Vagrant up: Subnets, VPCs, and security groups when your in a large IAM account.

IPs, Subnets, and security groups get confusing in large organizations.

Vagrant boxes are usually pretty easy to provision in a small account that you, and only you own: this is because:

- Public IPs are limitless for root accounts (usually)
- You only have one or two VPCs, if any, when you start with AWS.
- You likely only have a single, default subnet when you start out with AWS.

So, everything 'just works' if you plugin the obvious values.

However in a large IAM account, there could be 100s of different VPC/subnet combinations, and it may not be clear which ones do / do not allow SSH.  

Considering a typical enterprise with immutable infrastructure, you might even have the majority of your subnets that dont have a security group which opens SSH ports up.

And of course:

People will be fighting over elastic IPs !  

For some quick notes, You'll want to make sure that the VPC you provision a VM to has a corresponding subnet, and that you specify them both in the same clause of any vagrant file's you might steal from your infrastructure Czars (https://console.aws.amazon.com/vpc/home?region=us-east-1#vpcs:)

And then again, https://console.aws.amazon.com/vpc/home?region=us-east-1#subnets: 

Meanwhile, you'll also want to make sure you setup a corresponding security group and that it lives in the same VPC that you are using. https://console.aws.amazon.com/vpc/