Building a Public & Private Cloud Network in AWS: VPC Setup, EC2 Launch, and Cross-Instance Connectivity
saumya singh
Introduction
Amazon Web Services (AWS) offers robust networking capabilities through Virtual Private Cloud (VPC), allowing you to design secure, isolated network environments. In this guide, we’ll:
Create a VPC with both public and private subnets
Launch EC2 instances in each subnet
Connect to instances using MobaXterm from a Windows machine
Test cross-instance connectivity by pinging IP addresses
By the end, you’ll understand how public and private networks work together in AWS.
Step-by-Step Guide
1. Create a VPC
Go to the AWS Management Console → VPC Service
Click Create VPC
Name: My-VPC
IPv4 CIDR block:
10.0.0.0/16Tenancy: Default
2. Create Public and Private Subnets
Public Subnet
Name:
Public-SubnetCIDR:
10.0.1.0/24Availability Zone:
ap-south-1aEnable Auto-assign public IP: Yes
Private Subnet
Name:
Private-SubnetCIDR:
10.0.2.0/24Availability Zone:
ap-south-1aAuto-assign public IP: No
3. Create an Internet Gateway (IGW)
- Go to Internet Gateways → Create IGW → Attach it to My-VPC
4. Create Route Tables
Public Route Table
Associate with Public Subnet
Add route:
0.0.0.0/0→ Internet Gateway
Private Route Table
Associate with Private Subnet
No internet route (for private network isolation)
5. Launch EC2 Instances
Public Instance
AMI: Amazon Linux 2
Instance type: t2.micro
Subnet: Public-Subnet (auto-assign public IP)
Security Group: Allow SSH from your IP, Allow ICMP (ping)
Private Instance
Same AMI & type
Subnet: Private-Subnet (no public IP)
Security Group: Allow ICMP and SSH from the Public Instance’s private IP range
6. Connect via MobaXterm (Windows)
Download & install MobaXterm on your Windows machine
Connect to Public Instance using
.pemkeyFrom the public instance, SSH into the private instance:
ssh -i mykey.pem ec2-user@<Private-Instance-Private-IP>
7. Test Connectivity Between Instances
From Public Instance:
ping <Private-Instance-Private-IP>From Private Instance:
ping <Public-Instance-Private-IP>
If ICMP is allowed in both security groups, you should see successful replies.
Architecture Diagram
Here’s a visual representation:
+-------------------+ +-------------------+
| Public Subnet | | Private Subnet |
| EC2: Public Inst | | EC2: Private Inst|
| 10.0.1.x | | 10.0.2.x |
+---------+---------+ +---------+---------+
| |
Internet GW No Internet
|
Your PC (MobaXterm)
Conclusion
By setting up a VPC with both public and private subnets, we achieve secure, segmented networking in AWS. The public subnet allows external access (via the Internet Gateway), while the private subnet ensures internal-only resources. Using MobaXterm simplifies remote access from Windows, and ping tests validate internal communication.
Key Learnings
Public subnets provide internet accessibility; private subnets keep workloads secure.
Security groups and routing tables control traffic flow.
MobaXterm is a powerful SSH client for Windows users.
Internal networking in AWS can be tested using simple ping commands.
Subscribe to my newsletter
Read articles from saumya singh directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by
saumya singh
saumya singh
Welcome to my corner of the cloud, where ideas scale faster than servers and downtime is not an option! Here, I write about everything from spinning up VPCs to tearing down myths about the cloud. Whether you’re an engineer, a curious learner, or someone who just likes seeing words like 'serverless' and 'auto-scaling,' you’re in the right place. Consider this blog your high-availability zone for tips, tutorials, and tech thoughts—delivered with 99.99% uptime .