How to create a VPC on AWS-using subnets, route tables, internet gateways, security and utilizing it on an EC2 Instance
This is a step-by-step procedure for creating a Virtual Private Cloud(VPC). Understanding all the concepts associated with this topic is essential, and I would like to explain them to you.
Let’s dive in!
What is a Virtual Private Cloud?
A secure and isolated private cloud hosted within a public cloud that a cloud provider hosts, allowing services launched on AWS, such as Amazon Ec2 instances.
Now look at this scenario: You own a coffee shop where you employ people to work for you. The coffee shop is a VPC. It has sections where customers can be attended to(public subnets) and has a unit that is out of bound for customers(private subnets) in which only the owner can have access to while running the business. This is literally how a VPC works.
To make the coffee shop run efficiently, some tools are needed for efficiency and safety, such as a coffee maker, cups, utensils, an air conditioner to keep the place cool, security cameras etc. The same applies to a VPC. To create a VPC and run on a virtual server, route tables, internet gateways, security groups and network access control lists are made to keep it running and prevent malicious attacks.
That being said, Let me explain these terms.
Definition of terms.
- Subnet: Also known as subnetwork, is a division of an IP network.
- Route Tables: A database that keeps track of internet services to avoid traffic or overload.
- Internet Gateway: A horizontally scaled VPC component that allows communication with the internet and corresponding VPC and enables your instances to connect to the internet through the amazon network.
- Security: This is divided into two:
a. Security Groups: A virtual firewall that controls inbound and outbound traffic of the running instance. It is a security layer at the instance level.
b. Network Access Control List: A register that contains different approaches to computer security which merge security technology such as antivirus, vulnerability assessment etc. It is a security layer within the network level.
AWS Infrastructure for creating a VPC.
All processes done on AWS have a specific infrastructure/architecture attached to them. This is similar to a blueprint of a building. It gives you foresight on design and the processes to carry it out — the same applies to cloud computing.
Every Public and private subnet has an IP range that allows internet access. It helps in controlling traffic and eases the stress of the cloud provider. A public IP range is 10.0.1.0/24, and a private IP range is 10.0.2.0/24. The available IP range for both subnets is 10.0.0.0.0/16. The design above is created, as stated earlier.
Process of Creating the VPC
Step 1: Enter your email and password into your AWS management console.
Step 2: Select a required region to help you access all the services needed as you proceed. Preferably the North Virginia region as it has access to all AWS services.
Step 3: Type VPC in the search box and click, which leads to the VPC dashboard.
Step 4: Click on “Your VPC” and “Create VPC”
Step 5: Give a name tag for the specific task required, e.g. my-vpc-45
Step 6: Type in the specific IP range for the VPC, which is 10.0.0.0/16 and make sure to check the variables associated, such as the VPC only feature, IPv4 manual input, Amazon Provided IPv6 CIDR block, tenancy and a vital network border like US east 1 since it has all access to AWS services.
Proceed to create VPC.
Step 7: Click on internet gateways and create internet gateways. Place a name tag to identify the gateway.
Step 8: Attach to vpc and select.
Step 9: Proceed to create public and private subnets by differentiating them with their IP range, as stated earlier.
Step 10: Create a routing table for each subnet (private and public) and identify it specifically in the name tags — select desired VPC for use.
Step 11: Editing the route tables is the next step to connecting to the internet gateway to be enabled appropriately.
Click and edit routes.
Add a route and type the destination of the IP range for any access (0.0.0.0.0/0). The target is the internet gateway and then save changes.
Step 12: Move onto Subnet associations (Still under route tables). Select each subnet, edit and save to relevant associations.
Step 13: Building security is essential to avoid traffic or malicious attacks. Click on security groups and edit the security group name for easy identification because it is automatically connected to the VPC.
Edit the inbound and outbound rules.
Inbound rules control traffic coming into the instances from outside the network, and Outbound routes control traffic going out from instances into the internet.
Add rules and direct all traffic to “My IP” for safety. Copy the IP address accustomed to “My IP” as it will be used to connect to the NACL.
Step 14: Connect to NACL as security for networks and rename.
.Click on inbound edit rules, paste the security group’s IP address on source info, and save.
You have built a design but need to run it on a server to see how it works, leading to the next subtopic.
How do I utilize this design on an EC2 instance?
It is essential to know how this design works on an instance as they are virtual servers that run on the AWS cloud.
Firstly, create and launch an instance in these simple steps.
Step 1: Search in the menu bar “instance”, “create instance”, and choose an Amazon Machine Image. Preferably choose Amazon Linux 2 AMI because of the free tier.
Step 2: Choose an instance type and pick the free tier option to minimize cost.
Step 3: Configure instance details as seen below. Choose the vpc created, enable public IP and indicate the public subnet.
Step 4: Add storage. I skipped editing this step because of cost, as AWS has provided enough storage.
Step 5: Add tags. Give a unique name to this instance.
Step 6: Configure the security group.
Pick previous security groups created.
Step 7: Review Instance Launch
While reviewing, a key pair is needed to keep to it relatively outside the server. After creating a new key pair with a name tag, download it and keep it safe on your PC as it cannot be retrieved and launched.
Step 8: After launching, repeat steps when creating for the private subnet, and the dashboard looks like this:
Step 9: Run on your PC and type “cmd”
Step 10: Copy the IP address(IPv4 address) of the public instance, type “ping” with space, and paste it besides it. Press the enter key to run.
Step 11: Repeat for private instance and check for progress.
And that is it!
Keep practicing and have fun while initializing servers.
I hope this article was impactful. Let me know your thoughts on this in the comment section.
Follow me here or on Twitter for more content on cloud technology.
