Release: Amazon Virtual Private Cloud on 2009-12-14

Amazon VPC is now in unlimited beta, we've increased the maximum allowed VPC size, and we've made a minor change to the DescribeVpnConnections response.

Release Date: December 14, 2009
Created On: December 14, 2009
Last Updated: October 09, 2017

New Features

Feature Description
Unlimited Public Beta Amazon VPC is now in an unlimited beta, which means interested users no longer need AWS approval to use the service. Anyone wanting to use Amazon VPC can do so by signing up for Amazon EC2 on the Amazon EC2 product page (the subscription to Amazon VPC is included). All existing Amazon EC2 users have been automatically signed up for Amazon VPC. Users incur Amazon VPC charges only if they actually use the service.
Change to VPC Size We've changed the maximum size of a VPC from /18 to /16 (in CIDR notation). The minimum size is still /28. If you require a VPC larger than /16 in size, please complete the form at http://aws.amazon.com/contact-us/vpc-request/.
Change to DescribeVpnConnections We've changed the response for the DescribeVpnConnections API call so that the customer gateway configuration information is returned only for VPN connections in the pending or available state. If the VPN connection is in the deleting or deleted state, the XML response does not include the element. There's no change to the WSDL.

We've released a new version of the following tools to accommodate the change:

Known Issues

Issue Description
Current Limits

During the Amazon VPC public beta:

  • You are limited to one VPC with one VPN connection (per AWS account)
  • You can assign one IP address range to your VPC
  • You can't change the IP address range of a created VPC or subnet
  • When you launch an instance in a subnet, AWS automatically assigns the instance an IP address from the IP address range the subnet covers; you can't currently choose the specific IP address to use with the instance.
No Support for Amazon VPC in the AWS Management Console You can't use the AWS Management Console to execute any of the Amazon VPC API operations or launch instances into a VPC. Any instances you launch (with the command line tools or API) appear in your list of running instances that the console displays. However, the console doesn't display the IP address, subnet ID, or VPC ID of those instances. Also the console incorrectly displays "Error" or a hyphen in the Security Group field for those instances.
No Direct Internet Access from a VPC Any VPC traffic to/from the Internet must currently route through the established VPN connection and through your existing IT infrastructure to the public Internet. You are currently unable to send/receive Internet traffic directly from your VPC.
Unsupported AWS Services Only Accessible Via VPN Connection Amazon VPC allows you to deploy Amazon EC2 instances within your VPC. Resources provided by services such as Amazon S3, Amazon SQS, Amazon SimpleDB and others can't currently be deployed within your VPC, and, as such, are only accessible to resources within your VPC via the VPN connection, through your network, and to the respective service's public endpoint. You may need to create firewall exceptions to allow cloud-based instances to access the Internet (and possibly NAT) from your existing IT infrastructure.
Broadcast and Multicast Unsupported in a VPC You are unable to employ either broadcast or multicast within your VPC.
Increased Latency in Bundling Linux/UNIX AMIs You may experience increased latency in bundling Linux/UNIX AMIs within Amazon VPC. Such bundles are transferred from the instance, through the VPN connection, through your network and to the public Amazon S3 endpoint. You may need to create firewall exceptions to allow cloud-based instances to access the Internet (and possibly NAT) from your existing IT infrastructure.
Service Currently Available in One Availability Zone Currently your VPC, subnets, VPN gateway, and any instances you launch in the VPC must all reside in a single Availability Zone in the us-east-1 region.
No Capacity Guarantee for Amazon EC2 Reserved Instances Reserved Instances (with their discounted rates) are available; however, there's currently no capacity guarantee for Reserved Instances in a VPC.
Traffic Sent to Overlapping IP Address Ranges Is Dropped If your VPC's IP address range overlaps with an IP address range in use within your existing IT infrastructure, Amazon VPC will drop any traffic to said range. To avoid this, create your VPC so it does not overlap with current or expected future subnets in your network.
Ordering of DHCP Option Values Not Guaranteed When you specify DHCP options, some options (e.g., DNS servers) accept multiple values. The ordering of these values is not guaranteed. After creating the options, you should use the DescribeDhcpOptions operation (or the ec2-describe-dhcp-options command) to confirm the order in which the options will be delivered to instances.
AWS Capabilities Currently Unavailable within Amazon VPC The following AWS services and Amazon EC2 features are currently not available for use with a VPC:
  • Amazon EBS-backed AMIs (including AMIs running Microsoft Windows Server 2008 and Microsoft SQL Server® Standard 2008)
  • Security groups
  • Elastic IP addresses
  • Elastic Load Balancing
  • High-Memory Instances
  • Spot Instances
  • Auto Scaling
  • Amazon Elastic MapReduce
  • Amazon DevPay AMIs