VPC allows you to build your own Virtual Private Cloud on top of Scaleway’s shared public cloud.
VPC currently comprises the regional Private Networks product. Layer 2 regional Private Networks sit inside the layer 3 VPC. Private Networks allows Scaleway resources (Instances, Load Balancers, Managed Databases etc.) within a single region to be interconnected through a dedicated, private, and flexible L2 networkOpen in new context.
You can add as many resources to your networks as you want, and add up to eight (8) different networks per resource. This allows you to run services isolated from the public internet and expose them to the rest of your infrastructure without worrying about public network filtering.
Note
VPC v2 is now in General Availability.
Tip
Check out our IPAM APIOpen in new context to facilitate the management of IP addresses across your different Scaleway resources.
Concepts
Refer to our dedicated concepts pageOpen in new context to find definitions of all concepts and terminology related to VPC.
Quickstart
-
Configure your environment variables
Note
This is an optional step that seeks to simplify your usage of the API. See the Technical information section below for help choosing an Availability Zone and Region. You can find your Project ID in the Scaleway consoleOpen in new context.
Code -
Create a Private Network. Run the following command to create a Private Network. You can customize the details in the payload (name, tags etc.) to your needs.
CodeTip
Keep the
idfield of the response: it is your Private Network ID, and is useable across all Scaleway products that support Private Networks. It may be useful to you to export the Private Network ID as a new environment variable `export PN_ID="Tip
If you create a Private Network without specifying a VPC to create it in, the behavior depends on when you created your Scaleway Project. Find out moreOpen in new context
-
Attach a resource to your Private Network. Each Scaleway product has its own API to interact with Private Networks. To attach an Instance, Managed Database, Elastic Metal server, Load Balancer or Public Gateway to your Private Network, see instructions in the documentation of the relevant product API. Here, we take the example of an Instance.
Use the following call to attach an Instance to your Private Network. Ensure you replace
<Instance ID>with the ID of your Instance, and<Private Network ID>with the ID of your Private Network. Note that the Instance must be in an Availability Zone that is part of the region of your Private Network.CodeTip
Keep the
idfield of the response: it is your Private NIC ID. It may be useful to you to export the Private NIC ID as a new environment variable `export NIC_ID="Tip
Keep the
mac_addressfield of the response, as it will allow you to identify the Private NIC inside your Instance. If successful, a new network interface will appear inside your Instance, ready to be configured to transmit traffic to other Instances of the same network, with the MAC address returned by the API call. -
Confirm that the network interface has been plugged in. To do this, connect to your Instance and run
dmseg. You should see an output similar to the following:Code -
Confirm the presence of the network interface, and confirm its name if several networks are plugged into your Instance. To do this, run
ip -br link. You should see an output similar to the following:Code -
Configure the Instance's IP address. DHCP is activated by default on new Private Networks, and automatically assigns IP addresses to resources on the network. If you have an older Private Network, check whether DHCP is activatedOpen in new context and either activate DHCP for automatic IP configuration, or manually configureOpen in new context the network interface on your Instance if necessary.
-
Delete your Private NIC, which equates to unplugging your Instance from the Private Network. Use the following call. Ensure you replace
<Instance ID>with the ID of your Instance,<Private Network ID>with the ID of your Private Network, and<NIC ID>with the ID of your Private NIC.CodeThe network interface disappears from your Instance.
-
Delete your Private Network. Use the following call. Ensure you replace
<Private Network ID>with the ID of your Private Network.CodeNote
Private Networks must be empty to be deleted. Ensure you have detached all resources and deleted all reserved IPs from your network prior to deletion.
Requirement
- You have a Scaleway accountOpen in new context
- You have created an API keyOpen in new context and that the API key has sufficient IAM permissionsOpen in new context to perform the actions described on this page
- You have installed
curlOpen in new context
Technical information
VPC and Private Networks are available in the Paris, Amsterdam and Warsaw regions, which are represented by the following path parameters:
fr-parit-milnl-amspl-waw
Technical limitations
The following limitations apply to Scaleway VPC:
- Up to 250 resources can be attached to a Private Network.
- A resource can be attached to up to 8 Private Networks.
- The following resource types can be attached to a Private Network:
- Instances
- Elastic Metal servers
- Apple silicon
- Managed Inference
- Load Balancers
- Public Gateways
- Managed Databases for PostgreSQL and MySQL
- Managed Databases for Redis (only at the time of resource creation)
- Kubernetes Kapsule (only at the time of resource creation)
- The MAC address of an Instance in a Private Network cannot be changed.
- Broadcast and multicast traffic, while supported, are heavily rate-limited.
Going further
For more help using Scaleway VPC and Private Networks, check out the following resources:
- Our main documentationOpen in new context
- The #virtual-private-cloud channel on our Slack CommunityOpen in new context
- Our support ticketing systemOpen in new context.