If you want to learn AWS, then VPC is the first starting place for beginners. In my previous article, I described the AWS core networking with architecture in detail. Here I will show you, How we can create AWS VPC with Public and Private subnets, Internet Gateway, Route Tables and enable outbound internet access from the private subnets through a NAT (Network Address Translation) Gateway.
AWS recently launched a New VPC Wizard to create all VPC-related resources using a single page with a graphical interface. Let’s understand the AWS components
AWS VPC (Virtual Private Cloud)
VPC is a virtual private cloud. it’s a virtual dedicated private network for your AWS account. That means this network is completely owned by you and you decide what AWS resources have to be launched inside this VPC, and who can access resources launched inside this network. The resources could be any like EC2, ECS container instances, Lambda functions, RDS database instances, Redis, etc.
For more information on AWS VPC see https://docs.aws.amazon.com/vpc/latest/userguide/what-is-amazon-vpc.html
Public & Private subnets with Route Table
What are Public subnets?
A subnet is called a public subnet when the traffic routes through an Internet Gateway (IGW) attached to the VPC.
What are Private subnets?
A subnet is called a private subnet when the traffic doesn’t route through an IGW, however, using Network Address Translation (NAT) Gateway located in a public subnet, you can enable outbound internet access from a private subnet.
For more information on AWS subnets see https://docs.aws.amazon.com/vpc/latest/userguide/configure-subnets.html
Route Tables include the rules (routes) that decide how the network traffic will be routed within your VPC and subnet. One Route Table is associated or linked with each subnet.
An internet gateway (IGW) is a VPC component through which resources from your public subnet VPC can communicate with the internet. It is horizontally scaled, redundant, and highly available. It supports IPv4 and IPv6 traffic.
For more information on AWS Internet Gateway see https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Internet_Gateway.html
NAT (or Network Address Translation) Gateway is a managed AWS service, Using this service, resources in a private subnet can connect to the outside service or your VPC. These private instances don’t allow any inbound traffic from the public Internet.
Follow these steps to create your VPC:
- Sign in to the AWS Management Console at https://aws.amazon.com/console/. If you don’t have an account yet click the Create a Free Account button and follow the prompts.
- Go to the VPC Service section and select Your VPCs in the left menu.
- Click Create VPC and select VPC and more :
- Name tag – By default it auto-generates but as a good practice, enter a name for the VPC (e.g. personal-vpc).
- IPv4 CIDR block – Enter a CIDR block to specify the IP address range available for the VPC. If you’re not sure what to put you can enter 10.0.0.0/16 which specifies the IP address range from 10.0.0.0 to 10.0.255.255, giving your VPC up to 65,536 IP addresses.
- IPv6 CIDR block – No IPv6 CIDR block.
- Tenancy – Default.
Create Public and Private Subnets with a Route Table in 2 Availability Zone i.e us-east-1a & us-east-1b.
Number of Availability Zones (AZs) – Choose the number of AZs in which to provision subnets. We recommend at least two AZs for high availability.
Customize AZs – You can change the availability zone as per your requirement, by default it is us-east-1a & us-east-1b
Number of public subnets – 2
Number of private subnets – 2
Customize subnets CIDR blocks: You can customize your subnet CIDR range by default
Public subnet CIDR block in us-east-1a 10.0.0.0/20 provides 4096 IPs
Public subnet CIDR block in us-east-1b 10.0.16.0/20 provides 4096 IPs
Private subnet CIDR block in us-east-1a 10.0.128.0/20 provides 4096 IPs
Private subnet CIDR block in us-east-1b 10.0.144.0/20 provides 4096 IPs
Internet Gateway & Route Table will automatically be created by AWS VPC’s new Wizard
NAT gateways – Choose the number of Availability Zones (AZs) in which to create NAT gateways. I have selected In 1 AZ
VPC endpoints – None
Enable DNS hostnames – Yes
Enable DNS resolution – Yes
Additional tags – Add tags to the VPC and all resources within the VPC. Do not set the Name tag here.