When you create a new AWS account, the system automatically provisions a default VPC in each region with specific configurations:
CIDR block: 172.31.0.0/16
Subnets in multiple Availability Zones
Internet Gateway attached
Default security group and network ACL
Main route table with default route to IGW
AWS doesn't provide an API or CLI command to simply toggle the isDefault attribute from false to true. This design prevents accidental misconfiguration of network infrastructure. However, we have several workarounds depending on your specific needs.
If your original default VPC was deleted, use this AWS CLI command:
aws ec2 create-default-vpc
This will create a new VPC with all default characteristics in your current region.
For an existing non-default VPC that needs default-like behavior:
# Create Internet Gateway
IGW_ID=$(aws ec2 create-internet-gateway --query 'InternetGateway.InternetGatewayId' --output text)
# Attach to VPC
aws ec2 attach-internet-gateway --internet-gateway-id $IGW_ID --vpc-id vpc-12345678
# Update route table
ROUTE_TABLE_ID=$(aws ec2 describe-route-tables --filters Name=vpc-id,Values=vpc-12345678 --query 'RouteTables[0].RouteTableId' --output text)
aws ec2 create-route --route-table-id $ROUTE_TABLE_ID --destination-cidr-block 0.0.0.0/0 --gateway-id $IGW_ID
If you're using Terraform, modify your template to include default-like settings:
resource "aws_vpc" "main" {
cidr_block = "172.31.0.0/16"
tags = {
Name = "Default-like VPC"
}
}
resource "aws_subnet" "public" {
count = length(data.aws_availability_zones.available.names)
vpc_id = aws_vpc.main.id
cidr_block = "172.31.${count.index}.0/20"
availability_zone = data.aws_availability_zones.available.names[count.index]
tags = {
Name = "Default-like subnet ${count.index}"
}
}
- AWS services often assume default VPC existence (e.g., RDS, Lambda)
- Some legacy applications may hardcode default VPC resources
- Audit IAM policies that reference specific VPC IDs
- Consider updating automation scripts to parameterize VPC selection
After configuration, verify using:
aws ec2 describe-vpcs --filters "Name=isDefault,Values=true"AWS automatically creates a default VPC in each region with specific configurations:
- Pre-configured CIDR block (172.31.0.0/16)
- Default subnets in each Availability Zone
- Internet Gateway attached
- Main route table with internet access
The "Default VPC" attribute is immutable after creation. If you've deleted your original default VPC, you cannot simply mark an existing custom VPC as default. Instead, you must recreate the default VPC configuration.
Follow these steps in the AWS Management Console:
- Navigate to VPC Dashboard
- Select "Your VPCs" from the left menu
- Click "Actions" → "Create Default VPC"
For automation purposes, use this AWS CLI command:
aws ec2 create-default-vpc
Example output:
{
"Vpc": {
"CidrBlock": "172.31.0.0/16",
"DhcpOptionsId": "dopt-xxxxxxxx",
"State": "pending",
"VpcId": "vpc-0xxxxxxxxxxxxxxx",
"OwnerId": "123456789012",
"InstanceTenancy": "default",
"Ipv6CidrBlockAssociationSet": [],
"CidrBlockAssociationSet": [
{
"AssociationId": "vpc-cidr-assoc-xxxxxxxx",
"CidrBlock": "172.31.0.0/16",
"CidrBlockState": {
"State": "associated"
}
}
],
"IsDefault": true
}
}
- You can only have one default VPC per region
- Default VPC cannot be created if one already exists
- Deleted default VPCs don't retain their original CIDR when recreated
If you need specific configurations, create a custom VPC with similar settings:
aws ec2 create-vpc --cidr-block 172.31.0.0/16 aws ec2 create-subnet --vpc-id vpc-0xxxxxxxxxxxxxxx --cidr-block 172.31.1.0/24 aws ec2 create-internet-gateway aws ec2 attach-internet-gateway --vpc-id vpc-0xxxxxxxxxxxxxxx --internet-gateway-id igw-xxxxxxxx