🔍 Search documentation... ⌘K
v2.4.1
Console
Stable VPC Peering GA

Virtual Private Cloud (VPC)

Create isolated virtual networks for your CloudNexus resources. Define your own IP address ranges, subnets, route tables, and gateways to build a secure, scalable infrastructure.

ℹī¸
New Feature

VPC Peering is now generally available. Connect VPCs across regions with low-latency private networking. Read the migration guide →

Overview

A CloudNexus Virtual Private Cloud (VPC) is a logically isolated section of the cloud where you can launch resources in a virtual network that you define. You have complete control over your virtual networking environment, including:

  • Selecting your own IP address range from IPv4 CIDR blocks.
  • Configuring subnets to segment resources.
  • Defining route tables to control traffic flow.
  • Setting up security groups and network ACLs for granular access control.

VPCs are region-specific. To span multiple regions, you can use VPC Peering or CloudNexus Global Accelerator.

Architecture

Below is a typical VPC architecture deploying a web application with public and private tiers:

VPC: 10.0.0.0/16 Public Subnet (10.0.1.0/24) Load Balancer Web Server Private Subnet (10.0.2.0/24) App Server Database

Creating a VPC

You can create a VPC using the CloudNexus CLI, the Console, or the REST API.

Using the CLI

bash
# Create a new VPC with a specific CIDR block
cnex vpc create \
  --name "production-vpc" \
  --cidr "10.0.0.0/16" \
  --region "us-east-1" \
  --dns-hosted-zone true

# Output:
{
  "id": "vpc-8f7a9b2c1d",
  "name": "production-vpc",
  "state": "pending",
  "cidr_block": "10.0.0.0/16",
  "created_at": "2025-05-20T14:30:00Z"
}

Using the API

curl
POST /v2/vpcs
curl -X POST https://api.cloudnexus.com/v2/vpcs \
  -H "Authorization: Bearer $CNEX_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "production-vpc",
    "region": "us-east-1",
    "cidr_block": "10.0.0.0/16",
    "enable_dns_support": true
}'

Subnets

Subnets are subdivisions of a VPC's IP address range. Each subnet must reside within a single availability zone. Common best practices include:

  • Public Subnets: Resources that need direct internet access (e.g., Load Balancers, Bastion Hosts).
  • Private Subnets: Resources that should not be directly reachable from the internet (e.g., Application Servers, Databases).
Parameter Type Description
vpc_id string The ID of the VPC the subnet belongs to.
cidr_block string The CIDR range for the subnet (e.g., 10.0.1.0/24).
zone string The availability zone (e.g., us-east-1a).
auto_assign_public_ip boolean Automatically assign public IPs to instances launched here.

Security & Firewall

VPC security is enforced through Security Groups and Network ACLs. Security groups act as a virtual firewall for instances, controlling inbound and outbound traffic at the instance level.

⚠ī¸
Default Security Group

New VPCs come with a default security group that allows all outbound traffic and denies all inbound traffic. Always configure inbound rules for your use case.

API Reference

Method Endpoint Description
GET /v2/vpcs List all VPCs in the specified region.
POST /v2/vpcs Create a new VPC.
GET /v2/vpcs/{id} Get details of a specific VPC.
DELETE /v2/vpcs/{id} Delete a VPC. The VPC must be empty (no subnets/instances).

Limits & Quotas

Standard CloudNexus accounts are subject to the following VPC limits:

  • VPCs per region: 5
  • Subnets per VPC: 20
  • Route tables per VPC: 5
  • Security groups per VPC: 50

To increase these limits, please contact CloudNexus Support.

←
Previous
Firewall Rules
Next
Subnets
→
"}]