Hi there, In this article, I will try to convey my experiences about VPC on AWS. Let’s begin slightly, VPC consists of the initials of the words Virtual Private Cloud. VPC such as a virtual laboratory that allows your resources to work and communicate with each other on the same network. Let’s say you have a room and you have an internet source in that room. In your dream laboratory, you have 10 servers, 5 PCs and some devices that connect to the internet. How can we enrich this imaginary laboratory? You can connect a firewall to the internet resource and increase the security. Then you can distribute the internet to all your resources by adding a switch and access points to the other end of the firewall. Finally all your devices are living connected to the network. VPC starts right at the door of the dream lab. Dozens or even hundreds of your devices are knocking on the network door from only one source. You let in what you want, reject what you don’t want.
Prerequisites
- AWS Account — Practices won’t charge by Amazon
- A little network knowledge
- Curiosity
Practice Time
First of all, type to search bar VPC and click to VPC under of services.
Since option VPC and more will automatically create our subnets, route tables etc. we continue from option VPC only to understand the basic architecture. Enter a name whatever you want. Assuming that there is no IPAM pool before, we continue with the manual option.
Important part — IPv4 CIDR
We will create our VPC at 10.10.0.0/16 CIDR block. This will allow us to define more than 65,000 IPs. How do I know that? Click here and go to calculator type 10.10.0.0 and select 16 from the dropdown. Here is the results :)
Then leave the other choices default as default and create VPC.
Important part — Tags
AWS aims to facilitate pricing and resource management by enabling us to create tags while using almost all services(No pricing here cool down :)
Congratulations, your first VPC has been created!
Important part — DNS resolution
After creating the VPC, our first task will be to activate the DNS resolution option, otherwise our resources will not be able to communicate with each other.
Go To Actions > Edit DNS Resolution > Enable DNS resolution
Let’s Connect To Network
We created a VPC however didn’t connected to internet. For that, we connect the entire VPC to the network by adding an internet gateway. I have to say that this will be the simplest part.
Go To VPC > Internet Gateways > Enter a name and create an IG thats it :) however our internet gateway didn’t attached to our VPC
Select the select box of your IG then Actions > Attach to VPC
Route Tables
Router tables are easy to understand, but you should be very careful in its implementation. We created a VPC, connected to Internet gateway but how do we route the communication. When you click to route tables tab, you should see a default route table which defines all requests from the 10.10.0.0/16 range as local requests and forwards the relevant IP address. What about the rest of the internet world? We will define it together.
Go To Route Tables > Select Your Default Route Table > Routes(from bottom part) > Edit Routes
Add 0.0.0.0/0 and Select your Internet gateway as target
However, all requests coming from or out of 10.10.0.0/16 will be forwarded to the Internet gateway.,
Subnets
A subnet is a range of IP addresses in your VPC. After creating a VPC, you can add one or more subnets in each Availability Zone — As defining by AWS. We can exemplify this. We said that we can define more than 65 thousand IPs with the 10.10.0.0/16 CIDR block we have. How about this 10.10.20.0/16, allows us totally 256 IP (usable 251 IP). This means that each subnet can host 251 devices. Let’s create some subnets!
Go To VPC > Subnets > Create subnet > Select your VPC
Select your avalibility zone and use smart naming
- SN — {Name} — {ZoneCode} — {P if private Subnet}
Then create a private subnet
If you’ve come this far, you’ve met the 3rd requirement, congratulations🥳
Important Part
Private subnets should not be able to access the internet therefore save your subnet and go back to route tables and create new route table which cannot access to internet gateway
then click to Subnet associations tab and associate your private subnets. Thats it… Your VPC, subnets and route tables are ready to go…
What? Did we forget something or…. hmmm yes we did.
We must ensure automatic assing IP assignment to our resources(just for public subnets)
Go To Subnets > Select a public subnet > Edit Subnet Settings
here we are now🥳
Let’s Try On EC2 (!!!Billing Alert!!!)
- If you are new on AWS probably entitled to free tier(just for t2.mikro instances). You wont be charged but please do not try if you do not have enough knowledge about virtual machines in AWS.
BOOM 💣
As you may see our EC2 IP on subnet 10.10.10.146 thanks to auto assign. Please do not forget, public subnets can accessible from whole world(0.0.0.0/0) however private subnet can accessible only by your defined IP such as 10.10.10.146. That means above machine can access to machines on private subnets.
Sincerely,
yusuf
