What's the best practice on reusing VPCs on AWS?

Question

The default VPCs quota on AWS is 5 per region which tells me AWS doesn't want me to create many VPCs but what's the best practice on reusing VPCs across multiple projects. AWS doesn't have isolation per project like GCP, so you have to think about isolating resources. Let's say I create two separate EKS clusters that shouldn't communicate with each other, is it ok to use the same VPC for them with different subnets? What is the general rule of thumb on reusing VPCs?

Answer 1

If you're after a long term strategy for AWS, I would suggest to get yourself familiar with the a multi-account approach, AWS recommends it as the best practice that offers several benefits:

• Rapid innovation with various requirements
• Simplified billing
• Flexible security controls
• Easily adapts to business processes

A common way that is being used in organisations is "Environmental lifecycle account structure" as per image below

Using this approach you would separate your applications into individual accounts with lifecycle environments for each application (dev,test,prod).

Those accounts are often referred as workload/application or group accounts as per slide below. In addition your application accounts you will also have your core accounts such as security, shared services and logging etc.

Worth mentioning that there is no right or wrong way to organise aws accounts those are only guidelines how companies are commonly doing it.

I would encourage you read more about multi/account strategy to determine if it's something you're ready and willing to employ now or just stick to the single account approach if you're in the PoC stage and come to it later.