VPC
AWS VPC allows users to define a logically isolated virtual network in the AWS cloud. This virtual network closely resembles a traditional network that you might operate in your own data center, with the benefits of using scalable AWS infrastructure. Within a VPC, you can deploy AWS resources such as EC2 instances, RDS databases, and more, ensuring they are securely isolated and can communicate with each other.
Steps on how to set up an Amazon VPC :
Go to the AWS Management Console (https://aws.amazon.com/) and sign in to your account.
In the AWS Management Console, search for and select "VPC" or find it under "Networking & Content Delivery."
Step 1 : Click "Create VPC"
Define a name for VPC and specify the IPv4 CIDR block (10.0.0.0/16)
I have used 10.0.0.0/16 CIDR Block for VPC, Now We have 65,536 ip address
We have two options in tenancy (default and dedicated). Dedicated cost is too high. So, I have chosen Default.
Then, Click Create VPC
Step 2 : Create a Public & Private subnet for different Available AZs by assigning different CIDR blocks
For, Public subnet i need 256 ip address
For, Private subnet i need 256 ip address
In the left side menu click subnet & Click Create subnet
Select existing VPC "MY_VPC"
Enter Subnet name for "Public Subnet"
Choose AZ for "Public Subnet"
Enter IPV4 with CIDR block for "Public Subnet"
Click Create subnet
Now, Successfully public subnet created.
Now, Need to create Private Subnet
Successfully created Public & Private subnet
Step 3 : Create Internet Gateway & Attach it to the VPC
Click create internet gateway
Set Name & Click "Create internet gateway"
Internet Gateway successfully created
Now, it is showing detached mode, Need to attach Internet Gateway to VPC
Select available VPC and Click "Attach internet gateway"
Now, Successfully attached
Step 4 : Create Routing table for One as Public & One as private by associating the appropriate subnet to it
Enter Route table name for "Public", Select VPC & Select "Create route table"
Enter Route table name for "Private", Select VPC & Select "Create route table"
Now, successfully created Public, Private route table
Now need to associate to Public subnet & Private subnet
Click Subnet associations & Click "edit subnet associations"
Now, click public subnet and Click "save associations"
click private subnet and Click "save associations"
Now, Routing table successfully associate to Public & Private subnet
Step 5 : Edit the route table's Route alone and Map the IGW, not the Private and leave it as it is.
Note: I will give internet connection to "Public route table" Only.
Go to Route table, Select public route table, Click "Route", Click "Edit route"
Click "add route"
Select "Internet gateway" in empty box
Select "igw" choose "internet gateway" default
Select destination box, Select "0.0.0.0/0"
Step 6 : Create two security group,
one for public (Edit the inbound rule with RDP, HTTP/HTTPS, SSH and map 0.0.0.0/0 in the source)
one for private (Edit the inbound rule and map the "Security Group" of public in the source)
Now, Successfully "Public Security Group" Created
Now, Need to create Private secruity group
Copy the Public security group id ( sg-0d6808a8ed83081fb )
Create security group for private subnet
Note : To access private subnet ip from Public Subnet IP , add public subnet ip with CIDR block or public security group id in private security group
In this scenario, i have added public security group id in private security group
Click "Create security group"
Now successfully created "Private sec group"
Step 7 : Create two EC2 instances, one for Public subnet and another one Private subnet with proper security group
1st instance :
2nd instane
Now, Open the Public machine, Copy the Public IP address
Enter the credentials
now, we can access Public machine
Copy the private machine ip address
There is no public ip address, So, we can't open that machine
We need to access that private ip address only from public ip machine
Open RDP in inside public machine, Enter private ip & Username, password
Now, We can access private ip machine
Note : This connectivity called JumpBox / Bastion Host
Conclusion :
AWS VPC is a fundamental building block for designing and deploying scalable and secure cloud applications on AWS. By understanding its core concepts and features, you can leverage AWS VPC to create flexible and reliable network architectures that meet your organization's specific needs.
Start exploring AWS VPC today and discover how it can empower your cloud infrastructure with enhanced security, scalability, and connectivity.