Creating a Virtual Private Cloud

RajatRajat
5 min read

Table of contents

overview

Traditional networking is difficult. It involves equipment, cabling, complex configurations, and specialist skills. Amazon Virtual Private Cloud (Amazon VPC) hides the complexity and simplifies the deployment of secure private networks.

This blog shows you how to build your own virtual private cloud (VPC), and deploy resources into it.

Objectives

we can call this blog as lab. Remeber

After completing this , you should be able to do the following:

  • Explain the basic components of a VPC

  • Deploy a basic VPC with public subnets

Creating a VPC

Being able to use the default VPC when you are first learning about and working with AWS cloud is very convenient. However, in the real world, you often need to create custom VPCs to meet a customer's requirements. For example, a customer might have already used the CIDR range of the default VPC in their on-premises network configuration. A customer might also want to vary how many addresses are included in each subnet. Because it is not possible to change the CIDR ranges assigned to the VPC or its subnets, you need to create a new VPC for your customer.

In this scenario, you create a new VPC. Your customer provided the following network requirements for the VPC's CIDR ranges:

Top-level VPC

  • VPC IPv4 CIDR - 10.0.0.0/16

Availability Zones:

  • They need to deploy their resources to two Availability Zones.

Two public subnets:

  • Public Subnet 1 - 10.0.0.0/24

  • Public Subnet 2 - 10.0.1.0/24

Two private subnets:

  • Private Subnet 1 - 10.0.2.0/24

  • Private Subnet 2 - 10.0.3.0/24

The Example VPC that you explored earlier did not have any private subnets. Remember that the difference between a public subnet and a private subnet is whether or not they can be reached directly from the internet. The route table associated with a public subnet includes a route to an internet gateway, and the route table for a private subnet does not.

Task 7: Create a custom VPC

You can configure the VPC by defining its IP address range and creating subnets. You can also configure route tables, network gateways, and security settings.

The VPC console provides a wizard that can automatically create several VPC architectures. You use this wizard to create a new VPC.

If the configuration of a setting is not mentioned in these steps, leave the default value.

  1. Return to the browser tab with the AWS console.

  2. In the AWS Management Console on the Services menu, enter VPC. From the search results, choose VPC.

  3. In the left navigation pane, choose Your VPCs.

  4. Choose Create VPC and configure the following settings:

    • For Resources to create, choose VPC and more

    • For Name tag auto-generation, enter Lab.

    • For IPv4 CIDR block, ensure that the value is 10.0.0.0/16.

    • For Availability Zones (AZs), choose 2.

    • For Number of public subnets, choose 2.

    • For Number of private subnets, choose 2.

    • Expand Customize subnets CIDR blocks.

    • Update the subnet CIDR block values using the ranges provided by your customer.

  5. Take a moment to review the Preview diagram provided in the wizard.

  6. Choose Create VPC.

The wizard immediately starts creating your VPC. After it finishes, you have a VPC that has all of the components that you explored earlier: subnets, route tables, an internet gateway, and a default security group. The VPC wizard also automatically configures the routes in the route tables for both the public subnets and the private subnets.

Like the default security group you explored earlier, the default security group created by the wizard blocks incoming traffic from the internet. To reach a web server in the new VPC, you need to add a rule to this default security group.

  1. Choose View VPC.

    Recall that a VPC's default security group does not allow traffic from outside the VPC. Because you should not change the default security group, you add a new security group to your custom VPC.

  2. In the left navigation pane, choose Security Groups.

  3. Choose Create security group.

  4. For Security group name, enter Web-Server2-SG

  5. For Description, enter Allows HTTP access

  6. For VPC, clear the selection and then choose Lab-vpc.

  7. In the Inbound rules section, choose Add rule, and then configure the following settings:

    • For Type, choose HTTP.

    • From the Source type dropdown list, choose Anywhere IPv4.

    • For Description, enter Allow web access.

  8. Choose Create security group.

Task 8: Explore the configuration settings for launching an EC2 instance into your custom VPC

In this task, you explore the Launch an instance page, and enter the settings required to launch a new EC2 instance into your custom VPC. However, you will not complete the process and launch a new EC2 instance.

  1. On the Services menu, choose EC2.

  2. In the Launch instance section, choose the Launch instance button. Configure the following options:

    • In the Name and tags pane, in the Name text box, enter Web-Server2.

    • Choose an Amazon Machine Image (AMI).

      • In the Application and OS Images (Amazon Machine Image) section, choose Amazon Linux.

      • From the list of Amazon Machine Images, select Amazon Linux 2 AMI.

Note: Do not choose Amazon Linux 2023 AMI.

  • Choose an Instance Type:

    • Select t2.micro.

  • In the Key pair (login) section, from the Key pair name - required dropdown list, choose Proceed without a key pair (not recommended).

  • In the Network settings section, choose Edit.

  • For VPC - required, choose Lab-vpc.

  • For Subnet, choose the subnet with public1 in the name.

  • For Auto-assign public IP, choose Enable.

  • For Firewall (security groups), choose Select an existing security group.

  • From the Common security groups dropdown list, choose the Web-Server2-SG security group.

  • In the Advanced Details section, for IAM instance profile, choose Work-Role.

  • In the Advanced Details section, copy the following commands, and paste them into the User data text box:

      #!/bin/bash# Install Apache Web Server and PHPyum install -y httpd mysqlamazon-linux-extras install -y php7.2# Download Lab fileswget https://aws-tc-largeobjects.s3.us-west-2.amazonaws.com/CUR-TF-100-EDNETW-1-60961/1-lab-getting-started-vpc/s3/inventory-app.zipunzip inventory-app.zip -d /var/www/html/# Download and install the AWS SDK for PHPwget https://github.com/aws/aws-sdk-php/releases/download/3.62.3/aws.zipunzip aws -d /var/www/html# Turn on web serverchkconfig httpd onservice httpd start

  • Take a moment to review the settings you entered.

  • In the Summary section, choose Cancel.

Well done! Now you know how to create a custom VPC, and how to deploy a new EC2 instance into it.

10
Subscribe to my newsletter

Read articles from Rajat directly inside your inbox. Subscribe to the newsletter, and don't miss out.

vpcnetworkingpublicsubnet

Written by

Rajat
Rajat

I'm a DevOps enthusiast from India, eager to learn and grow. Despite being a fresher, I've gained hands-on experience with AWS, Docker, Kubernetes, RHCSA, and CI/CD, and completed some Udemy courses. I'm always open to new insights and connections in the DevOps community. Let's connect!