custom VPC
But if you want:
โ
Complete codebase (one clean repo)
โ
Complete walkthroughs
โ
Support when stuck
โ
Production templates
โ
Advanced features
Join the waitlist for the full course (launching February 2026):
Building something with AI calling? Let's chat about your use case! Schedule a free call โ - no pitch, just two builders talking.
Time requiredโ
5 minutes
Prerequisitesโ
1. An AWS accountโ
Log in to console.aws.amazon.com โ
That's it. No code today. Just infrastructure.
Understanding VPCs (2-minute primer)โ
Before we create one, let's understand what a VPC actually is.
What is a VPC?โ
VPC = Virtual Private Cloud
It's a logically isolated section of AWS where you launch resources like:
- Servers (EC2, Fargate)
- Databases (RDS, DynamoDB)
- Load balancers (ALB)
Key point: Resources in your VPC are isolated from other AWS users.
Why do you need a VPC?โ
Without a VPC:โ
- Your AI agent runs on a shared network
- Anyone could potentially access it
- No control over traffic flow
With a VPC:โ
- You AI agent runs in your private network
- You control who gets in/out
- Production-grade security
It's like the difference between:
โ Renting a desk in a shared office (no VPC)
โ
Owning your own office building (VPC)
What is a CIDR block?โ
CIDR = Classless Inter-Domain Routing
It'sa way to specify an IP address range.
Example: 172.31.0.0/16
What it means:
172.31.0.0= Starting IP address/16= How many IP addresses you get
Think of it like:
I want all IP addresses from
172.31.0.0to172.31.255.255
That's 64,536 IP addresses, more than enough for our AI calling agent.
Understanding CIDR notation
CIDR deep dive
| CIDR | # of IPs | Range Example |
|---|---|---|
/16 | 65,536 | 172.31.0.0 โ 172.31.255.255 |
/20 | 4,096 | 172.31.0.0 โ 172.31.15.255 |
/24 | 256 | 172.31.1.0 โ 172.31.1.255 |
Rule of thumb:
- Smaller number (
/16) = more IPs - Larger number (
/24) = fewer IPs
For this tutorial, we use /16 because:
โ
Plenty of IPs for all our resources
โ
Easy to subdivide into subnets (Day 4)
โ
Standard practice for VPCs
Step 1: Go to the VPC consoleโ
Open the AWS Console โIn the search bar at the top, type VPC and click VPC from the dropdown:
In the search bar at the top, type VPC and click VPC from the dropdown
You'll see the VPC dashboard:
You'll see the VPC dashboard
Step 2. Check for default VPCโ
Click Your VPCs in the left menu:
Click Your VPCs in the left menu
You should see one default VPC:
โ
One VPC with CIDR 172.31.0.0/16
โ
Status: Available
This is your default VPC.
You should see one default VPC
For this tutorial, yes.
Why?โ
- Already exists
- Pre-configured with internet gateway
- Saves time
- Works perfectly for our AI calling agent
When would you create a custom VPC?โ
- Production systems with specific security requirements
- Multi-VPC architectures
- Compliance requirements
For learning? The default VPC is perfect.
Step 3: Verify your VPCโ
Click on your default VPC, you'll see the details:
Click on your default VPC, you'll see the details
Confirm these settings:
| Setting | Value | Why |
|---|---|---|
| IPv4 CIDR | 172.31.0.0/16 | Your IP address range |
| Tenancy | Default | Shared hardware (cheaper) |
| DNS resolution | Enabled | Allows friendly domain names |
| DNS hostnames | Enabled | Resources get DNS names |
If you see all of these โ you're good! โ
Step 4: Verify internet gatewayโ
Your VPC needs an Internet Gateway (IGW) to communicate with the outside world.
Click Internet Gateways in the left sidebar:
Click Internet Gateways in the left sidebar
You should see one Internet Gateway already attached to your VPC:
You should see one Internet Gateway already attached to your VPC
Confirm:
โ
State: Attached
โ
VPC ID: matches your VPC
This is what allows you AI agent to:
- Call Twilio
- Reach OpenAO
- Respond to phone calls
Without an IGW, your AI agent is isolated from the internet.
โ Today's winโ
If you completed all the steps:
โ
You have a VPC 172.31.0.0/16
โ
It has an Internet Gateway attached
โ
DNS is enabled
โ
You can see it in the AWS Console
Tomorrow we'll divide this territory into neighborhoods (subnets).
Understanding what you buildโ
Let's visualize what you have:
Internet Gateway = Your neighborhood's gate to the internet
What you have:
โ
A private network (VPC)
โ
A door to the internet (IGW)
โ
65,536 IP addresses to use
What you don't have yet:
โ Subnets (Day 4)
โ Security rules (Day 7)
โ Load balancer (Day 9)
โ Running containers (Day 17)
We're building layer by layer, just like real infrastructure.
You might be wondering: "Why that specific IP range?"
Deep dive
Three common private IP ranges:
| Range | CIDR | Used For |
|---|---|---|
10.0.0.0/8 | 16.7 million IPs | Large corporate networks |
172.16.0.0/12 | 1 million IPs | AWS default VPCs |
192.168.0.0/16 | 65,536 IPs | Home networks |
AWS default VPCs use 172.31.0.0/16 because:
- It's a subset of the
172.16.0.0/12range - Unlikely to conflict with home networks
- Big enough for most projects
- Standard across all AWS accounts
Think of it like a phone area code: Everyone in your "area" (VPC) has the same prefix (172.31), but different endings (.X.X).
Troubleshootingโ
I don't see a default VPC
If you deleted your default VPC:
- Go to Your VPCs
- Click Actions โ Create default VPC
- AWS will recreate it for you
- Wait 30 seconds
- Refresh the page
OR create a new custom VPC:
- Go to Your VPCs
- Click Create VPC
Click Create VPC
- Name:
my-ai-vpc - IPv4 CIDR:
172.31.0.0/16 - Click Create
No Internet Gateway attached
- Go to Internet Gateways
- Click Create internet gateway
Create internet gateway
- Name:
my-igw - Click Create
- Select your new IGW
- Click Actions โ Attach to VPC
- Select you VPC
- Click Attach
I'm in the wrong AWS region
Check the region in the top-right corner of the AWS Console:
Check the region in the top-right corner of the AWS Console
For this tutorial, use: us-east-1 (N. Virginia)
To change:
- Click the region dropdown
- Select US East (N. Virginia)
- Refresh the VPC page
Tomorrow's previewโ
Today: You claimed your territory (VPC)
Tomorrow (Day 4): We divide it into neighborhoods
You'll create 4 subnets:
- 2 public (for the load balancer)
- 2 private (for your AI containers)
Each subnet will be in a different availability zone for high availability.
What we learned todayโ
1. What a VPC isโ
A private, isolated network in AWS where your resources run:
A Virtual Private Cloud VPC is your own private cloud territory
2. What CIDR blocks meanโ
172.31.0.0/16 = Your IP address range (65,536 IPs)
3. Why Internet Gateways matterโ
Without one, your VPC can't reach the internet (no Twilio, no OpenAI):
Internet Gateway = Your neighborhood's gate to the internet
4. Default vs custom VPCsโ
Default VPCs work great for learning and small projects
The foundation is laidโ
Days 1-2: Local development (your laptop) โ
Day 3: Infrastructure begins (VPC) โ YOU ARE HERE โ
Days 4-8: Networking (subnets, routing, security)
Days 9-12: Gateway (load balancer, DNS, SSL)
Days 13-17: Deployment (Docker, ECS, production!)
Days 18-24: Features (API, frontend, polish)
By Day 24, your AI will run in THIS VPC, 24/7, handling real calls.
Share your progressโ
Got your VPC set up? Share it!
Twitter/X:
"Day 3: Created my VPC in AWS. My AI calling agent now has a home in the cloud. Following @norahsakal's advent calendar ๐"
LinkedIn:
"Day 3 of building AI calling agents: Just set up my VPC in AWS. The foundation is laid. Ready for subnets tomorrow!"
Tag me! I want to see your progress! ๐
Want the full course?โ
But if you want:
โ
Complete codebase (one clean repo)
โ
Complete walkthroughs
โ
Support when stuck
โ
Production templates
โ
Advanced features
Join the waitlist for the full course (launching February 2026):
Need help with deployment? Want to brainstorm your AI calling idea? Grab a free 30-min call โ - happy to help.
Tomorrow: Day 4 - Create Subnets (Build Your Neighborhoods) ๐๏ธ
See you then!
โ Norah