How to Create AWS VPC

#takenote


AWS Virtual Private Cloud

10 steps to create and verify your VPC:

Step 01. Create a VPC

Step 02. Create 2 Public Subnet & Create 2 Private Subnet

Step 03. Create IGW (Internet Gateway) and Attach to the VPC

Step 04. Create Public and Private Route Table

Step 05. Add IGW in Public Route table (0.0.0.0/0)

Step 06. Add Public Subnet (1a & 1b) in Route table

Step 07. Create a NAT Gateway in Public Subnet

Step 08. Add NAT GW into the Private Route Table

Step 09. Add Private Subnet in Private Route Table

Step 10. Launch EC2 in this VPC & Validate your Connection

Optional Steps:

Step 11. Edit DNS Resolution and Hostname

Step 12. Cleanup the VPC Resources

Components of Amazon VPC

Amazon VPC comprises a variety of objects that will be familiar to customers with existing networks:

  • A Virtual Private Cloud: A logically isolated virtual network in the AWS cloud. You define a VPC’s IP address space from the ranges you select.
  • Subnet: A segment of a VPC’s IP address range where you can place groups of isolated resources.
  • Internet Gateway: The Amazon VPC side of a connection to the public Internet.
  • NAT Gateway: A highly available, managed Network Address Translation (NAT) service for your resources in a private subnet to access the Internet.
  • Route Table: A route table contains a set of rules, called routes, that are used to determine where network traffic from your subnet or gateway is directed.
  • DNS Hostname: The Amazon DNS server resolves a public DNS hostname to the public IPv4 address of the instance outside the network of the instance.
  • CIDR: Classless Inter-Domain Routing

Route table concepts

The following are the key concepts for route tables.

  • Main route table — The route table that automatically comes with your VPC. It controls the routing for all subnets that are not explicitly associated with any other route table.
  • Custom route table — A route table that you create for your VPC.
  • Edge association — A route table that you use to route inbound VPC traffic to an appliance. You associate a route table with the internet gateway or virtual private gateway, and specify the network interface of your appliance as the target for VPC traffic.
  • Route table association — The association between a route table and a subnet, internet gateway, or virtual private gateway.
  • Subnet route table — A route table that’s associated with a subnet.
  • Gateway route table — A route table that’s associated with an internet gateway or virtual private gateway.
  • Local gateway route table — A route table that’s associated with an Outposts local gateway. For information about local gateways, see Local Gateways in the AWS Outposts User Guide.
  • Destination — The range of IP addresses where you want traffic to go (destination CIDR). For example, an external corporate network with a 172.16.0.0/12 CIDR.
  • Target — The gateway, network interface, or connection through which to send the destination traffic; for example, an internet gateway.
  • Local route — A default route for communication within the VPC
Let’s start the implementation.
Step 01. Create a VPC
  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/
  2. Create your VPC with Valid CIDR and name.
Step 02. Create 2 Public Subnet & Create 2 Private Subnet
  1. Click Subnet and create your Subnet with:
  2. Public Subnet 1 and Public Subnet 2 valid Name & VPC.
  3. Valid Subnet range which is valid IPv4 CIDR Block.
  4. Repeat steps 2 & 3, with Private Subnet too.
Step 03. Create IGW (Internet Gateway) & Attach to the VPC
  • Once IGW create, then attached this IGW in VPC
Step 04. Create Public and Private Route Table
  • Create a Route table in the same VPC.
  • Make sure you selected the right VPC and give a proper tag.
Step 05. Add IGW in Public Route table (0.0.0.0/0)
  • Click on the Public route table and click on the edit button.
  • Click on Add route from 0.0.0.0/0
  • Select Internet gateway from Target drop-down menu.
  • Click on save the routes.
Step 06. Add Public Subnet (1a & 1b) in Route table
  • Edit the Subnet Association.
  • Select the Public Subnet checkbox.
  • Click on the Save button.
Step 07. Create a NAT Gateway in Public Subnet
  • Select a Public Subnet
  • Create a new Elastic IP and associate
  • click on Create NAT Gateway
Step 08. Add NAT GW into the Private Route Table
  • Click on the Private route table and click on the edit button.
  • Click on Add route from 0.0.0.0/0
  • Select nat gateway from Target drop-down menu.
  • Click on save the routes.
Step 09. Add Private Subnet in Private Route Table
  • Edit the Subnet Association.
  • Select the PrivateSubnet checkbox.
  • Click on the Save button.

Step 10. Launch EC2 in this VPC & Validate your Connection
  • Download the putty & puttygen software to your windows server.
  • Change your pem file to ppk extension.
  • Connect from you putty
OR
  • Connect with your MAC or Linux Machine with the below command.

chmod 400 file_name.pem
ssh - i file_name.pem ec2-user@your_pubilc_vm_ip

Once connected to your public instance you can copy your pem file to this instance and run the following command to connect to your private instance.

chmod 400 file_name.pem
ssh - i file_name.pem ec2-user@your_private_vm_ip
Then try to connect with the internet in a private instance.

yum update -y

If you are able to connect with a Private instance and able to update the instance. This means you are successfully Created your VPC and Public & Private subnets with the proper connection of your IGW/ NGW & Route Table.

In case of any error, Add VPC CIDR Range in your Security Group.
You need to open the port no. 22 from your Home IP address & the VPC CIDR range to access the Public instance.

Access your private instance from your public instances.

Optional Steps:
Step 11. Edit DNS Resolution and Hostname
When you launch an instance into a default VPC, we provide the instance with public and private DNS hostnames that correspond to the public IPv4 and private IPv4 addresses for the instance. When you launch an instance into a nondefault VPC, we provide the instance with a private DNS hostname and we might provide a public DNS hostname.

A public (external) DNS hostname takes the form ec2-public-ipv4-address.compute-1.amazonaws.com for the us-east-1 Region, and ec2-public-ipv4-address.region.compute.amazonaws.com for other Regions. The Amazon DNS server resolves a public DNS hostname to the public IPv4 address of the instance outside the network of the instance, and to the private IPv4 address of the instance from within the network of the instance.

  1. Click on Action and Edit DNS hostname
  2. Checkmark on DNS Hostname and click on save.

Step 12. Cleanup the VPC Resources

There are the hierarchy of steps, available to delete you VPC
  • Terminate EC2 instances, which will remove the network interface card (NIC), attached with Private or Public IP
  • Remove Elastic IP
  • Terminate NAT Gateway
  • Dtattached Internet Gateway (IGW)
  • Delete IGW
  • At last, you can Delete your VPC, and this step will delete all the related VPC resources.

Conclusion:

  1. VPC Creation, Subnet Creation, IGW, NGW, Route table.
  2. Subnet association & IGW/NGW Attachment with Route Table.
  3. EC2 instance connectivity with the private and public subnet
  4. DNS Hostname Setup.
  5. VPC Clean up Activity.