User-Friendly Guide to AWS VPC with Practical

What is VPC?

A Virtual Private Cloud (VPC) is a virtualized private cloud where all your devices operate on a specific or dedicated network. It is an isolated network, which is crucial for security.

In VPC, numerous important networking terms and concepts are utilized, such as “Subnets,” “NAT Gateway,” “Internet Gateway,” and “Route Tables.”

• If your public subnet has internet access, it indicates the presence of an Internet Gateway or external network accessing your internal network application. This implies public access, as the outside network connects to your subnets, hence the term “Public Subnet.”
• On the other hand, if there is no Internet Gateway, it signifies a private subnet.
• If you wish to access a private subnet using a public subnet, you employ a NAT Gateway, which is then attached to the private subnet.
• Gateways are not directly attached; they require a route table through which routes are defined for each subnet.

So as per below Image we are trying to implement AWS VPC Demo

1. Log in to your AWS account and search for the “VPC” service.

2. Then, you will see the “VPC Dashboard.” Also, I changed my region to “Ohio.”

3. So, let’s create a VPC. Click on “VPC.” There, you will see the default VPC; don’t touch it. Instead, click on “Create VPC.”

4. So, while creating the VPC, provide the “Name of the VPC.” Then, select the “IPv4 CIDR” block, which is essentially the range of IPs you will have. Choose “Tenancy” as “Default,” as dedicated tenancy incurs additional costs. Afterward, click on “Create.”

5. Now that our “VPC” is created, let’s proceed to create a “Public Subnet.” Click on “Subnets” and then on “Create Subnet.”

6. Then, select your “VPC” — I selected “test-VPC.” After that, provide a “Name,” select the “Region,” and specify the range for the “IPv4 subnet CIDR block.” For instance, starting from “10.0.0./16,” we can allocate “10.0.0.0/24,” which means assigning 256 IPs to this subnet from the available 65k. Finally, click on “Create.”

7. Now, let’s create an “EC2” instance. Choose the “Ubuntu” operating system, select the “Free Tier” instance type. In the “Network Settings,” click on the “Edit” button.

Then, select our “test-vpc,” choose our subnet, enable auto-assign public IP, open port 80 (HTTP), and create the instance.

8. Now, here’s what we’ve accomplished: we created our “VPC,” then crafted a “Subnet” within a specific “Availability Zone.” Subsequently, we generated a “Resource” within that subnet. This resource is now isolated, meaning that the outside network cannot access it, and the resource itself cannot access the outside network. This isolation is maintained within the VPC.

9. Now, if you attempt to connect to that instance, even though SSH is open, it remains inaccessible. This indicates that it is configured as private, ensuring restricted access.

10. Now, to make it public, let’s attach an “Internet Gateway” (IG) and a “Route Table” to it. Go back to the “VPC Dashboard,” navigate to “Internet Gateways,” and click on “Create Internet Gateway.” Provide a name and click on “Create.”

11. Now, we need to attach this “Internet Gateway” (IG) to our “VPC.” To do that, a pop-up will appear, click on “Attach to VPC,” then select our “test-vpc,” and click on “Attach.”

12. Now, this means our “Internet Gateway” (IG) is under our “VPC.” However, the “IG” and the “Public Subnet” are still not attached. For this, we need routing, so navigate to the “Route Table” option on the left side menu within the same window and click on it.

13. Now, click on “Create route table,” provide a “name,” select the associated “VPC,” and click on “Create.”

14. Now that we’ve created the “Internet Gateway” (IG) and “Route Table,” let’s specify what needs to be done. Click on “Subnet Associations” and then click on “Edit” to define the associations.

15. Now, associate the “Route Table” with the “Public Subnet.” Select the appropriate “Subnet” that you see in your dashboard and click on “Save.”

16. Now, the “Route Table” is attached to the “Public Subnet.” This configuration allows the subnet to use the specified routing rules, including the route to the Internet through the attached “Internet Gateway” (IG).

17. To define the route for the attached “Internet Gateway” (IG), click on “Edit Route,” then “Add route.” Select the destination as “0.0.0.0/0” and the target as your “Internet Gateway.” Finally, click on “Save.”

18. Now, in your “VPC,” the “Internet Gateway” (IG) is present, the “Route Table” is present, and the “Public Subnet” is there. All three components are appropriately attached. This means that when you connect to your “EC2” instance, it will establish a connection because you have granted “Internet Access” to it through this configuration.

19. Indeed, that encapsulates the concept of a “VPC” (Virtual Private Cloud) in AWS. It involves creating a secure and isolated network environment where you can deploy your resources, such as EC2 instances. By configuring subnets, route tables, and Internet Gateways, you can control access and connectivity, allowing for both private and public accessibility as per your requirements. This setup enhances security and flexibility in managing your cloud infrastructure.

20. That’s a useful tip! Indeed, tools like “cidr.xyz” can help you calculate the number of IP addresses in a given CIDR range quickly. It simplifies the process of understanding the address space and planning your network configurations effectively. Thanks for sharing this additional tip!

Conclusion:

In conclusion, a Virtual Private Cloud (VPC) in AWS provides a secure and isolated environment for deploying resources. By configuring components like Internet Gateways, Route Tables, and Subnets, users can control network access and connectivity. The concept involves creating private and public subnets, allowing for tailored security measures. Tools like “cidr.xyz” aid in efficiently calculating IP addresses within CIDR ranges, facilitating effective network planning.