In AWS a VPC (Virtual Private Cloud) allows you to build out your own piece of the AWS cloud, the way you want it, i.e such as your Data Center schema for example if you’re migrating over.
I’ve been going through the material to recertify my Solutions Architect cert, therefore thought I’d put it down in writing for reference.
Create your CIDR block
Within the console, navigate to “VPC” . Once you’re in the VPC dashboard you can launch the VPC Wizard, but you don’t really learn much going that route. Navigate down the left pane and select “Your VPCs”.
Hit Create VPC and you will be presented with the following screen, which will ask you for certain information.
Give your VPC a useful name and specify your Classless InterDomain Routing block. You can select the radio button to assign an IPv6 block, but I didn’t, and I left Tenancy at Default instead of “Dedicated” as I don’t need my VPC running on dedicated AWS hardware/resource.
If successful you’ll receive:
By creating a new VPC, you’ll automatically receive the following:
- A new Routing table
- A new default Network ACL (Access Control List)
- A new default Security Group.
Next step is to create your individual subnets that will be carved out from your VPC’s CIDR block. On the left hand pane select “Subnets”.
You will find a handful of subnets already listed, but these are the default subnets for the default VPC. The new subnets we create will be in addition to these.
Give the first subnet a useful name, assign it into the new VPC you’ve just created and drop it into an “Availability Zone” of your choosing. I shall be making two subnets – a Public and a Private, therefore each will go into a different AZ for additional resilience.
Follow the same steps for the second, private subnet and hit “Create”. We now have two subnets, one for our Public facing services and a second, Private subnet for our backend.
At the moment we have no means of internet access out of our newly provisioned VPC and Subnets, therefore we need to remedy that so our resources can update/talk out etc.
We don’t want newly provisioned resources in our VPC to use the default routing table, therefore we need to create a new one, associate it with our Public facing subnet and give it a Gateway out.
On the left pane in the VPC Dashboard navigate to:
Give your Routing table a useful name, associate it with your VPC and hit “Create”. Highlighting your newly created Routing table will display a number of tabs:
Select the “Subnet Associations” tab and hit “Edit subnet associations” to link your new, public subnet to this new routing table.
Make sure to select the Public subnet and hit Save, as we are now going to create a Internet Gateway and specify a default route in our Routing table to forward non-local traffic out to the internet via our IGW.
Navigate down the left pane of the VPC Dashboard to “Internet Gateways” and create a new IGW.
Highlight your new Internet Gateway and select “Actions -> Attach to VPC”
Select your new VPC and hit “Attach”. Now go back to your Route Tables and highlight your newly created Routing Table for your public subnet.
Go to the Routes tab and then “Edit routes”. Add a new default route with a destination of 0.0.0.0/0 (anywhere other than the routes you know about), as a Target select your newly created Internet Gateway and hit “Save routes”.
You will now have a default route below your local route, which will forward all non-local traffic to the Internet Gateway.
In Part 2 we’ll finish off by:
- Creating suitably secure Security Groups for our Public and Private instances.
- Creating an EC2 instance as a web server and confirming all the routing and necessary security is in place.
- Creating a NAT Gateway to provide the private subnet with means to get to the internet.
To be continued…