Amazon Virtual Private Cloud (Amazon VPC) enables you to launch Amazon Web Services (AWS) resources into a virtual network that you’ve defined. This virtual network closely resembles a traditional network that you’d operate in your own data center, with the benefits of using the scalable infrastructure of AWS.

VPC is nothing but it’s a virtual data center in the cloud.

Ref: https://docs.aws.amazon.com/AmazonVPC/latest/GettingStartedGuide/ExerciseOverview.html​

Creating your own VPC

Go to AWS Console and under Networking & Content Delivery(click on VPC)​​

Under Your VPCs, click on Create VPC​

Fill all the details(Name and IPv4 CIDR block, depending upon the network range you want, leave all the other details as default or depend upon your requirement, i.e whether you need IPv6 or Tenancy default or dedicated)and then click Yes,Create​

As soon as we create our default VPC, aws will create

• Route Table

• Network ACLs

• Security Group

• Next step is to create subnet

Click on Subnet and then Create Subnet

Similarly create second subnet

This is how it look like

• Next create internet gateway so that we have some sort of internet connectivity

Go to Internet Gateways → Create internet gateway

Give it a Name tag

By default it’s automatically detached

To attach it to VPC, go to action and click on Attach to VPC

It will ask you which VPC to attach

Provide the VPC name you are building

P.S: Once again we can only have one IGW per VPC

• Next step to go to Route table

We only have one route table which allow local communication between subnet

Go to next tab,Subnet Associations under Route Table

As you can see these subnet are not associated with any route table(except with main route table), which is good as every-time we create a new subnet it will be associated with main route table and that’s why we don’t want our route table to have access to the internet.

So let’s create new Route Table, by clicking on Create Route Table

For this route table let’s enable route access(Go to Routes and Add another route)

• Destination: 0.0.0.0/0

• Target: igw-b2d3a4ca(internet gateway)

This will give us internet accessibility

Now we can associate one subnet with this route table(Click on Subnet Association → choose one subnet)

So 10.0.1.0/24 is now our public subnet

Let spun up two servers one in Public Subnet(10.0.1.0/24) and one in Private Subnet(10.0.2.0/24). But before doing that we are missing one piece. Go back to subnet tab and as you can Auto-assign Public IP is set to No​

For Public Subnet,Modify the auto-assign IP settings under Subnet Actions​

As you can see I spun up 2 instances one in Public Subnet(10.0.1.0/24) and one in Private Subnet(10.0.2.0/24). Public Subnet one got the Public IP

NAT Gateway

Network address translation (NAT) gateway is used to enable instances in a private subnet to connect to the internet or other AWS services, but prevent the internet from initiating a connection with those instances

To create a NAT gateway, go back to VPC and click on NAT Gateways

Click on create NAT Gateway

Make sure you select the Public Subnet

Once NAT gateway is available, go back to your Default Route table and add a route, with Target as NAT gateway.

Network ACL

A network access control list (ACL) is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets. You might set up network ACLs with rules similar to your security groups in order to add an additional layer of security to your VPC

To create a NACL, go to Network ACLs under VPC and click on Create Network ACL

NOTE: Under default NACL everything is allowed by default​

Now if we check the Inbound rule under this NACL, everything is denied by default

To add a rule