IBM Cloud Docs
Cloud foundation for VPC – QuickStart (Basic and simple)

Cloud foundation for VPC – QuickStart (Basic and simple)

The QuickStart variation of the Cloud foundation for VPC provides a basic and simple Virtual Private Cloud (VPC) deployment that requires minimal configuration. It enables users to quickly create a functional network environment on IBM Cloud. This variation is best suited for users who need a basic VPC configuration with lightweight networking defaults and support for VPC Flow Logs.

Architecture diagram

Architecture diagram for the QuickStart variation of Cloud foundation for VPC
Quickstart variation of Cloud foundation for VPC

Design requirements

Design requirements for Cloud foundation for VPC
Scope of the design requirements

Requirements

The following table outlines the requirements that are addressed in this architecture.

QuickStart variation of Cloud foundation for VPC
Requirement Component Reasons for choice Alternative choice
Provide a basic, ready-to-use VPC with minimal inputs Predefined VPC Deploys a VPC quickly without requiring users to design networking components Use the fully configurable variation for granular control
Create availability-zone redundancy Fixed three-zone subnets Ensures high availability by provisioning one subnet per zone automatically Use the fully configurable variation for flexibility
Basic traffic governance Network profile selector (unrestricted, public_web_services, private_only, isolated) Provides simple, predefined ACL behavior without requiring custom rules Define custom ACL rules and SG rules manually in the fully configurable variation

Key features

VPC Setup

  • Automatically creates a new VPC with IBM-recommended defaults
  • Sets up one subnet per zone, resulting in three subnets.

Built-in Network Profiles

The following network profiles provide predefined security postures by configuring Network ACLs, public gateway access, and default security group behavior. These profiles align exactly with the options exposed in the IBM Cloud catalog UI.

  • Unrestricted (All Traffic Allowed) Allows all inbound and outbound traffic. Suitable for testing or unrestricted workloads.

  • Public Web Services (SSH, HTTP, HTTPS + IBM Cloud Internal) (Default) Allows traffic on common service ports (SSH 22, HTTP 80, HTTPS 443), enables IBM Cloud internal connectivity.

  • Private Only (IBM Cloud Internal + VPC) No external/public connectivity. Only IBM internal and VPC connectivity allowed. Intended for internal-only workloads that must not be exposed publicly. Learn more: https://cloud.ibm.com/docs/vpc?topic=vpc-about-networking#private-network

  • Isolated (No Network Access) Fully locked-down environment with no inbound or outbound connectivity. Suitable for highly sensitive or isolated security scenarios.

Security & Network Defaults

  • ACLs applied according to the selected network profile
  • Security group automatically cleaned for restrictive profiles
  • Public gateways created only when allowed by the profile

Flow Logs

  • When enabled, VPC Flow Logs capture network traffic metadata and automatically create an IBM Cloud Object Storage (COS) instance and bucket to store the logs.