VPC - Quickstart

VPC allows you to build your own Virtual Private Cloud on top of Scaleway’s shared public cloud.

One default VPC per region is automatically created per Scaleway Project, and you can create more VPCs if you wish.

Within each VPC, you can create Private Networks and attach Scaleway resources (Instances, Elastic Metal servers, Load Balancers etc.) to them, as long as the resources are within the network’s region. Resources attached to a Private Network can communicate between themselves in an isolated and secure virtual layer 2 network, away from the public internet.

VPC routing facilitates the automatic routing of traffic between the Private Networks of a VPC, as well as the ability to define custom routes between resources. Finely control and limit routing between resources in a VPC via the Network Access Control List (currently available only via the VPC API).

Attach a Public Gateway to your VPC to give your resources controlled access to the public internet via the Private Network.

This quickstart walks you through the process of getting started with Scaleway VPC.

Before you startLink to this anchor

To complete the actions presented below, you must have:

• A Scaleway account logged into the console

How to identify your default VPCsLink to this anchor

One default VPC per region is automatically created per Scaleway Project. You can create more if you wish, but it is not necessary for basic use cases.

Click VPC in the Network section of the Scaleway console side menu. Your VPC dashboard displays:

You see three default VPCs, one for each of the following regions:

• Paris PAR
• Amsterdam AMS
• Warsaw WAW

Any new Private Networks that you create will be added to the default VPC for their region, unless you override this by creating and specifying a different VPC.

How to create a VPCLink to this anchor

If you want to create more VPCs beyond the default ones created for you, you can do so via the following steps:

1. Click VPC in the Network section of the Scaleway console side menu.

2. Click «Plus Icon» Create a VPC. The VPC creation wizard displays.

   

3. Choose a region in which to create your VPC.

4. Enter a name for your VPC (or use the wand icon to generate a random name). Optionally, you can also add tags to help organize your VPCs. Each tag should be separated by a space.

   Note

   The resource name can only include alphanumerical characters and dashes.

   You can create Private Networks in this VPC after you have created the VPC itself. However, you can not move an existing Private Network from one VPC to another.

5. Click Create VPC to finish.

   Your VPC is created, and you are redirected to its Overview page.

How to create a Private NetworkLink to this anchor

You can create multiple Private Networks within each VPC. Resources attached to each Private Network will be able to communicate between themselves via their private IP addresses or private hostnames, away from the public internet.

1. Click VPC in the Network section of the side menu. The list of your VPCs displays.

2. Click the VPC you wish to create your Private Network in.

   If you already have existing Private Networks in this VPC, a list of these displays. Otherwise, you see a welcome screen.

3. Click + Create Private Network. The creation screen displays.

   

4. Enter a name for the network, or leave the randomly-generated name in place. Optionally, you can also add tags to help organize your Private Networks. Each tag should be separated by a space.

   Note

   The resource name can only include alphanumeric characters and dashes. Avoid using a Top Level Domain as your Private Network name, as this can cause addressing conflicts. For example, do not call your Private Network dev, cloud or com. For a complete reference of TLDs to avoid, see the full list provided by IANA. Read more about this issue in our dedicated documentation.

   Leave the Advanced Settings at default values, to create a network with an auto-generated CIDR block. IP addresses for attached resources will come from this block.

5. Click Create Private Network to finish. Your Private Network is created.

How to attach resources to a Private NetworkLink to this anchor

1. Click VPC in the Network section of the side menu. Your VPC dashboard displays.

2. Click the VPC containing the Private Network to which you want to attach a resource. A list of Private Networks in this VPC displays.

3. Click the Private Network to which you want to attach a resource.

   The Private Network’s dashboard displays.

   

4. Click the Attached resources tab.

   

5. Use the toggle to select the type of resource you want to attach:

   • Managed resources are created and managed via Scaleway, e.g. Instances, Elastic Metal servers, Load Balancers, Managed Databases, Kubernetes Kapsules, Public Gateways, Apple silicon etc.
   • Custom resources are created and managed by yourself, e.g. virtual machines you are hosting on a Proxmox cluster on an Elastic Metal server.

6. Click + Attach resource. A pop-up displays.

7. Complete the required information about the resource to attach. This depends on whether you are attaching a managed or custom resource.

   • Managed resource
   • Custom resource
   

   • From the first drop-down, select the type of managed resource (Instance, Elastic Metal server etc.) to attach.
   • From the second drop-down, select the specific resource of this type to attach. Only resources within the same region as the Private Network will be displayed.
   • Select whether to auto-allocate an available IP from the pool of addresses for the Private Network or specify an IP that you have already reserved via IPAM.

   Note

   Only Instances, Load Balancers, Public Gateways, and Elastic Metal servers are compatible with reserved IPs. Support for Managed Databases and Apple silicon will be coming soon. In the meantime, you must auto-allocate IPs for these products.

8. Click Attach to Private Network to finish.

   You are returned to the list of attached resources, where the newly-attached resource now displays.

How to address resources on a Private NetworkLink to this anchor

Resources on a Private Network can be addressed via their private IP address or their hostname.

Private IP addressLink to this anchor

When you attach a resource to a Private Network, it gets a private IPv4 address on that network (and also an IPv6 address, if supported by the resource).

Private IPs are assigned from the CIDR block defined at the time of the Private Network’s creation, either via auto-assignment or specification of a particular reserved IP.

You can view a resource’s IPv4 or v6 address in the Attached Resources tab of the Private Network itself (follow steps 1 - 5 above). It can also be viewed via the Private Networks tab of the resource’s own dashboard.

HostnameLink to this anchor

In addition to using its private IP address, you can also access a resource on a Private Network via its hostname, thanks to VPC’s inbuilt private DNS.

A resource’s hostname is equivalent to the name you gave the resource when creating it. For example, if you have an Instance with the name instance123 attached to a Private Network named prodpn, its address on that network is instance123.prodpn.internal. The .internal is important to allow Scaleway DNS to distinguish public and private hostnames.

For full information on Scaleway internal DNS and hostname formats, including troubleshooting advice, see our dedicated DNS documentation.

How to manage routingLink to this anchor

Routing is used to manage and control the flow of traffic within a VPC. It tells the VPC where to send traffic trying to get to a specific destination IP address. Notably, it allows traffic to be automatically routed between resources attached to different Private Networks within the VPC, using their private IP addresses. You can also create your own custom routes.

Your VPC’s route table can be found in its Routing tab. The route table shows all the existing routes for the VPC.

1. Click VPC in the Network section of the side menu. The list of your VPCs displays.

2. Click a VPC, and click the Routing tab.

   Routes are automatically generated and added to the route table when you:

   • Create a Private Network in the VPC (this generates a local subnet route, which allows the VPC to automatically route traffic between Private Networks), or
   • Attach a Public Gateway to a Private Network and set it to advertise a default route. This generates a default route to the internet.
   • Create a custom route.

When your route table starts to populate, it will look something like this:

You can use the VPC’s Network Access Control List to limit and restrict certain routes within a VPC, but this feature is currently available via the VPC API only only.

How to delete a Private NetworkLink to this anchor

You must detach all resources and release all reserved IPs from the Private Network before you can delete it.

1. Click VPC in the Network section of the side menu.

   Each Private Network exists within a VPC.

   

2. Click the VPC containing the Private Network you want to delete.

   A list of your Private Networks in this VPC displays:

   

3. Click the «See more Icon» icon next to the Private Network you want to delete, then click Delete on the pop-up menu.

   

   A screen displays asking you to confirm that you want to delete the network.

4. Type DELETE and click Delete Private Network.

Your Private Network is deleted.