Networking In AWS Cloud
Dharamjeet SinghThe exercises in this course will incur charges in your AWS account. In this exercise, you will create or use the following resources:
AWS Identity and Access Management (IAM) policy and user: These are account features offered at no additional charge.
Amazon Elastic Compute Cloud (Amazon EC2) instance
Virtual Private Cloud (VPC) with subnets and route tables
Familiarise yourself with Amazon EC2 pricing and the AWS Free Tier.
Exercise 4: Setting up a VPC
In this scenario, you will create the network infrastructure where the EC2 instance that hosts the employee directory will reside.
You will set up a new VPC with four subnets (two public and two private) and two route tables (one public and one private). Then, you will launch an EC2 instance inside this new VPC. At the end of the exercise, you will stop the instance to prevent future costs.
Task 1: Creating the VPC
Log in to the AWS Management Console as your Admin user if needed.
In the Services search box, enter VPC and open the VPC console.
In the navigation pane, under Virtual Private Cloud, choose Your VPCs.
Choose Create VPC.
Configure the settings as follows:
Name tag: app-vpc
IPv4 CIDR block: 10.1.0.0/16
Choose Create VPC.
In the navigation pane, under Virtual Private Cloud, choose Internet gateways.
Choose Create internet gateway.
For Name tag, enter app-igw and choose Create internet gateway.
On the details page for the internet gateway, choose Actions and then Attach to VPC.
For Available VPCs, choose app-vpc and then choose Attach internet gateway.
Task 2: Creating Subnets
From the navigation pane, choose Subnets.
Choose Create subnet.
For the first public subnet, configure these settings:
VPC ID: app-vpc
Subnet name: Public Subnet 1
Availability Zone: Choose the first Availability Zone (e.g., us-west-2a)
IPv4 CIDR block: 10.1.1.0/24
Choose Add new subnet.
For the second public subnet, configure these settings:
Subnet name: Public Subnet 2
Availability Zone: Choose the second Availability Zone (e.g., us-west-2b)
IPv4 CIDR block: 10.1.2.0/24
Choose Add new subnet and configure the first private subnet:
Subnet name: Private Subnet 1
Availability Zone: Choose the first Availability Zone (e.g., us-west-2a)
IPv4 CIDR block: 10.1.3.0/24
Choose Add new subnet and configure the second private subnet:
Subnet name: Private Subnet 2
Availability Zone: Choose the second Availability Zone (e.g., us-west-2b)
IPv4 CIDR block: 10.1.4.0/24
Choose Create subnet.
After the subnets are created, select the check box for Public Subnet 1.
Choose Actions and then Edit subnet settings.
For Auto-assign IP settings, select Enable auto-assign public IPv4 address and then choose Save.
Repeat steps 9-11 for Public Subnet 2.
Task 3: Creating Route Tables
In the navigation pane, choose Route Tables.
Choose Create route table.
Configure the settings for the public route table:
Name: app-routetable-public
VPC: app-vpc
Choose Create route table.
If needed, open the route table details pane by choosing app-routetable-public from the list.
Choose the Routes tab and then Edit routes.
Choose Add route and configure these settings:
Destination: 0.0.0.0/0
Target: Internet Gateway, then choose app-igw
Choose Save changes.
Choose the Subnet associations tab.
Scroll to Subnets without explicit associations and choose Edit subnet associations.
Select the two public subnets (Public Subnet 1 and Public Subnet 2) and choose Save associations.
Next, create the private route table. 12. In the navigation pane, choose Route Tables. 13. Choose Create route table and configure the settings: - Name: app-routetable-private - VPC: app-vpc 14. Choose Create route table. 15. If needed, open the details pane for app-routetable-private by choosing it from the list. 16. Choose the Subnet associations tab. 17. Scroll to Subnets without explicit associations and choose Edit subnet associations. 18. Select the two private subnets (Private Subnet 1 and Private Subnet 2) and choose Save associations.
Task 4: Launching an EC2 Instance
In the search box, enter EC2 and open the Amazon EC2 console.
In the navigation pane, choose Instances and choose Launch instances.
For Name, enter employee-directory-app.
Under Application and OS Images (Amazon Machine Image), choose the default Amazon Linux 2023.
Under Instance type, select t2.micro.
Under Key pair (login), choose the app-key-pair created in Exercise 3.
Configure the following settings under Network settings and choose Edit:
VPC: app-vpc
Subnet: Public Subnet 1
Auto-assign Public IP: Enable
Under Firewall (security groups), choose Create security group. Use web-security-group as the Security group name and change the Description to Enable HTTP access.
Under Inbound security groups rules, remove the ssh rule.
Choose Add security group rule. For Type, choose HTTP. Under Source type, choose Anywhere.
Choose Add security group rule. For Type, choose HTTPS. Under Source type, choose Anywhere.
Expand Advanced details and under IAM instance profile, choose S3DynamoDBFullAccessRole.
In the User data box, paste the following code:
bashCopy code#!/bin/bash -ex wget https://aws-tc-largeobjects.s3-us-west-2.amazonaws.com/DEV-AWS-MO-GCNv2/FlaskApp.zip unzip FlaskApp.zip cd FlaskApp/ yum -y install python3-pip pip install -r requirements.txt yum -y install stress export PHOTOS_BUCKET=${SUB_PHOTOS_BUCKET} export AWS_DEFAULT_REGION=<INSERT REGION HERE> export DYNAMO_MODE=on FLASK_APP=application.py /usr/local/bin/flask run --host=0.0.0.0 --port=80Change the line
export AWS_DEFAULT_REGION=<INSERT REGION HERE>to match your region (e.g.,us-west-2).Choose Launch instance.
Choose View all instances.
Wait for the Instance state to change to Running and the Status check to change to 2/2 checks passed. Refresh the page if needed.
Select the running employee-directory-app instance by selecting its check box.
On the Details tab, copy the Public IPv4 address.
In a new browser window, paste the IP address (use
httpinstead ofhttps).You should see an Employee Directory placeholder.
Task 5: Stopping the Instance
To prevent future costs, stop the instance.
Return to the console, choose Instance state, and then Stop instance.
In the dialog box, choose Stop. The Instance state will change to Stopped.
Congratulations! You have successfully set up a VPC and launched an EC2 instance for your employee directory application.
Subscribe to my newsletter
Read articles from Dharamjeet Singh directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by
Dharamjeet Singh
Dharamjeet Singh
As a seasoned IT professional with over 18 years of extensive experience in the computer field, I have honed a diverse skill set that bridges traditional IT practices with cutting-edge cloud technologies. Holding a Master's degree in Information Technology (MSc-IT), I possess a deep academic foundation which complements my practical expertise. Since 2017, I have been specializing as an AWS Cloud Architect, where I leverage my comprehensive knowledge to design, implement, and manage scalable, secure, and cost-effective cloud solutions. My role involves collaborating with cross-functional teams to architect and deploy AWS infrastructures that align with business objectives and drive operational efficiency. Throughout my career, I have demonstrated a strong ability to lead complex projects, optimize IT processes, and implement innovative solutions that enhance system performance and reliability. My expertise spans cloud architecture, migration strategies, DevOps practices, automation, and security management, making me adept at navigating the dynamic landscape of cloud computing. I am passionate about continuous learning and staying updated with the latest advancements in technology, which allows me to deliver state-of-the-art solutions and maintain a competitive edge in the industry. My commitment to excellence and my proven track record of success underscore my capability to contribute effectively to any organization seeking to leverage the power of the cloud.