VPC stands for Virtual Private Cloud, it's a virtual private network and can be isolated from other virtual networks on your AWS accounts, with the benefits of using the scalable infrastructure of AWS.

In this session, I'll demonstrate how to set up our VPC on your AWS account. Let us assume I want to launch two EC2 instances, one for the Application server which will be accessed over the internet and the second one will be the Database server.

The application instance will be connected to the database instance internally using VPC subnet and also don’t want to allow DB instance to be accessed over the internet.

Here is an overview of the VPC you will create:Amazon VPC

Know Few Terms to Create a Virtual Private Cloud (VPC)

  • Area: AWS Region is an independent assortment of AWS computing tools in specified geography. Each AWS Region includes multiple, isolated places called Availability Zones.
  • Public Subnet: A logical subnet whose case can be accessible over the world wide web directly.
  • Private Subnet: A logical subnet whose case can't be available over the internet directly.
  • Security Group: A Security group functions as a digital firewall to the case to control inbound and outbound traffic.
  • Network ACL: The access control list (ACL) is an optional layer of protection for the VPC that serves as a firewall for controlling traffic in and from one or more subnets.
  • Route Table: A path table includes a set of principles, known as paths, which are utilized to ascertain where network traffic is guided.
  • Internet gateway:  Internet gateway is a horizontally scaled, simple, and highly accessible VPC component which enables communication between cases on your VPC and the world wide web.

What are We Going to Cover in this Session?

In this session, you won't just learn how to make Amazon Virtual Private Cloud (VPC) but also the way to establish a frontend and backend server. In brief, you may learn to

  • Create a Virtual Private Cloud (VPC)
  • Create a Public Subnet
  • Create a Public Subnet
  • Create an Internet Gateway
  • Create Route Tables and Routes
  • Create a Security Group for the Database server and App server
  • Launch APP and DB Server Instance in your VPC

Step 1: Create a Virtual Private Cloud (VPC)

In this step, we will create VPC

In the AWS Management Console, on the search bar, type VPC, from the drop-down click on VPC.

From the navigation pane on the left side, click on Your VPCs on the VPC dashboard.

Its recommended not to delete any of the existing VPC, Subnets, Route Tables, Internet Gateways, Security Groups, and Network ACLs.

amazon vpc dashboard

Okay, let’s proceed to create a new VPC for our lab.

Click on Create VPC

In the Create VPC put the following

  • Name Tag: Name of your VPC (geeksradar-VPC)
  • IPv4 CIDR block: 172.16.0.0/16
  • IPv6 CIDR block: choose No IPv6 CIDR block
  • Tenancy: Default

After this click on Create

amazon vpc create vpc

Step 2: Create a Public Subnet

In this step, we will create a public subnet to launch our frontend application server

In the Navigation pane on the left, click Subnets

Click Create Subnet

In the Create Subnet window configure the following:

  • Name tag: Name of your public subnet (geeksradar-subnet-public)
  • VPC: geeksradar-VPC
  • Availability Zone: Select the first one in the list ap-south-1a
  • IPv4 CIDR block: 172.16.1.0/24

Click on Create

Amazon VPC - Create Subnet

Right click on the Public Subnet and click on Modify auto-assign IP settings

Amazon VPC - Auto Assign IP

Check the Auto-assign IPv4 and click on Save

Amazon VPC - Auto Assign IP

Step 3: Create a Private Subnet

In this step, we will create a public subnet to launch our backend database server

In the Navigation panel on the left, click Subnets

Click Create Subnet

In the Create Subnet window configure the following:

  • Name tag: Name of your private subnet (geeksradar-subnet-private)
  • VPC: geeksradar-VPC
  • Availability Zone: Select the first one in the list ap-south-1a
  • IPv4 CIDR block: 172.16.2.0/24

Click on Create

Amazon VPC - Create Subnet

Step 4: Create an Internet Gateway

In the navigation pane on the left, click on Internet Gateways.

Create an Internet Gateway by configuring the following:

Click Create Internet Gateway

Name tag: Name of the Internet Gateway (geeksradar-IGW)

Click on Create

Amazon VPC - Internet Gateway

Once the Internet gateway is created, attached it to your VPC, Select and Right Click Your Internet gateway and then Select the “Attach to VPC” option. Select the VPC and click on Attach.

This will attach the Internet Gateway to your VPC.

Amazon VPC - Attach to VPC

Step 5: Create Route Tables and Routes

In the navigation pane on the left, click Route Tables.

Now click on Create route table and configure the following

  • Name tag: Name of the route table (geeksradar-RT)
  • VPC: Select your VPC (geeksradar-VPC)

Amazon VPC - create route table

Now Click on the Routes tab.

Notice that there is one route in your route table that is associated with your default network. This route allows traffic from the 172.16.0.0/16 network to pass to other nodes within the network, but it does not allow traffic to go outside of the network.

Amazon VPC - Edit Routes

Click on Edit routes and configure the following

Click on Add route, enter 0.0.0.0/0 and select the Internet Gateway created in the previous step.

Here the 0.0.0.0/0 means that this route will provide access from anywhere.

Amazon VPC - Edit routes

As of now, we have created an Internet Gateway and Route table but we haven’t associated with Subnet. For connecting it to Subnet click on Subnet Associations and choose Edit subnet associations

Choose the Public subnet (geeksradar-subnet-public) and Click on Save.

Amazon VPC - Subnet associations

As of now, we have created the following things

  • VPC
  • Two Subnets (Public and Private)
  • Internet Gateway attached with VPC
  • Custom Route attached to the public subnet

Now our Network is ready but we have to secure our system and for that, we will add two security group. One for the private instance (for Database servers) and one for the public instance (Internet facing App server)

Step 6: Create a Security Group for the Database server and App server

To create security groups we will go to the EC2 services so click on Services and select EC2.

Form the navigation panel click on the Security Group and then click on Create Security Group

In the Create Security Group window, configure the following:

For Database Server

  • Security group name: Name of the security group (geeksradar-SG-Database)
  • Description: Database Server
  • VPC: Choose the VPC (geeksradar-VPC)

Click on the Add Rule to add the rules (Please refer the below image to configure the rules)

Here we added two rules:

  • SSH from 172.16.1.0/24 (Public subnet only): This rule will only allow private subnet instances to get the SSH of the Database server.
  • All ICMP – IPv4 from 172.16.1.0/24: Only public subnet can ping the Database server

Amazon VPC - Database

For App Server

  • Security group name: Name of the security group (geeksradar-SG-appserver)
  • Description: app server
  • VPC: Choose the VPC (geeksradar-VPC)

Click on the Add Rule to add the rules (Please refer the below image to configure the rules)

Here we added two rules:

  • HTTP from 0.0.0.0/0 (anywhere): This will make the app server accessible from anywhere in the world.
  • All ICMP – IPv4 from 0.0.0.0/0: Enables the ping from anywhere in the world.
  • SSH from 0.0.0.0/0 (anywhere): This will provide SSH access to the app server from anywhere.

Note: For the tutorial purpose only we are providing SSH access from anywhere but we will recommend you to use private IP address for any real life implementation.

Amazon VPC - Private

Our security groups are created and now for checking the setup we will launch two instances, one for the App server and one for the Database server

Step 7: Launch APP and DB Server Instance in your VPC

For App server

On the Services menu, click EC2.

Click Launch Instance.

Choose Red Hat Enterprise Linux 7.5 (HVM) (choose free tier eligible AMI)

Amazon VPC - App Server AMI

On 2. Choose Instance Type, click Next: Configure Instance Details.

On 3. Configure Instance Details, configure the following:

  • Network: Select geeksradar-VPC
  • Subnet: geeksradar-subnet-public
  • Auto-assign Public IP: Enable

Amazon VPC - Configure Instance

Click Next: Add Storage.

On 4. Add Storage, click Next: Add Tags.

On 5. Add Tags, click Add Tag and configure the following:

  • Key: Name
  • Value: App server

Click Next: Configure Security Group.

On 6. In Configure Security Group, configure the following:

Click Select an existing security group

Click the geeksradar-SG-appserver security group

Click Review and Launch

Amazon VPC - Configure Security App Server

At the Warning screen, click Continue.

On 7. Review, configure the following:

Review the settings

Click Launch

On the Select an existing key pair or create a new key pair window, configure the following:

Click the I acknowledge that … checkbox

Click Launch Instances

Amazon VPC - Appserver Key

Click View Instances.

This brings you to the Instances window, where you can watch your app server launch and view its details.

Now we will launch our Database server by following the same procedure but in private subnet with private security group (geeksradar-SG-database)

Click Launch Instance.

Choose Red Hat Enterprise Linux 7.5 (HVM) (choose free tier eligible AMI)

On 2. Choose Instance Type, click Next: Configure Instance Details.

On 3. Configure Instance Details, configure the following:

  • Network: Select geeksradar-VPC
  • Subnet: geeksradar-subnet-private
  • Auto-assign Public IP: Disable

Amazon VPC - Database Server

Click Next: Add Storage.

On 4. Add Storage, click Next: Add Tags.

On 5. Add Tags, click Add Tag and configure the following:

  • Key: Name
  • Value: Database server

Click Next: Configure Security Group.

On 6. Configure Security Group, configure the following:

Click Select an existing security group

Click the geeksradar-SG-Database security group

Click Review and Launch

Amazon VPC - Security Database Server

At the Warning screen, click Continue.

On 7. Review, configure the following:

Review the settings

Click Launch

On the Select an existing key pair or create a new key pair window, configure the following:

Click the I acknowledge that … checkbox

Click Launch Instances

Click View Instances.

Wait for your database server to fully launch. It should display the following:

  • Instance State: running
  • Status Checks: 2/2 Checks

You can click the refresh icon to refresh your instance status.

Amazon VPC - EC2 Console

Now our servers are created so its time to check the system. In the above image, you can see that a public IP is assigned to the app server that’s why its accessible from anywhere but the database server has a private IP address, and it will be available within the VPC. It means we can access the database server from only from the app server.

let’s try to SSH App Server with its Public IP. Here we are using ZOC terminal but you can use any SSH tool like putty, KiTTY (Linux), iTerm (Mac).

For login into the instance, first of go to the EC2 dashboard and copy the public IP address of the App server. Start the ZOC, go to File > Quick Connection and paste the copied IP in the Connect to the tab. Set the port name 22 and put “ec2-user” in username tab(leave the password section blank as we are signing with SSH key). Now browse the SSH key which we had downloaded.

Amazon VPC - SSH

Click on connect, and Now you can see the Red Hat prompt.

Amazon VPC - Appserver Terminal

Now try to ping the Database server from the App server by using the private IP of the Database server. For getting the private IP of the go to EC2 console and click on Database server, here you can see the private IP of the server.

Amazon VPC - Databse IP

Here key pair is required to access the database server from the app server. We will transfer the key pair from our local machine to app server by using any SCP client (Here we are using WinSCP)

Amazon VPC - Terminal

Now you can see that we can SSH on database server from the app server, It means our VPC is working correctly.

That is all for this session and expect you guys got a notion how set up your own VPC on your AWS account. Please do not hesitate to share your comments and opinions.

LEAVE A REPLY

Please enter your comment!
Please enter your name here