Welcome to a comprehensive guide on setting up a Virtual Private Cloud (VPC) with public and private subnets in AWS. This tutorial is designed for individuals looking to understand and implement the basic network architecture within AWS to support various applications securely and robustly.
First things first, lets start with a brief introduction.
What is a VPC?
A Virtual Private Cloud (VPC) is a virtual network dedicated to your AWS account. It is logically isolated from other virtual networks in the AWS Cloud. Within a VPC, you can define your own IP address range, create subnets, configure route tables, and network gateways, providing flexibility as well as security.
Public vs. Private Subnets
Public Subnet:
These are subnets with a route to the Internet through an Internet Gateway (IGW), making them accessible from the Internet. They are typically used to host external-facing resources, like web servers.Private Subnet:
These subnets do not have a direct route to the Internet and are used for backend systems that should not be directly accessed from the outside world.
Internet Gateway (IGW)
An Internet Gateway is a VPC component that allows communication between your VPC and the Internet. Attaching an IGW to VPC is essential for public subnet to communicate with the Internet.
In this tutorial, we will walk through the process of setting up this network structure using both the AWS Management Console and the AWS CLI. This dual approach helps illustrate the underlying processes and allows you to choose the method that best fits your working style.
Using the AWS Management Console
We'll start by demonstrating each step with the AWS Management Console, providing screenshots to guide you through each part of the process. This method is especially helpful for those who prefer a visual interface and are newer to AWS.
- First type VPC, in the search box and select it.
- then select create VPC
- Select VPC and more. Previously it used to be only VPC, but with this option we can create subnets, IGW within the same configuration
choose no. of AZs, the public and private subnet changes automatically based on this but you can manually select as well.
- In the side preview you can see what resources are going to be created.
- Leave the remaining options default and select "create VPC" button at the bottom
after few seconds, your VPC will be created.
- After you select the view VPC, you can see the resource map
Using the AWS CLI
Following that, we will replicate the setup using the AWS CLI, which is ideal for those who prefer script-based configurations or need to automate their setup processes.
- Create the VPC First, create a VPC with a 10.1.0.0/16 CIDR block:
aws ec2 create-vpc --cidr-block 10.1.0.0/16
This command returns a VPC ID, which we will use in subsequent steps. Let's assume it returns vpc-0a1b2c3d4e5f67890.
- Create the Subnets Next, create the public and private subnets within this VPC.
Public Subnet:
aws ec2 create-subnet --vpc-id vpc-0a1b2c3d4e5f67890 --cidr-block 10.1.1.0/24 --availability-zone us-east-1a
This command returns a Subnet ID for the public subnet, assume it’s subnet-1234567890abcdef0.
Private Subnet:
aws ec2 create-subnet --vpc-id vpc-0a1b2c3d4e5f67890 --cidr-block 10.1.2.0/24 --availability-zone us-east-1a
Assume the returned Subnet ID for the private subnet is subnet-0987654321fedcba0.
- Create an Internet Gateway Create an Internet Gateway and attach it to your VPC:
aws ec2 create-internet-gateway
This command returns an Internet Gateway ID, let's say it's igw-0123456789abcdef0.
- Attach the Internet Gateway to the VPC:
aws ec2 attach-internet-gateway --vpc-id vpc-0a1b2c3d4e5f67890 --internet-gateway-id igw-0123456789abcdef0
- Configure Route Tables Create a route table for the public subnet and configure it to route traffic to the Internet Gateway.
aws ec2 create-route-table --vpc-id vpc-0a1b2c3d4e5f67890
Assume the returned Route Table ID is rtb-02468acefdb97531.
- Create Route to Internet Gateway:
aws ec2 create-route --route-table-id rtb-02468acefdb97531 --destination-cidr-block 0.0.0.0/0 --gateway-id igw-0123456789abcdef0
- Associate the Route Table with the Public Subnet:
aws ec2 associate-route-table --subnet-id subnet-1234567890abcdef0 --route-table-id rtb-02468acefdb97531
For the private subnet, we do not need to route traffic to the Internet Gateway, but we may want to create a separate route table if required for specific network rules or future modifications.
Conclusion
These CLI commands and console process will create a VPC with a public and private subnet setup, where the public subnet has internet access via an Internet Gateway. This setup is fundamental for many applications and services hosted on AWS.
This post will be extremely beneficial for those new to AWS and those needing a refresher on setting up a VPC properly :)