Hello folks.
Today, we'll be setting up our Virtual Private Cloud, a.k.a. VPC.
Let's get started right away.
Overview
In this setup, we will create a VPC with an Internet Gateway for internet access. We'll configure route tables for traffic management. Inside the VPC, we'll have public subnets for instances directly accessible from the internet and private subnets for instances needing internet access but not directly reachable. To enable internet access for private instances, we'll deploy a NAT Gateway in the public subnet.
Task 1: Creating a VPC
On Services, search for VPC and select VPC.
A Virtual Private Cloud (VPC) in AWS is a customizable network environment that allows you to isolate and securely manage your AWS resources.
Click on Create VPC
.
Provide a suitable name for your VPC.
Input the given CIDR in the IPv4 CIDR block.
For the 10.0.0.0/16
network, the first two octets are reserved for the network portion, while the remaining two octets are for host addresses. This allows for 2^16 = 65,536 total IP addresses.
Click on Create VPC
.
We've created our VPC.
The other one is default, created by AWS.
Task 2: Creating an Internet Gateway
An Internet Gateway (IGW) allows your VPC to connect to the internet, enabling resources within the VPC, to send and receive internet traffic.
On the VPC dashboard, select Internet gateways.
Click on Create internet gateway
.
Provide a name for your internet gateway and Create internet gateway
.
Now, it's time to attach the Internet Gateway (IG) to the VPC.
We can do this using either of the options.
Select your VPC and Attach internet gateway
.
Task 3: Creating subnets
A subnet is a segment of a VPC's IP address range where you can place resources such as EC2 instances. Subnets allow you to group resources based on security and operational needs, and can be either public (with internet access) or private (without direct internet access).
On VPC dashboard, on Subnets, click on Create subnet
.
Select your VPC.
Provide suitable name for your subnets.
Our first subnet, publicSubnet
, has a CIDR value of 10.0.1.0/24.
It will have a total of 2^8 = 256 addresses.
Also, for this project, we're only choosing a single availability zone.
Click on Add new subnet
and create a private subnet.
Our second subnet, privateSubnet
, has a CIDR value of 10.0.2.0/24.
It will have a total of 2^8 = 256 addresses.
Click on Create subnet
.
We've successfully created 2 subnets.
Task 4: Creating a NAT Gateway
A NAT Gateway allows instances in a private subnet to initiate outbound traffic to the internet, while preventing inbound traffic from reaching those instances directly. It provides a way for these instances to access the internet while remaining private.
On VPC dashboard, search for Nat gateways and click on Create NAT gateway
.
Provide a suitable name and select your private subnet.
For public connectivity, instances in private subnets can connect to the internet through a public NAT gateway, but they cannot receive unsolicited inbound connections from the internet. You create a public NAT gateway in a public subnet and associate an elastic IP address with it.
On the other hand, the Private connectivity type allows instances in private subnets to connect to other VPCs or your on-premises network. Unlike the Public NAT gateway, a Private NAT gateway does not use an Elastic IP address.
Click on Allocate Elastic IP
.
An Elastic IP (EIP) is a static IPv4 address associated with your AWS account, not a specific resource. It's ideal for scenarios requiring a persistent public IP that can be easily reassigned to another instance during failures, updates, or scaling.
Click on Create NAT gateway
.
It takes some time to configure.
Alright, let's move on.
Task 5: Creating route tables
Route tables direct network traffic within your VPC. They contain a set of rules (routes) that determine where network traffic from your subnet or gateway is directed.
On VPC dashboard, select Route tables and click on Create route table
.
Since we have two subnets, one private and one public, for different purposes, we need to create two route tables.
Provide name for your Route table and select your VPC.
Click on Create route table
.
After creating route table, on Subnet associations, click on Edit subnet associations
.
Select your Public Subnet and click on Save associations
.
Now we need to add routes so that our public subnet can access the Internet.
Click on Edit routes
and add the following configurations on Add route
.
So, we have added a rule to access the destination 0.0.0.0/0
using the Internet Gateway. In routing tables, a destination of 0.0.0.0/0 means all IP addresses, effectively representing the entire internet.
Click on Save changes
.
Now, for private subnets, let's create a route table.
Provide a suitable name and assign your VPC.
Click on Create route table
.
Click on Edit subnet associations
.
Tick your Private Subnet and click on Save associations
.
Now, time to add route. Click on Edit routes
.
Select your NAT Gateway and click on Save changes
.
This configuration allows instances in the private subnet to access the internet through the NAT Gateway.
Alright, we have now associated an Internet Gateway with the public subnet and a NAT Gateway with the private subnet.
Task 6: Creating EC2 Instances
Now, it's time to create EC2.
Search for EC2.
Click on Launch instance
.
Let's create Public instance first.
Provide a suitable name. I chose Ubuntu as AMI.
Select a free tier instance if available and create a new key pair or use your existing one.
Edit Network settings. Select your VPC, select the public subnet, and enable Auto-assign public IP.
Assigning a public IP allows an instance to communicate directly over the internet.
Leave all other configurations as they are and click Launch instance
.
Alright, let's go for Private instance now. Click on Launch instances
.
Provide name, select an AMI, select the free-tire instance.
We can use our previously created key pair or create a new one.
Edit Network settings. Select your VPC, select Private subnet and leave the Auto-assign public IP as default, i.e., Disable
mode.
A private instance does not require a public IP address, as it is not intended to communicate directly over the internet.
Leave all other configurations as they are and click Launch instance
.
Alright, we've created two instances: one public and one private, each residing in different subnets, and that sums up our project.
Conclusion
To sum up, we created a Virtual Private Cloud (VPC) with two subnets in one Availability Zone. The public subnet is for resources needing direct internet access, like public EC2 instances, connected to an Internet Gateway (IG). The private subnet, for more secure resources like private EC2 instances, is connected to a Network Address Translation (NAT) Gateway. We also configured route tables to manage traffic flow.
Task 7: Clean up
Now, it's time to clean up the resources.
Terminating EC2 instances.
Select your instances and, on Instance state, click Terminate instance.
Click on
Terminate
.Deleting route tables.
Head up to VPC Dashboard by searching VPC on the Search box.
On Route tables, select your one route table and click on
Edit subnet associations
. We've to disassociate subnets first to delete the route table.Uncheck the box and click on
Save associations
. And the same for another route table. Select route table, on Subnet associations, click onEdit subnet associations
.Uncheck the box and click on
Save associations
.Now, select both of your route tables and on Actions menu, click on
Delete route table
.Type delete and click on
Delete
.
Release Elastic IP.
On Elastic IPs, select your elastic IP and click on
Release Elastic IP addresses
.Deleting NAT Gateway.
Select your NAT Gateway and on Actions panel, click on Delete NAT gateway.
Detaching Internet Gateway.
Select your Internet Gateway and, on Actions panel, click
Detach from VPC
.After detaching, we have to delete the internet gateway.
Deleting subnets.
Select both of your subnets and on Actions menu, click on
Delete subnet
.Deleting VPC.
Alright, now, we've cleaned up our used resources.
See you in the next one!