Can we create a seperate VPC that inherits the settings/VPN of a current VPC?
We'd like to create a 172.16.4.0/22 in our current 172.16.0.0/16 range, but when I create a new VPC with 172.16.4.0/22 CIDR it doesn't have the VPN-connection or proper routing to the rest of the network.
Do we have to set up a separate VPN and gateway for every VPC we create?
it doesn't have the VPN-connection or proper routing to the rest of the network.
There isn't a "rest of the network" from the perspective of the new VPC.
VPCs are entirely independent from each other, even in the same AWS account and the same region. I'm not sure an additional VPC is what you're looking for.
VPCs aren't intended to be subsets of each other. They're intended to be separate and isolated from each other, with the exception that you can, optionally, peer them. But the normal application is for isolation.
If you ever do intend to communicate across the boundary between two VPCs (without using the Internet), you have to peer the VPCs... and in order to peer them, they must have completely non-overlapping CIDR blocks.
Additionally, even if peered, the only communication that can occur across peering connections is instance-to-instance. VPCs -- even if peered -- cannot share gateways or private connections, including Internet gateways, customer (VPN) gateways, NAT gateways, AWS direct connect, VPC endpoints, or ClassicLink.
http://docs.aws.amazon.com/AmazonVPC/latest/PeeringGuide/invalid-peering-configurations.html
Maybe.
Depending on your architecture, VPC Peering may be an option here.
Other then that, there are tools (namely Cloudformation) that allow you to easily automate resource creation and configuration in AWS. This would allow you to replicate similar configuration quite easily.
