VPC Demo

Amazon Virtual Private Cloud (Amazon VPC) enables you to launch Amazon Web Services (AWS) resources into a virtual network that you’ve defined. This virtual network closely resembles a traditional network that you’d operate in your own data center, with the benefits of using the scalable infrastructure of AWS.

VPC is nothing but it’s a virtual data center in the cloud.

Ref: https://docs.aws.amazon.com/AmazonVPC/latest/GettingStartedGuide/ExerciseOverview.html

Creating your own VPC

As soon as we create our default VPC, aws will create

  • Route Table

  • Network ACLs

  • Security Group

  • Next step is to create subnet

Click on Subnet and then Create Subnet

Similarly create second subnet

This is how it look like

  • Next create internet gateway so that we have some sort of internet connectivity

Go to Internet Gateways → Create internet gateway

Give it a Name tag

By default it’s automatically detached

To attach it to VPC, go to action and click on Attach to VPC

It will ask you which VPC to attach

Provide the VPC name you are building

P.S: Once again we can only have one IGW per VPC

  • Next step to go to Route table

We only have one route table which allow local communication between subnet

Go to next tab,Subnet Associations under Route Table

As you can see these subnet are not associated with any route table(except with main route table), which is good as every-time we create a new subnet it will be associated with main route table and that’s why we don’t want our route table to have access to the internet.

So let’s create new Route Table, by clicking on Create Route Table

For this route table let’s enable route access(Go to Routes and Add another route)

  • Destination: 0.0.0.0/0

  • Target: igw-b2d3a4ca(internet gateway)

This will give us internet accessibility

Now we can associate one subnet with this route table(Click on Subnet Association → choose one subnet)

So 10.0.1.0/24 is now our public subnet

As you can see I spun up 2 instances one in Public Subnet(10.0.1.0/24) and one in Private Subnet(10.0.2.0/24). Public Subnet one got the Public IP

NAT Gateway

Network address translation (NAT) gateway is used to enable instances in a private subnet to connect to the internet or other AWS services, but prevent the internet from initiating a connection with those instances

To create a NAT gateway, go back to VPC and click on NAT Gateways

Click on create NAT Gateway

Make sure you select the Public Subnet

Once NAT gateway is available, go back to your Default Route table and add a route, with Target as NAT gateway.

Network ACL

A network access control list (ACL) is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets. You might set up network ACLs with rules similar to your security groups in order to add an additional layer of security to your VPC

To create a NACL, go to Network ACLs under VPC and click on Create Network ACL

Now if we check the Inbound rule under this NACL, everything is denied by default

To add a rule

Last updated