AWS Tutorials

Hands-on: Create custom VPC, Deploy public & private EC2

Hands-on: Create Custom VPC and Deploy Public & Private EC2 Instances

Hands-on: Create Custom VPC, Deploy Public & Private EC2 

Amazon Web Services (AWS) provides a robust platform for cloud networking and computing resources. One of the foundational services in AWS is the Virtual Private Cloud (VPC), which allows you to create isolated networks and control network configurations for your cloud resources. In this detailed hands-on tutorial, we will cover the complete process of creating a custom VPC, configuring public and private subnets, route tables, security groups, and launching EC2 instances in both public and private networks.

1. Introduction to AWS VPC

A VPC is a logically isolated network within the AWS cloud where you can launch AWS resources. Each VPC can have multiple subnets, internet gateways, NAT gateways, route tables, and security configurations to define how resources communicate internally and externally.

Components of AWS VPC

  • Subnets: Segments of the VPC's IP address range. Can be public or private.
  • Internet Gateway (IGW): Allows communication between the VPC and the internet.
  • NAT Gateway: Enables private subnets to access the internet without exposing them publicly.
  • Route Tables: Define how traffic is directed within the VPC and outside networks.
  • Security Groups: Virtual firewalls controlling inbound and outbound traffic for EC2 instances.

2. Planning Your Custom VPC

Before creating a VPC, it is important to plan your network carefully. Consider the following:

  • VPC CIDR block (e.g., 10.0.0.0/16)
  • Public subnet CIDR block (e.g., 10.0.1.0/24)
  • Private subnet CIDR block (e.g., 10.0.2.0/24)
  • Regions and availability zones
  • Internet connectivity requirements

3. Creating a Custom VPC in AWS

Follow these steps to create a custom VPC using the AWS Management Console:

Step 1: Create a VPC


1. Sign in to AWS Management Console.
2. Navigate to VPC Dashboard > VPCs > Create VPC.
3. Select VPC only.
4. Enter the following:
   - Name tag: MyCustomVPC
   - IPv4 CIDR block: 10.0.0.0/16
5. Click Create VPC.

Step 2: Create Public and Private Subnets


1. Go to Subnets > Create Subnet.
2. Select the VPC: MyCustomVPC
3. For public subnet:
   - Name: PublicSubnet
   - Availability Zone: us-east-1a
   - CIDR block: 10.0.1.0/24
4. For private subnet:
   - Name: PrivateSubnet
   - Availability Zone: us-east-1a
   - CIDR block: 10.0.2.0/24
5. Click Create Subnet for both.

Step 3: Configure an Internet Gateway


1. Go to Internet Gateways > Create Internet Gateway.
2. Name tag: MyIGW
3. Click Create Internet Gateway.
4. Attach IGW to your VPC:
   - Select MyIGW > Actions > Attach to VPC > Choose MyCustomVPC
5. Click Attach.

Step 4: Create Route Tables

Route tables direct traffic from subnets to other networks or the internet.

Public Route Table


1. Navigate to Route Tables > Create Route Table.
2. Name tag: PublicRouteTable
3. Select VPC: MyCustomVPC
4. Click Create
5. Associate public subnet:
   - Select PublicRouteTable > Subnet Associations > Edit
   - Check PublicSubnet
   - Save
6. Add a route to the Internet Gateway:
   - Select Routes > Edit Routes > Add route
   - Destination: 0.0.0.0/0
   - Target: MyIGW
   - Save routes

Private Route Table


1. Create another route table: PrivateRouteTable
2. Name tag: PrivateRouteTable
3. Select VPC: MyCustomVPC
4. Associate private subnet:
   - Subnet Associations > Edit
   - Check PrivateSubnet
   - Save
5. Do not add internet gateway for private subnet

Step 5: Configure NAT Gateway (Optional for Private Subnet Internet Access)


1. Navigate to NAT Gateways > Create NAT Gateway
2. Select Public Subnet: PublicSubnet
3. Allocate Elastic IP: Click Allocate New EIP
4. Click Create NAT Gateway
5. Update PrivateRouteTable:
   - Routes > Edit routes
   - Add route: Destination 0.0.0.0/0, Target: NAT Gateway
   - Save

4. Security Groups Configuration

Security groups act as virtual firewalls controlling inbound and outbound traffic for EC2 instances.

Create a Security Group for Public EC2


1. Navigate to Security Groups > Create Security Group
2. Name: PublicSG
3. VPC: MyCustomVPC
4. Inbound rules:
   - Type: SSH, Protocol: TCP, Port Range: 22, Source: Your IP
   - Type: HTTP, Protocol: TCP, Port Range: 80, Source: 0.0.0.0/0
5. Outbound rules:
   - Allow all traffic
6. Create security group

Create a Security Group for Private EC2


1. Create Security Group: PrivateSG
2. VPC: MyCustomVPC
3. Inbound rules:
   - Type: SSH, Protocol: TCP, Port Range: 22, Source: PublicSubnet IP or VPN
4. Outbound rules:
   - Allow all traffic
5. Create security group

5. Launching EC2 Instances

Step 1: Launch Public EC2


1. Navigate to EC2 Dashboard > Launch Instances
2. Choose AMI: Amazon Linux 2
3. Instance type: t2.micro
4. Network: MyCustomVPC
5. Subnet: PublicSubnet
6. Auto-assign Public IP: Enable
7. Security group: PublicSG
8. Launch instance

Step 2: Launch Private EC2


1. Navigate to EC2 Dashboard > Launch Instances
2. Choose AMI: Amazon Linux 2
3. Instance type: t2.micro
4. Network: MyCustomVPC
5. Subnet: PrivateSubnet
6. Auto-assign Public IP: Disable
7. Security group: PrivateSG
8. Launch instance

6. Testing Connectivity

  • Public EC2: SSH using public IP from your local machine.
  • Private EC2: SSH via Bastion host in public subnet or through VPN.
  • Verify internet connectivity from public EC2.
  • Verify private EC2 can access internet if NAT Gateway is configured.

7. EC2

  • Use multiple availability zones for high availability.
  • Enable CloudTrail and VPC Flow Logs for auditing and monitoring.
  • Use least privilege security group rules.
  • Separate public and private subnets for enhanced security.
  • Consider using AWS Systems Manager for private EC2 management.

In this tutorial, we have covered a complete hands-on guide to creating a custom VPC in AWS, setting up public and private subnets, configuring route tables, security groups, and deploying EC2 instances. This setup provides a secure and scalable environment for deploying cloud applications, ensuring that public-facing instances are separated from private internal resources.

logo

AWS

Beginner 5 Hours
Hands-on: Create Custom VPC and Deploy Public & Private EC2 Instances

Hands-on: Create Custom VPC, Deploy Public & Private EC2 

Amazon Web Services (AWS) provides a robust platform for cloud networking and computing resources. One of the foundational services in AWS is the Virtual Private Cloud (VPC), which allows you to create isolated networks and control network configurations for your cloud resources. In this detailed hands-on tutorial, we will cover the complete process of creating a custom VPC, configuring public and private subnets, route tables, security groups, and launching EC2 instances in both public and private networks.

1. Introduction to AWS VPC

A VPC is a logically isolated network within the AWS cloud where you can launch AWS resources. Each VPC can have multiple subnets, internet gateways, NAT gateways, route tables, and security configurations to define how resources communicate internally and externally.

Components of AWS VPC

  • Subnets: Segments of the VPC's IP address range. Can be public or private.
  • Internet Gateway (IGW): Allows communication between the VPC and the internet.
  • NAT Gateway: Enables private subnets to access the internet without exposing them publicly.
  • Route Tables: Define how traffic is directed within the VPC and outside networks.
  • Security Groups: Virtual firewalls controlling inbound and outbound traffic for EC2 instances.

2. Planning Your Custom VPC

Before creating a VPC, it is important to plan your network carefully. Consider the following:

  • VPC CIDR block (e.g., 10.0.0.0/16)
  • Public subnet CIDR block (e.g., 10.0.1.0/24)
  • Private subnet CIDR block (e.g., 10.0.2.0/24)
  • Regions and availability zones
  • Internet connectivity requirements

3. Creating a Custom VPC in AWS

Follow these steps to create a custom VPC using the AWS Management Console:

Step 1: Create a VPC


1. Sign in to AWS Management Console.
2. Navigate to VPC Dashboard > VPCs > Create VPC.
3. Select VPC only.
4. Enter the following:
   - Name tag: MyCustomVPC
   - IPv4 CIDR block: 10.0.0.0/16
5. Click Create VPC.

Step 2: Create Public and Private Subnets


1. Go to Subnets > Create Subnet.
2. Select the VPC: MyCustomVPC
3. For public subnet:
   - Name: PublicSubnet
   - Availability Zone: us-east-1a
   - CIDR block: 10.0.1.0/24
4. For private subnet:
   - Name: PrivateSubnet
   - Availability Zone: us-east-1a
   - CIDR block: 10.0.2.0/24
5. Click Create Subnet for both.

Step 3: Configure an Internet Gateway


1. Go to Internet Gateways > Create Internet Gateway.
2. Name tag: MyIGW
3. Click Create Internet Gateway.
4. Attach IGW to your VPC:
   - Select MyIGW > Actions > Attach to VPC > Choose MyCustomVPC
5. Click Attach.

Step 4: Create Route Tables

Route tables direct traffic from subnets to other networks or the internet.

Public Route Table


1. Navigate to Route Tables > Create Route Table.
2. Name tag: PublicRouteTable
3. Select VPC: MyCustomVPC
4. Click Create
5. Associate public subnet:
   - Select PublicRouteTable > Subnet Associations > Edit
   - Check PublicSubnet
   - Save
6. Add a route to the Internet Gateway:
   - Select Routes > Edit Routes > Add route
   - Destination: 0.0.0.0/0
   - Target: MyIGW
   - Save routes

Private Route Table


1. Create another route table: PrivateRouteTable
2. Name tag: PrivateRouteTable
3. Select VPC: MyCustomVPC
4. Associate private subnet:
   - Subnet Associations > Edit
   - Check PrivateSubnet
   - Save
5. Do not add internet gateway for private subnet

Step 5: Configure NAT Gateway (Optional for Private Subnet Internet Access)


1. Navigate to NAT Gateways > Create NAT Gateway
2. Select Public Subnet: PublicSubnet
3. Allocate Elastic IP: Click Allocate New EIP
4. Click Create NAT Gateway
5. Update PrivateRouteTable:
   - Routes > Edit routes
   - Add route: Destination 0.0.0.0/0, Target: NAT Gateway
   - Save

4. Security Groups Configuration

Security groups act as virtual firewalls controlling inbound and outbound traffic for EC2 instances.

Create a Security Group for Public EC2


1. Navigate to Security Groups > Create Security Group
2. Name: PublicSG
3. VPC: MyCustomVPC
4. Inbound rules:
   - Type: SSH, Protocol: TCP, Port Range: 22, Source: Your IP
   - Type: HTTP, Protocol: TCP, Port Range: 80, Source: 0.0.0.0/0
5. Outbound rules:
   - Allow all traffic
6. Create security group

Create a Security Group for Private EC2


1. Create Security Group: PrivateSG
2. VPC: MyCustomVPC
3. Inbound rules:
   - Type: SSH, Protocol: TCP, Port Range: 22, Source: PublicSubnet IP or VPN
4. Outbound rules:
   - Allow all traffic
5. Create security group

5. Launching EC2 Instances

Step 1: Launch Public EC2


1. Navigate to EC2 Dashboard > Launch Instances
2. Choose AMI: Amazon Linux 2
3. Instance type: t2.micro
4. Network: MyCustomVPC
5. Subnet: PublicSubnet
6. Auto-assign Public IP: Enable
7. Security group: PublicSG
8. Launch instance

Step 2: Launch Private EC2


1. Navigate to EC2 Dashboard > Launch Instances
2. Choose AMI: Amazon Linux 2
3. Instance type: t2.micro
4. Network: MyCustomVPC
5. Subnet: PrivateSubnet
6. Auto-assign Public IP: Disable
7. Security group: PrivateSG
8. Launch instance

6. Testing Connectivity

  • Public EC2: SSH using public IP from your local machine.
  • Private EC2: SSH via Bastion host in public subnet or through VPN.
  • Verify internet connectivity from public EC2.
  • Verify private EC2 can access internet if NAT Gateway is configured.

7. EC2

  • Use multiple availability zones for high availability.
  • Enable CloudTrail and VPC Flow Logs for auditing and monitoring.
  • Use least privilege security group rules.
  • Separate public and private subnets for enhanced security.
  • Consider using AWS Systems Manager for private EC2 management.

In this tutorial, we have covered a complete hands-on guide to creating a custom VPC in AWS, setting up public and private subnets, configuring route tables, security groups, and deploying EC2 instances. This setup provides a secure and scalable environment for deploying cloud applications, ensuring that public-facing instances are separated from private internal resources.

Related Tutorials

Frequently Asked Questions for AWS

An AWS Region is a geographical area with multiple isolated availability zones. Regions ensure high availability, fault tolerance, and data redundancy.

AWS EBS (Elastic Block Store) provides block-level storage for use with EC2 instances. It's ideal for databases and other performance-intensive applications.



  • S3: Object storage for unstructured data.
  • EBS: Block storage for structured data like databases.

  • Regions are geographic areas.
  • Availability Zones are isolated data centers within a region, providing high availability for your applications.

AWS pricing follows a pay-as-you-go model. You pay only for the resources you use, with options like on-demand instances, reserved instances, and spot instances to optimize costs.



AWS S3 (Simple Storage Service) is an object storage service used to store and retrieve any amount of data from anywhere. It's ideal for backup, data archiving, and big data analytics.



Amazon RDS (Relational Database Service) is a managed database service supporting engines like MySQL, PostgreSQL, Oracle, and SQL Server. It automates tasks like backups and updates.



  • Scalability: Resources scale based on demand.
  • Cost-efficiency: Pay-as-you-go pricing.
  • Global Reach: Availability in multiple regions.
  • Security: Advanced encryption and compliance.
  • Flexibility: Supports various workloads and integrations.

AWS Auto Scaling automatically adjusts the number of compute resources based on demand, ensuring optimal performance and cost-efficiency.

The key AWS services include:


  • EC2 (Elastic Compute Cloud) for scalable computing.
  • S3 (Simple Storage Service) for storage.
  • RDS (Relational Database Service) for databases.
  • Lambda for serverless computing.
  • CloudFront for content delivery.

AWS CLI (Command Line Interface) is a tool for managing AWS services via commands. It provides scripting capabilities for automation.

Amazon EC2 is a web service that provides resizable compute capacity in the cloud. It enables you to launch virtual servers and manage your computing resources efficiently.

AWS Snowball is a physical device used for data migration. It allows organizations to transfer large amounts of data into AWS quickly and securely.

AWS CloudWatch is a monitoring service that collects and tracks metrics, logs, and events, helping you gain insights into your AWS infrastructure and applications.



AWS (Amazon Web Services) is a comprehensive cloud computing platform provided by Amazon. It offers on-demand cloud services such as compute power, storage, databases, networking, and more.



Elastic Load Balancer (ELB) automatically distributes incoming traffic across multiple targets (e.g., EC2 instances) to ensure high availability and fault tolerance.

Amazon VPC (Virtual Private Cloud) allows you to create a secure, isolated network within the AWS cloud, enabling you to control IP ranges, subnets, and route tables.



Route 53 is a scalable DNS (Domain Name System) web service by AWS. It connects user requests to your applications hosted on AWS resources.

AWS CloudFormation is a service that enables you to manage and provision AWS resources using infrastructure as code. It automates resource deployment through JSON or YAML templates.



AWS IAM (Identity and Access Management) allows you to control access to AWS resources securely. You can define user roles, permissions, and policies to ensure security and compliance.



  • EC2: Provides virtual servers for full control of your applications.
  • Lambda: Offers serverless computing, automatically running your code in response to events without managing servers.

Elastic Beanstalk is a PaaS (Platform as a Service) offering by AWS. It simplifies deploying and managing applications by automatically handling infrastructure provisioning and scaling.



Amazon SQS (Simple Queue Service) is a fully managed message queuing service that decouples and scales distributed systems.

AWS ensures data security through encryption (both at rest and in transit), compliance with standards (e.g., ISO, SOC, GDPR), and access controls using IAM.

AWS Lambda is a serverless computing service that lets you run code in response to events without provisioning or managing servers. You pay only for the compute time consumed.



AWS Identity and Access Management controls user access and permissions securely.

A serverless compute service running code automatically in response to events.

A Virtual Private Cloud for isolated AWS network configuration and control.

Automates resource provisioning using infrastructure as code in AWS.

A monitoring tool for AWS resources and applications, providing logs and metrics.

A virtual server for running applications on AWS with scalable compute capacity.

Distributes incoming traffic across multiple targets to ensure fault tolerance.

A scalable object storage service for backups, data archiving, and big data.

EC2, S3, RDS, Lambda, VPC, IAM, CloudWatch, DynamoDB, CloudFront, and ECS.

Tracks user activity and API usage across AWS infrastructure for auditing.

A managed relational database service supporting multiple engines like MySQL, PostgreSQL, and Oracle.

An isolated data center within a region, offering high availability and fault tolerance.

A scalable Domain Name System (DNS) web service for domain management.

Simple Notification Service sends messages or notifications to subscribers or other applications.

Brings native AWS services to on-premises locations for hybrid cloud deployments.

Automatically adjusts compute capacity to maintain performance and reduce costs.

Amazon Machine Image contains configuration information to launch EC2 instances.

Elastic Block Store provides block-level storage for use with EC2 instances.

Simple Queue Service enables decoupling and message queuing between microservices.

A serverless compute engine for containers running on ECS or EKS.

Manages and groups multiple AWS accounts centrally for billing and access control.

Distributes incoming traffic across multiple EC2 instances for better performance.

A tool for visualizing, understanding, and managing AWS costs and usage over time.

line

Mail us :

Address :

India
  • Facebook_logo
  • Instagram_logo
  • Linkedin_logo
  • X-twitter_logo
  • Youtube_logo
  • Pinterest_logo

Sub Categories

Copyrights © 2024 letsupdateskills All rights reserved