VPC Demo

Amazon Virtual Private Cloud (Amazon VPC) enables you to launch Amazon Web Services (AWS) resources into a virtual network that you’ve defined. This virtual network closely resembles a traditional network that you’d operate in your own data center, with the benefits of using the scalable infrastructure of AWS.
VPC is nothing but it’s a virtual data center in the cloud.
Ref: https://docs.aws.amazon.com/AmazonVPC/latest/GettingStartedGuide/ExerciseOverview.html​
Creating your own VPC
Go to AWS Console and under Networking & Content Delivery(click on VPC)
​
​
Under Your VPCs, click on Create VPC
​
Fill all the details(Name and IPv4 CIDR block, depending upon the network range you want, leave all the other details as default or depend upon your requirement, i.e whether you need IPv6 or Tenancy default or dedicated)and then click Yes,Create
​
As soon as we create our default VPC, aws will create
Route Table
Network ACLs
Security Group
Next step is to create subnet
Click on Subnet and then Create Subnet
Similarly create second subnet
This is how it look like
Next create internet gateway so that we have some sort of internet connectivity
Go to Internet Gateways → Create internet gateway
Give it a Name tag
By default it’s automatically detached
To attach it to VPC, go to action and click on Attach to VPC
It will ask you which VPC to attach
Provide the VPC name you are building
P.S: Once again we can only have one IGW per VPC
Next step to go to Route table
We only have one route table which allow local communication between subnet
Go to next tab,Subnet Associations under Route Table
As you can see these subnet are not associated with any route table(except with main route table), which is good as every-time we create a new subnet it will be associated with main route table and that’s why we don’t want our route table to have access to the internet.
So let’s create new Route Table, by clicking on Create Route Table
For this route table let’s enable route access(Go to Routes and Add another route)
Destination: 0.0.0.0/0
Target: igw-b2d3a4ca(internet gateway)
This will give us internet accessibility
Now we can associate one subnet with this route table(Click on Subnet Association → choose one subnet)
So 10.0.1.0/24 is now our public subnet
Let spun up two servers one in Public Subnet(10.0.1.0/24) and one in Private Subnet(10.0.2.0/24). But before doing that we are missing one piece. Go back to subnet tab and as you can Auto-assign Public IP is set to No
​
For Public Subnet,Modify the auto-assign IP settings under Subnet Actions
​
As you can see I spun up 2 instances one in Public Subnet(10.0.1.0/24) and one in Private Subnet(10.0.2.0/24). Public Subnet one got the Public IP
NAT Gateway
Network address translation (NAT) gateway is used to enable instances in a private subnet to connect to the internet or other AWS services, but prevent the internet from initiating a connection with those instances
To create a NAT gateway, go back to VPC and click on NAT Gateways
Click on create NAT Gateway
Make sure you select the Public Subnet
Once NAT gateway is available, go back to your Default Route table and add a route, with Target as NAT gateway.
Network ACL
A network access control list (ACL) is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets. You might set up network ACLs with rules similar to your security groups in order to add an additional layer of security to your VPC
To create a NACL, go to Network ACLs under VPC and click on Create Network ACL
NOTE: Under default NACL everything is allowed by default
​
Now if we check the Inbound rule under this NACL, everything is denied by default
To add a rule

VPC and Networking - Previous

AWS VPC

Bastion Host | Jump Server

Last modified 3yr ago

Copy link