Introduction to AWS VPC

2017-12-05 01_12_19-Using Ansible for Configuration Management and Dep - Microsoft OneNote

Introduction

The document takes us through the process of creating and configuring a new Virtual Private Cloud (VPC). creating of  couple of subnets and an internet gateway.

What is VPC

is Virtual Private cloud which allow us to create logically isolated sections under aws where we can put our aws resources like EC2 instances , and the owner has full control over the virtual networking for this section which includes selection of IP addresses , creation of subnets , internet gateways and route tables.

When we create aws account we are provided by a default VPC.

Along with VPC  following components are created automatically which required to work VPC properly

  • IGW (Internet Gateway)
  • A route table
  • Network access control list (NACL)
  • Subnet to provision aws resources

What is Internet Gateway

A combination of hardware and software which provides routes for our private VPC  to the outside world

image2017-12-5_0-17-19

What is Internet NACL (Network access control list)

ITs a optional layer of security for the VPC and its acts as a firewall controlling traffic in or out of one or more subnets.

image2017-12-5_0-20-36

 

What is Subnet

A subnet is shorthand for SUBNETWORK it includes all the computers with in particular availability zone in the regions after creating VPC we can create multiple subnets either public or private. Subnet should must resided within a zone each subnet cann’t expand multiple region .

image2017-12-5_0-27-49

What is Route Table

set of rules which are called as routes which determine where the network traffic is directed

image2017-12-5_0-20-36 (1)

Create a VPC

Let’s start by creating a new Virtual Private Cloud (VPC).

  • Navigate to the VPC Dashboard in AWS.
  • Click the Your VPCs link in the navigation pane to the left of the page.
  • Click the Create VPC button at the top of the list.
  • Set the Name tag to my-new-vpc
  • Define the IPv4 CIDR block to be 10.0.0.0/16
  • Leave the IPv6 CIDR block and Tenancy settings unchanged.
  • Click the Yes, Create button.

You will see the new VPC named my-new-vpc in the list of VPCs. We can move on to configuring subnets.

Configuring subnets

We will create two subnets: a private and a public. Let’s quickly discuss the difference before moving on.

Private Subnets vs. Public Subnets

A private subnet is one without an internet gateway and is therefore “isolated” to our VPC. A public subnet is one that does have an internet gateway attached, allowing it to interact with the outside world. New subnets are created without internet gateways attached and are therefore initially private. If you intend to create a public subnet, you’ll have to attach an internet gateway.

Create new subnets

We will now create two new subnets. We want one to be public and one to be private, so we will need to create and attach an internet gateway to one of them. Let’s start by creating the subnet we want to be private.

  • Click the Subnetslink on the left of the page.
  • Use the Create Subnetbutton to get started.
  • Since this is a subnet we intend to keep as private, type a Name tagof my-private-subnet.
  • Set the VPCto the new one we created (identified by the my-new-subnet name we gave it).
  • For the Availability Zone, we can choose us-east-1a. If you don’t see us-east-1a, just choose another option and it will work the same way.
  • Set the IPv4 CIDR blockto 0.1.0/24
  • Click the Yes, Create

Now we will create the subnet we want to be public.

  • Click the Create Subnet
  • Set the Name tagto my-public-subnet so that we can easily identify which subnet we intend to be public
  • Set the VPCto my-new-vpc
  • Choose the same availability zone as the private subnet: us-east-1a
  • Set the IPv4 CIDR blockto 0.2.0/24
  • Click Yes, Create

We will see both subnets listed on the page. Now we need to make the subnet we just created (my-public-subnet) public by creating and attaching an Internet Gateway.

Create Internet Gateway

Let’s create an Internet Gateway that we can attach to our VPC in order to be able to create public subnets.

  • Click the Internet Gatewayslink on the left of the page.
  • Click the Create Internet Gatewaybutton
  • Type a Name tagof my-internet-gateway to fit the naming convention
  • Use the Yes, Create button to create the Internet Gateway.

we will see the new Internet Gateway listed on this page. Notice that it’s State is detached. Attach it to the VPC we created:

  • Right click the my-internet-gatewaylisting and choose the Attach to VPC
  • Select the my-new-vpc
  • Click Yes, Attach

The State will now show attached.

Attaching the Internet Gateway with a Route Table

We will now configure a new Route Table for the Internet Gateway and explicitly associate it to the subnet we want to be public.

  • Navigate to the Route Tables
  • Click the Create Route Table
  • Type a Name tagof my-route-table
  • Set the VPCto my-new-vpc.
  • Click the Yes, Create

You’ll see the new Route Table in the list. It should be selected by default. We’ll configure it further using the pane at the bottom of the page.

Let’s add a new route for the Internet Gateway:

  • Click the Routes
  • Click the Edit
  • Click the Add another routebutton to add an entry.
  • For the Destination, type 0.0.0/0(this represents any/every IP address).
  • For the Target, select the Internet Gateway
  • Click the Save

We can now explicitly associate this Route Table to the subnet we want to be public:

  • Navigate to the Subnet Associations
  • Click the Edit
  • Check the Associatebox beside the subnet we called my-public-subnet
  • Click the Save