Setting up a Virtual Private Cloud (VPC) in AWS is essential for building a secure and scalable cloud infrastructure. In this blog, we'll walk through the step-by-step process of creating a VPC with two availability zones, public and private subnets, an Application Load Balancer (ALB), and an Auto Scaling Group (ASG). This setup ensures high availability, scalability, and security for your cloud applications.

By the end of this guide, you will have:

✅ A VPC spanning two availability zones
✅ Public and private subnets for network segmentation
✅ An Internet Gateway (IGW) for public access
✅ A NAT Gateway to allow private subnets to reach the internet securely
✅ An Application Load Balancer (ALB) for traffic distribution
✅ An Auto Scaling Group (ASG) to dynamically adjust capacity based on demand

The below diagram showcases the overall infrastructure of the project :

Step 1: Create a VPC

A Virtual Private Cloud (VPC) is an isolated network in AWS where you can deploy resources like EC2 instances, RDS databases, and load balancers. A VPC allows fine-grained control over networking and security.

AWS provides a default VPC in every region, when you create your AWS account. These VPCs along with their subnets and route tables and other networking configurations. AWS does not charge for these VPCs and our own custom VPCs unless we use services like NAT Gateway, Elastic IPs and VPN.

Steps to Create a VPC

Go to AWS Console → Navigate to VPC.
Click Create VPC.
Enter VPC details:
- Name: Provide a suitable name for your VPC
- IPv4 CIDR block: 10.0.0.0/16 (provides 65,536 IPs)
- Tenancy: Default
Click Create VPC.

Step 2: Create Public and Private Subnets

A subnet is a smaller network inside a VPC. We create public subnets (accessible from the internet) and private subnets (for internal resources like databases).

Steps to Create Subnets

Go to VPC Dashboard → Subnets → Create Subnet.
Select the VPC you created.
Create Public Subnets:
- Public-Subnet-1 (AZ1) → 10.0.1.0/24
- Public-Subnet-2 (AZ2) → 10.0.3.0/24
Create Private Subnets:
- Private-Subnet-1 (AZ1) → 10.0.2.0/24
- Private-Subnet-2 (AZ2) → 10.0.4.0/24
Click Create Subnets.

Step 3: Set Up Internet Access

An Internet Gateway (IGW) allows resources in a public subnet to communicate with the internet.

Steps to Create an IGW

Go to VPC Dashboard → Internet Gateways → Create Internet Gateway.
Name: Provide a suitable name for your Internet Gateway
Click Attach to VPC → Select your Internet Gateway → Attach.

Steps to Configure Route Table for Public Subnets

Go to Route Tables → Click Create Route Table.
Name: Name the route table , VPC: Select the VPC you created
Add Route:
- Destination: 0.0.0.0/0
- Target: Internet Gateway created by you
Associate Public Subnets with Public routes created by you.

Step 4: Set Up NAT Gateway for Private Subnets

A NAT (Network Address Translation) Gateway allows private subnets to access the internet without exposing them to incoming traffic.
AWS public IPs change if you restart an instance. An Elastic IP remains the same even after instance restarts. Every AWS account can hold up to five elastic IPs per region. However, you can request AWS if you are in need of more than five elastic IPs.

Steps to Create a NAT Gateway

Allocate an Elastic IP (EC2 Dashboard → Elastic IPs → Allocate).
Go to VPC Dashboard → NAT Gateways → Click Create NAT Gateway.
Select Public Subnet: Public-Subnet-1.
Attach Elastic IP.
Click Create NAT Gateway.

Steps to Configure Route Table for Private Subnets

Go to Route Tables → Create Route Table.
Name: private-route-table, VPC: .Select the VPC you created
Add Route:
- Destination: 0.0.0.0/0
- Target: Select the NAT Gateway created by you
Associate Private Subnets with Private route tables.

Step 5: Create an Application Load Balancer (ALB)

A Load Balancer distributes traffic across multiple EC2 instances, ensuring high availability and fault tolerance. We have chosen an Application Load Balancer (ALB), which operates at Layer 7 (Application Layer) of the OSI model. It supports HTTP and HTTPS protocols and allows traffic routing based on hostnames, paths, or query parameters.

Before creating the ALB, we must define a security group that allows inbound traffic on port 80.

Go to EC2 Dashboard → Load Balancers → Create Load Balancer.
Select Application Load Balancer.
Configure:
- Name: Provide a proper name to your Load Balancer
- Scheme: Internet-facing
- VPC: Select the VPC created by you

What is a Target Group?

A Target Group is a logical grouping of EC2 instances or IP addresses that the Application Load Balancer (ALB) routes traffic to. When a request reaches the ALB, it forwards the request to one of the registered targets in the target group based on the load balancing algorithm.

Steps to Create a Target Group

Go to EC2 Dashboard → Target Groups → Create Target Group.
Choose Target Type:
- Select Instances if using EC2 instances.
Define Target Group:
- Name: Provide a name to your target group
- Protocol: HTTP
- Port: 80
- VPC: Select the VPC created by you
Register Targets:
- Click Register Targets
- Select running EC2 instances
- Click Include as Pending → Register
Click Create Target Group.

Step 6: Create an Auto Scaling Group (ASG)

What is an Auto Scaling Group?

An Auto Scaling Group (ASG) automatically scales EC2 instances based on demand. It ensures that the required number of instances is always running to handle traffic efficiently and maintain high availability.

Steps to Create ASG

Go to EC2 Dashboard → Auto Scaling Groups → Create Auto Scaling Group.
Network: Attach to Private Subnets.
Attach to ALB.
Scaling Policy:
- Desired: 2
- Minimum: 1
- Maximum: 3
  
  Implementing this architecture enables you to host resilient applications in the cloud while maintaining control over networking, security, and cost optimization. With AWS services like Application Load Balancer and Auto Scaling Group, your application can automatically scale based on demand, ensuring uninterrupted performance.

Deploying a Scalable AWS VPC with Load Balancer and Auto Scaling Group