Getting Started With VPC (Setting Up VPC In AWS) - Part Four

In this article of the series of articles around VPC, we are going to learn lot of cool and  important topics which can make your instances secure on the cloud. We will be covering the below topics:
  • Setting up VPC in AWS

    • Creating VPC.
    • Creating Public and Private Subnets.
    • Creating Internet Gateway.
    • Creating Elastic IP.
    • Creating NAT Gateway.
    • Creating route table and subnet associations.

  • Using VPC while creating EC2 instance
Let’s get started.
 

SETTING UP VPC IN AWS

 
In the previous article we have seen and understood the network architecture of VPC and also saw what things are required. So now let’s get started with the actual setup.
 
Go to the VPC dashboard.
 
Setting up VPC in AWS
 

CREATING VPC

 
Go to Your VPCs and click on create VPC.
 
We have selected North California region as it has 2 Availability Zones. So, we have selected it to have high availability and also to show simplicity for the example.
 
Setting up VPC in AWS
 
We can see that we have given the VPC range as 172.20.0.0/16 and after saving,  we can see that our VPC has been created successfully.
 
Setting up VPC in AWS
 
As we know that when we create an EC2 instance then it gets a public IP and also gets a public DNS name.
 
So, we can give public DNS name to the VPC, by selecting Edit DNS hostnames.
 
Setting up VPC in AWS
 
And enable the DNS hostnames option.
 
Setting up VPC in AWS
 

CREATING PUBLIC AND PRIVATE SUBNETS

 
Now as discussed previously, it’s time to create 2 public and 2 private subnets.
 
Go to Subnets and click on Create Subnet and enter the details and select the VPC we just created as shown below.
 
Setting up VPC in AWS
 
Here we selected the Availability Zone as us-west-1b for first public subnet and similarly will create another public subnet in different Availability Zone as us-west-1c.
 
Setting up VPC in AWS
 
As by now we have created 2 public subnets and instances in the public subnet which will have direct access to the internet. So, for public subnets we can do the setting where for every instance created in a public subnet a public IP will be auto assigned.
 
This can be done from the modify auto assign IP settings menu option.
 
Setting up VPC in AWS
 
Enable this option for the selected public subnet 1 and 2 and click save.
 
Setting up VPC in AWS
NOTE
Even if we give a public IP setting to the private subnet for the instances in private subnet then also you cannot access it as it will be disabled by the NAT gateway.
 
Now create 2 private subnets as shown below and enter the CIDR block which we calculated in the previous articles of this series.
 
Setting up VPC in AWS
 
Setting up VPC in AWS
 
Finally, we can see that our 4 subnets have been created successfully.
 
Setting up VPC in AWS
 
After the creation of subnets, next, we are going to create an Internet Gateway.
 

CREATING INTERNET GATEWAY

 
Go to internet gateway and click on create.
 
Setting up VPC in AWS 
And we can see that it has been created successfully with status as detached.
 
Setting up VPC in AWS
So, we have to attach it to the VPC we created as My-VPC.
 
For this , go to actions to attach to the VPC.
 
Setting up VPC in AWS
And it has been attached as we can see in the image below.
 
 
NOTE
We don’t attach the Internet gateway to the public subnets, we attach it to the VPC only and the route table tells the subnet to go to the internet gateway.
 
So, we will set up route table, but before that we need to set up NAT gateway and before that we need to set up Elastic IP.
 
NAT gateway needs to have a static IP and elastic IP gives us the static IP which does not change.
 

CREATING ELASTIC IP

 
Go to elastic IP tab and click on allocate address.
 
Setting up VPC in AWS
 
And with this simple step we get the elastic IP which we can attach to the NAT gateway.
 
Setting up VPC in AWS
 
Now let’s create NAT gateway.
 

CREATING NAT GATEWAY

 
Go to NAT gateway and click on create NAT gateway.
 
As we said that NAT gateway lives in public subnet so select public subnet and assign the elastic IP to it.
 
Due to cost considerations, we are going to create only 1 NAT gateway and place it inside public subnet 1. You can create 2 separate NAT gateways for each public subnet.
 
Setting up VPC in AWS 
Setting up VPC in AWS 
Setting up VPC in AWS
Hit Create NAT gateway and we can see that it has been created and is in available status.
 
Setting up VPC in AWS
 
Next is to create the route table.
 

CREATING ROUTE TABLE AND SUBNET ASSOCIATIONS

 
What makes subnet public or private is actually the route table. It routes the traffic going out of the subnet.
 
For public subnet(s) the traffic going out goes to the internet gateway.
 
For private subnet(s) the traffic going out goes to the NAT gateway, as from NAT gateway they can access the internet. For example: If instances in private subnet need to install a package that can be downloaded from the internet then this kind of communication happens.
 
Now to create route table go to route tables and click on create route table.
 
Let’s first create route table for public subnets.
 
Setting up VPC in AWS
 
We are going to create VPC network similar to what's shown above. It is just that we are going to have only 1 NAT gateway and 2 route tables, but conceptually it is going to be similar.
 
Setting up VPC in AWS
 
And we will select our VPC.
 
As we can see, public route table has been created. So now we need to edit the routes
 
Setting up VPC in AWS
 
This above is the default route . As when there will be inter communication b/w instances in the subnets in VPC, so that time the destination will be the IPs available in the VPC range i.e. 172.20.0.0/16.
 
If the destination belongs to the VPC range, then the traffic will be routed locally.
 
Anything else apart form that goes to the internet gateway; i.e. 0.0.0.0/0. Any IP which does not belong to the default route will go to the Internet Gateway. So we have to add Internet Gateway for the public subnet.
 
Setting up VPC in AWS
Now after editing routes, add the subnets to the route table. So, go to subnet associations and select the public subnets 1 and 2.
 
Setting up VPC in AWS
Similarly, do it for private route table for private subnets and select NAT gateway for private route table.
 
Setting up VPC in AWS 
Setting up VPC in AWS
Setting up VPC in AWS
Then select private subnets to associate with the private route table as shown below.
 
Setting up VPC in AWS
NOTE
Traffic going out of private subnet goes to the NAT Gateway.
 
So, by now, we have created
  • 1 VPC
  • 4 Subnets (2 public and 2 private)
  • 1 Internet Gateway
  • 1 NAT Gateway
  • 2 Route Tables.
Thus, we are able to create a highly available and secure network as we have placed our subnets in different Availability Zones.
 

USING VPC WHILE CREATING EC2 INSTANCE

 
After such a long list of things that we created and set up, now let’s see how we can actually use this VPC in EC2 instances.
 
Let’s create an EC2 instance and select the newly created VPC (My-VPC) and the subnet as public subnet 1 so that we can connect to this EC2 instance over internet and see if we are able to connect to it using the public IP via SSH.
 
Below are some of the images while setting up EC2 instance. To know how we can create an EC2 instance in AWS , you can check out my previous article Host Your Sample App In AWS Instance Using EC2 Service.
 
Setting up VPC in AWS
 
Here we can see that instead of default VPC, we have selected my-VPC and subnet as Public Subnet1.
 
We have given this EC2 instance a tag and security group as shown below.
 
Setting up VPC in AWS 
Setting up VPC in AWS
 
And finally created the key pair to login to this instance.
 
Setting up VPC in AWS
 
After launch instance we can see that it has been created successfully.
 
Setting up VPC in AWS
 
So, the instance is up and running and we can see that the private IP is in the range of the public subnet 1 which we created earlier with IP range as 172.20.1.0/16.
 
This means that this EC2 instance has been created in the public subnet 1 and that is the reason why the instance private IP is under the range of public subnet 1.
 
Now the last step is to see if we are able to login via SSH over the internet.
 
Setting up VPC in AWS
 
Great 😊 we can see that we are successfully able to login to this instance.
 

SUMMARY

 
In this article we learned, how we can actually set up VPC. We saw the concept of subnets, internet gateway, NAT gateway, route tables, subnet associations etc. In the next article we will be seeing some other interesting concepts around VPC.
 
You can see some of the previous articles of this series as under,
I hope you find this article helpful. Stay tuned for more … Cheers!!