Default AWS VPC vs A new one?

Question

Should I use the AWS Default VPC, or should I create a new one?

What are the differences and advantages to create a new one?

Or, in witch situations should I select between the two?

Answer 1

There would be no real problem with you using the default VPC and adding a private subnet but this is certainly not ideal. The default VPC is designed so that you can quickly deploy resources and not have to think about the underlying network. If you are just doing a very basic deployment then it works great. But you are locked into the network model that is included with the default VPC. So if you decide that 172.31.0.0/16 won't work for you then the default VPC is no longer an option. By creating a custom VPC you can tailor your network exactly the way you want it and prevent any overlapping IP addresses if you plan to connect to an on-premise environment or plan to peer VPCs together. If you don't mind the restrictions on the network then feel free to use the default VPC.

Answer 2

The default VPC is a public VPC. It is designed to make it easy to get going with EC2/RDS and other related AWS services. It has an internet gateway and public subnets with corresponding route table. So, it's a good way to go if you don't know how to setup a VPC, you only need publicly accessible resources, or you're playing around or quickly prototyping something.

However, for production or environments in which you need to keep parts of your network private, I would recommend creating your own. This allows you to setup exactly what need. It is more complicated than just using the default but if you already know how to setup a VPC, it's recommended.