Let’s get started.
SETTING UP VPC IN AWS
In the previous article we have seen and understood the network architecture of VPC and also saw what things are required. So now let’s get started with the actual setup.
Go to the VPC dashboard.
CREATING VPC
Go to Your VPCs and click on create VPC.
We have selected North California region as it has 2 Availability Zones. So, we have selected it to have high availability and also to show simplicity for the example.
We can see that we have given the VPC range as 172.20.0.0/16 and after saving, we can see that our VPC has been created successfully.
As we know that when we create an EC2 instance then it gets a public IP and also gets a public DNS name.
So, we can give public DNS name to the VPC, by selecting Edit DNS hostnames.
And enable the DNS hostnames option.
CREATING PUBLIC AND PRIVATE SUBNETS
Now as discussed previously, it’s time to create 2 public and 2 private subnets.
Go to Subnets and click on Create Subnet and enter the details and select the VPC we just created as shown below.
Here we selected the Availability Zone as us-west-1b for first public subnet and similarly will create another public subnet in different Availability Zone as us-west-1c.
As by now we have created 2 public subnets and instances in the public subnet which will have direct access to the internet. So, for public subnets we can do the setting where for every instance created in a public subnet a public IP will be auto assigned.
This can be done from the modify auto assign IP settings menu option.
Enable this option for the selected public subnet 1 and 2 and click save.
NOTE
Even if we give a public IP setting to the private subnet for the instances in private subnet then also you cannot access it as it will be disabled by the NAT gateway.
Now create 2 private subnets as shown below and enter the CIDR block which we calculated in the previous articles of this series.
Finally, we can see that our 4 subnets have been created successfully.
After the creation of subnets, next, we are going to create an Internet Gateway.
CREATING INTERNET GATEWAY
Go to internet gateway and click on create.
And we can see that it has been created successfully with status as detached.
So, we have to attach it to the VPC we created as My-VPC.
For this , go to actions to attach to the VPC.
And it has been attached as we can see in the image below.
NOTE
We don’t attach the Internet gateway to the public subnets, we attach it to the VPC only and the route table tells the subnet to go to the internet gateway.
So, we will set up route table, but before that we need to set up NAT gateway and before that we need to set up Elastic IP.
NAT gateway needs to have a static IP and elastic IP gives us the static IP which does not change.
CREATING ELASTIC IP
Go to elastic IP tab and click on allocate address.
And with this simple step we get the elastic IP which we can attach to the NAT gateway.
Now let’s create NAT gateway.
CREATING NAT GATEWAY
Go to NAT gateway and click on create NAT gateway.
As we said that NAT gateway lives in public subnet so select public subnet and assign the elastic IP to it.
Due to cost considerations, we are going to create only 1 NAT gateway and place it inside public subnet 1. You can create 2 separate NAT gateways for each public subnet.
Hit Create NAT gateway and we can see that it has been created and is in available status.
Next is to create the route table.
CREATING ROUTE TABLE AND SUBNET ASSOCIATIONS
What makes subnet public or private is actually the route table. It routes the traffic going out of the subnet.
For public subnet(s) the traffic going out goes to the internet gateway.
For private subnet(s) the traffic going out goes to the NAT gateway, as from NAT gateway they can access the internet. For example: If instances in private subnet need to install a package that can be downloaded from the internet then this kind of communication happens.
Now to create route table go to route tables and click on create route table.
Let’s first create route table for public subnets.
We are going to create VPC network similar to what's shown above. It is just that we are going to have only 1 NAT gateway and 2 route tables, but conceptually it is going to be similar.
And we will select our VPC.
As we can see, public route table has been created. So now we need to edit the routes
This above is the default route . As when there will be inter communication b/w instances in the subnets in VPC, so that time the destination will be the IPs available in the VPC range i.e. 172.20.0.0/16.
If the destination belongs to the VPC range, then the traffic will be routed locally.
Anything else apart form that goes to the internet gateway; i.e. 0.0.0.0/0. Any IP which does not belong to the default route will go to the Internet Gateway. So we have to add Internet Gateway for the public subnet.
Now after editing routes, add the subnets to the route table. So, go to subnet associations and select the public subnets 1 and 2.
Similarly, do it for private route table for private subnets and select NAT gateway for private route table.
Then select private subnets to associate with the private route table as shown below.
NOTE
Traffic going out of private subnet goes to the NAT Gateway.
So, by now, we have created
- 1 VPC
- 4 Subnets (2 public and 2 private)
- 1 Internet Gateway
- 1 NAT Gateway
- 2 Route Tables.
Thus, we are able to create a highly available and secure network as we have placed our subnets in different Availability Zones.
USING VPC WHILE CREATING EC2 INSTANCE
After such a long list of things that we created and set up, now let’s see how we can actually use this VPC in EC2 instances.
Let’s create an EC2 instance and select the newly created VPC (My-VPC) and the subnet as public subnet 1 so that we can connect to this EC2 instance over internet and see if we are able to connect to it using the public IP via SSH.
Here we can see that instead of default VPC, we have selected my-VPC and subnet as Public Subnet1.
We have given this EC2 instance a tag and security group as shown below.
And finally created the key pair to login to this instance.
After launch instance we can see that it has been created successfully.
So, the instance is up and running and we can see that the private IP is in the range of the public subnet 1 which we created earlier with IP range as 172.20.1.0/16.
This means that this EC2 instance has been created in the public subnet 1 and that is the reason why the instance private IP is under the range of public subnet 1.
Now the last step is to see if we are able to login via SSH over the internet.
Great ๐ we can see that we are successfully able to login to this instance.
SUMMARY
In this article we learned, how we can actually set up VPC. We saw the concept of subnets, internet gateway, NAT gateway, route tables, subnet associations etc. In the next article we will be seeing some other interesting concepts around VPC.
You can see some of the previous articles of this series as under,
I hope you find this article helpful. Stay tuned for more … Cheers!!