- Newest
- Most votes
- Most comments
In general, it's a good idea to delete the default VPCs as part of account creation. The default VPC doesn't comply with the majority of basic best practices, and on a practical level, it always has the same CIDR range, making it impossible to connect with any other default VPC. Deleting the default VPC guarantees that at least somewhat conscious effort has to be put into creating a VPC before using one, rather than there being a blatantly misconfigured one that someone could use without even realising they should think about it.
As such, aside from the default CIDR, there's nothing functionally special about the default VPC, so you can also fix the issues in place. My recommendation would be to delete it and create a new one in your standard way, however.
Hello,
Creation VPC plays a major role in creating infrastructure of the task. As you mentioned Default VPC doesn't have Security best practices. For minor testing purpose it will be fine. But for Production or for QA we have to follow the actual AWS best practices.
I also faced same issue with Default VPC while doing POC's, it is bit complicate to change the network configurations once resources are created on VPC. Better to suggest Custom VPC So they can habit for AWS best practice.
Thank You
Relevant content
- asked 3 years ago
- asked 3 years ago
- AWS OFFICIALUpdated 10 months ago
Hi, default VPC is an easy way to start with AWS services (EC2, etc.) but it's only that. You should avoid it in production setups.
Hi Leo - besides the CIDR range being the same across regions, is there anything else different in the default VPC? I see this statement being made "The default VPC does not have the proper security controls applied." - what security controls are these? If its about public / private subnets, that can also be applied to the default VPC.