Building Your First AWS VPC with Public and Private Subnets

Prakash Rao - Sep 16 - - Dev Community

Welcome to a comprehensive guide on setting up a Virtual Private Cloud (VPC) with public and private subnets in AWS. This tutorial is designed for individuals looking to understand and implement the basic network architecture within AWS to support various applications securely and robustly.

First things first, lets start with a brief introduction.

What is a VPC?

A Virtual Private Cloud (VPC) is a virtual network dedicated to your AWS account. It is logically isolated from other virtual networks in the AWS Cloud. Within a VPC, you can define your own IP address range, create subnets, configure route tables, and network gateways, providing flexibility as well as security.

Public vs. Private Subnets

  • Public Subnet:
    These are subnets with a route to the Internet through an Internet Gateway (IGW), making them accessible from the Internet. They are typically used to host external-facing resources, like web servers.

  • Private Subnet:
    These subnets do not have a direct route to the Internet and are used for backend systems that should not be directly accessed from the outside world.

Internet Gateway (IGW)
An Internet Gateway is a VPC component that allows communication between your VPC and the Internet. Attaching an IGW to VPC is essential for public subnet to communicate with the Internet.

In this tutorial, we will walk through the process of setting up this network structure using both the AWS Management Console and the AWS CLI. This dual approach helps illustrate the underlying processes and allows you to choose the method that best fits your working style.

Using the AWS Management Console

We'll start by demonstrating each step with the AWS Management Console, providing screenshots to guide you through each part of the process. This method is especially helpful for those who prefer a visual interface and are newer to AWS.

  • First type VPC, in the search box and select it.

Image description

  • then select create VPC

Image description

  • Select VPC and more. Previously it used to be only VPC, but with this option we can create subnets, IGW within the same configuration

Image description

  • choose a CIDR range
    Image description

  • choose no. of AZs, the public and private subnet changes automatically based on this but you can manually select as well.

Image description

  • In the side preview you can see what resources are going to be created.

Image description

  • Leave the remaining options default and select "create VPC" button at the bottom

Image description

  • It will start creating the resources based on selection
    Image description

  • after few seconds, your VPC will be created.

Image description

  • After you select the view VPC, you can see the resource map

Image description

Using the AWS CLI

Following that, we will replicate the setup using the AWS CLI, which is ideal for those who prefer script-based configurations or need to automate their setup processes.

  • Create the VPC First, create a VPC with a 10.1.0.0/16 CIDR block:
aws ec2 create-vpc --cidr-block 10.1.0.0/16
Enter fullscreen mode Exit fullscreen mode

This command returns a VPC ID, which we will use in subsequent steps. Let's assume it returns vpc-0a1b2c3d4e5f67890.

  • Create the Subnets Next, create the public and private subnets within this VPC.

Public Subnet:

aws ec2 create-subnet --vpc-id vpc-0a1b2c3d4e5f67890 --cidr-block 10.1.1.0/24 --availability-zone us-east-1a
Enter fullscreen mode Exit fullscreen mode

This command returns a Subnet ID for the public subnet, assume it’s subnet-1234567890abcdef0.

Private Subnet:

aws ec2 create-subnet --vpc-id vpc-0a1b2c3d4e5f67890 --cidr-block 10.1.2.0/24 --availability-zone us-east-1a
Enter fullscreen mode Exit fullscreen mode

Assume the returned Subnet ID for the private subnet is subnet-0987654321fedcba0.

  • Create an Internet Gateway Create an Internet Gateway and attach it to your VPC:
aws ec2 create-internet-gateway
Enter fullscreen mode Exit fullscreen mode

This command returns an Internet Gateway ID, let's say it's igw-0123456789abcdef0.

  • Attach the Internet Gateway to the VPC:
aws ec2 attach-internet-gateway --vpc-id vpc-0a1b2c3d4e5f67890 --internet-gateway-id igw-0123456789abcdef0
Enter fullscreen mode Exit fullscreen mode
  • Configure Route Tables Create a route table for the public subnet and configure it to route traffic to the Internet Gateway.
aws ec2 create-route-table --vpc-id vpc-0a1b2c3d4e5f67890

Enter fullscreen mode Exit fullscreen mode

Assume the returned Route Table ID is rtb-02468acefdb97531.

  • Create Route to Internet Gateway:
aws ec2 create-route --route-table-id rtb-02468acefdb97531 --destination-cidr-block 0.0.0.0/0 --gateway-id igw-0123456789abcdef0
Enter fullscreen mode Exit fullscreen mode
  • Associate the Route Table with the Public Subnet:
aws ec2 associate-route-table --subnet-id subnet-1234567890abcdef0 --route-table-id rtb-02468acefdb97531
Enter fullscreen mode Exit fullscreen mode

For the private subnet, we do not need to route traffic to the Internet Gateway, but we may want to create a separate route table if required for specific network rules or future modifications.

Conclusion
These CLI commands and console process will create a VPC with a public and private subnet setup, where the public subnet has internet access via an Internet Gateway. This setup is fundamental for many applications and services hosted on AWS.
This post will be extremely beneficial for those new to AWS and those needing a refresher on setting up a VPC properly :)

. . . . . .