SIVA 99
Contact Us
SIVA 99
Contact Us

AWS VPC Introduction

What is VPC?

  • VPC stands for Virtual Private Cloud.
  • It’s a custom-defined virtual network within the AWS Cloud.
  • You have complete control over your virtual networking environment, including a selection of your own private IP address range, creation of subnets and configuration of route tables and network gateways.

VPC Design

Basics Of VPC :

Subnets :

Subnet is a network inside a network. subnet is a dividing a large network into smaller networks. This is done because the maintenance of smaller networks is easier and it also provides security to the network from other networks.

Route Tables:

A route table contains a set of rules called routes which determine where traffic has to be directed. You can have multiple route tables in a VPC.

Internet Gateways (IGW):

Internet Gateway is a VPC component that allows communication between your VPC and the Internet. They are horizontally scaled, redundant, and highly available. and the VPC component that allows communication between instances and the internet. Only one IGW can be attached to a VPC at a time.

Network Address Translation Gateway (NAT):

NAT Gateway is allows a private subnet to have access to the Internet, but prevents the Internet from initiating a connection directly to the instances.

While the NAT Gateway is needed for private subnets to have Internet access, it is created in a public subnet. Unfortunately, it has an hourly cost unlike Internet Gateways.

VPC Flow Logs:

VPC FlowLog is a feature of aws that captures the information about the IP traffic going to or from the network interfaces in a VPC. Amazon FlowLog data can be either stored either by using the Amazon CloudWatchLogs or Amazon S3 bucket. After you have created a FlowLog, you can view and retrieve the data from the Amazon CloudWatch Logs.

VPC Peering:

A VPC Peering connection is a networking connection between two VPCs that enables you to route traffic between them privately (using private IPv4 or IPv6 addresses). Instances in either VPC can communicate with each other as if they are within the same network.

VPC Endpoints:

VPC endpoint enables creation of a private connection between VPC to supported AWS services and VPC endpoint services powered by PrivateLink using its private IP address. Traffic between VPC and AWS service does not leave the Amazon network.

Security groups:

Security groups are a set of firewall rules that controls the traffic for your instance. In Amazon Firewall the only action that can be carried out is allow. You cannot create a rule to deny. The destination is always the instance on which the service security group is running. You can have a single security group associated with multiple instances.:

Network Access Control Lists (NACL):

It is a security layer for your VPC that controls the traffic in and out of one or more subnets. It is an optional layer for your VPC. You can set up a Network ACL similar to the security group that adds an additional layer of security to your VPC.

Liked This Article?

Hands on VPC :

  1. Create a VPC. Create public and private subnet and attached Internet Gateway to public subnet.
  2. Create EC2 instances for each public and private subnet.
  3. SSH and test the internet access from an instance in private subnet.
  4. To provide internet access to the Instance in the private subnet, create a NAT Gateway and attach it to the VPC.
  5. Attach NAT Gateway to correct route table.
  6. Test the internet access from the Instance created inside the private subnet.

Create VPC :

  • Open the VPC Dash board in the aws management console.
  • Click the your VPCs on left menu or create VPC
  • Now, opening the below Screenshot
  • Select the VPC only
  • Give the VPC Name in Name tag : sivakrishna-vpc
  • IPv4 CIDR block: Select the CIDR manual input
  • Give the Value 10.0.0.0/16
  • IPv6 CIDR block: No need to change this.
  • Tenancy: No need to change this.
  • Tags: No need to change this.
  • Now click on craete VPC.
  • It will appear with details as shown below.

Create Subnet :

Creation of Public Subnet :

  • we will create one public subnet and a private subnet in different Availability Zones
  • click the subnets & right top corner create subnet button is there. click on that.
  • After click the Crate subnet button.
  • it will appear below screen shot.
  • VPC ID : Select the VPC earlier you created.
  • it will appear below screen shot.
  • Give the subnet name : Public-subnet-1
  • Select the availablity zone
  • IPV4 CIDR block;10.0.1.0/24
  • Click On create subnet.

Creation of Private Subnet :

  • click the subnets & right top corner create subnet button is there. click on that.
  • After click the Crate subnet button.
  • it will appear below screen shot.
  • VPC ID : Select the VPC earlier you created.
  • it will appear below screen shot.
  • Give the subnet name : Private-subnet-1
  • Select the availablity zone
  • IPV4 CIDR block;10.0.2.0/24
  • Click On create subnet.

Creation of Gateways :

Creation of Internet Gateway :

  • click the Internet Gateways & right top corner create internet gateway button is there. click on that.
  • After click the Crate Internet gateway button.
  • it will appear below screen shot.
  • Name tag: sivakrishna-IGW then click on Create internet gateway.
  • Internet gateway is created. come to again IGW section
  • it will appear below screen shot.
  • Select the Internet gateway you created from the list
  • Then click on actions. open the drop down list. click the Attach to VPC
  • After click on Attach to VPC. it will appear below screen shot.
  • Click on Available VPCs. select the VPC you created from the list.
  • Then click on Attach internet gateway.

Creation of NAT Gateway :

  • Click on NAT Gateways from the left menu and click on Create NAT gateway.
  • After Click on create NAT Gateway open below screen shot.
  • Give Name as sivakrishna-NAT-1
  • select the public subnet from your created list
  • Connectivity type Public (Default)
  • Elastic IP allocation ID: allocate Elastic IP
  • Then click on create NAT gateway.

Creation of Route Tables :

Creation of Public Route Table :

  • Click on Route Tables from the left menu and click on Create Route Tables.
  • After Click on create route table open below screen shot.
  • Give Name as sivakrishna-rt-1
  • select the VPC from your created list
  • Then click on create route table.

Creation of Private Route Table :

  • Repeat the same steps to create a private route table
  • Give Name as sivakrishna-private-rt-1
  • select the VPC from your created list
  • Then click on create route table.

Associate the public subnet to the public route table.

  • Go to Routables & select the Public route table from you created list.
  • Select the subnet association. then click on Edit subnet association.
  • After clicking the Edit subnet Association it will open below screen shot.
  • Select the public subnet-1 from the list & save the associations.

Associate the private subnet to the Private route table.

  • Repeat the same steps to Associate the private subnet to the Private route table.

Add a route to allow Internet traffic to the VPC in the Public route table.

  • Again come to the route tables select the Public route table. then select the routes and next select edit routes.
  • Now, select the Edit the routes below screen shot open.
  • Add the route to allow Internet traffic to the VPC.
  • In the destination add internet path & in the Target add Internet gate way from Your created list.
  • Then click the save Changes.

Enable auto-assign public IPv4 address for Public subnet.

  • Come again subnets.
  • Select public subnet from the list.
  • Then click the Actions. then select the edit subnet settings.
  • Now appear below screen shot.
  • Now appear below screen shot.
  • Enable auto-assign public IPV4 address.
  • then click save.

Launch the Instances :

Launch the Public Instance :

  • Create an EC2 Instance by going to the EC2 Dashboard and clicking on Launch Instance.
  • Now open Below screen shot... Give name for EC2 instance.
  • Name and tags : Public-Server
  • Now coming to Application and OS Images (Amazon Machine Image)
  • Choose AMI : Red hat
  • Now coming to Instance type
  • Instance type: t2.micro (free Tier)
  • Then coming to key-pair. click the create new key-pair. then following below screen shot.
  • Now Give Key pair name & select key pair type & choose private key file format.
  • if you putty Choose ppk format & if you use other SSH tools choose .pem format
  • Now coming to network settings.
  • Select the edit.
  • Choose VPC : select the you created VPC from list.
  • Subnet : choose public subnet
  • Auto assign Public IP : Enable
  • Firewall(security groups) : select existing Security group
  • coming to Configure storage : No need to change anything in this step.
  • No need to change advanced details.
  • Check in summmary what things you created.
  • Then click on Launch Instance.
  • Go to Security Group & Configure it shown in below.

Launch the Private Instance :

  • Following the same Steps for creating Private Instance.
  • Select the Subnet as private subnet & Create new security group. Configure the SSH Rule with in the VPC.

connect the SSH :

  • Open the Your SSH Tool. Put your public server IP in Remote Host & Go to advanced settings Upload your private Pem key inPrivatekey. Then connnect . Login as Ec2-user
  • Then follow below Commmands. & upload you private Key Into Server. Then connect Private server Using Private IP.

Conclusion :

You have learned VPC Basics & How to Set up the network in VPC.

Leave a Reply

Your email address will not be published. Required fields are marked *

Facebook Twitter Instagram Linkedin

2024 © sivakrishna. All rights reserved.