As you know, AWS automatically creates a default VPC (Virtual Private Cloud) with default subnets on successful creation of your AWS account and further allow you to provision the resources such as EC2, RDS etc. within it without much worrying about your own virtual network setup.
The other type of VPC is called non-default VPC which allow you to create your own VPC with a specific CIDR range. The non-default VPC gives you full control to setup your own network infrastructure as per your need which default VPC doesn’t provide.
In this blog, we would discuss how to create and configure your own VPC as per below architecture diagram. To know more about VPC, refer Understanding VPC in AWS
Create Virtual Private Cloud (VPC)
Create VPC
Create a non-default VPC with CIDR 192.168.0.0/24 by singing-in to the AWS console (link)
The Create VPC page would be displayed. Now provide all the details and click on Create VPC
- Name Tag (Optional) – This is the name of your VPC
- IPv4 CIDR Block – This is mandatory. You need to provide a CIDR block for your VPC. Here, we would proceed with a CIDR 192.168.0.0/24. So that our VPC could provide 256 IPv4 addresses to provision different resources within it.
- IPv6 CIDR Block (Optional) – You could associate an IPv6 to your VPC. However, we would proceed without any IPv6 here
- Tenancy – It could be either default or dedicated. This provides an option to run instances on a single tenant, dedicated hardware.
Once the VPC is created, Amazon would automatically create the Route Table, Network ACL for your. The default and non-default VPC could be identified with parameter value Default VPC
Create Subnets
Here, we would now create two private subnets in two different availability zones. Public Subnet with CIDR 192.168.0.0/25 and Private Subnet with CIDR 192.168.0.128/25.
1. Go to VPC Dashboard and click on Create Subnet
- Name Tag (Optional) – This is name of your subnet
- VPC – This is mandatory. Select the VPC where you want to create the subnet
- Availability Zone – Select the AZ for your region to create subnet within it
- VPC CIDR – This would display the associated VPC CIDRs.
- IPv4 CIDR Block – Provide a CIDR for your subnet
Here, select the VPC that we created recently
Public Subnet: CIDR 192.168.0.0/25, AZ: us-east-1a
Private Subnet: CIDR 192.168.0.128/25, AZ: us-east-1b
Create Internet Gateway (igw)
Here, we would create an Internet Gateway (igw) and would attach it to the non-default primary VPC.
1. Go to VPC Dashboard and click on Create Internet Gateway
Once the igw is created. The status of the igw would show you as detached. Now you need to attach the igw with your primary VPC
Attach igw to your VPC
Select your igw and click on Action to opt for Attach to VPC
Once the igw is attached to your VPC, we would proceed to create one Route Table
Create Route Table
1. Go to VPC Dashboard and click on Create Route Table
By clicking on create, the custom route table would be created.
Now to enable internet 0.0.0.0/0, you need to add a route to your custom route table.
Select your custom route table, then go to Routes and then click on Edit
In Destination, provide the CIDR for internet [0.0.0.0/0] and in target, provide your igw and then click on save routes
Configure Subnets route table
Now, we need to configure the route table for two of the subnets. As per architecture diagram, public subnet would associate with “Custom Route Table” and private subnet with “Main Route Table”
Route Table association for “Public Subnet”
1. Go to VPC Dashboard and select your subnet
2. Go to Route Table and click on Edit route table association
As of not, you could see the public subnet has been associated with main route table. We need to update this to custom route table.
Click on Edit to proceed further and then click on Save
After saving this change, the Public Subnetwould be associated with custom route table.
Route Table association for “Private Subnet”
We don’t need to do anything here. As per architecture, the private subnet has already associated with main route table.
So now, we are done with VPC, Subnet, IGW, Route table creation and configuration. In next section, we would launch EC2 and would verify the connection to internet
Launch EC2 in VPC Subnets
Here, we would launch two EC2’s in two different subnets. Refer How to Launch an Amazon EC2 to create an EC2 in AWS
Launch EC2 in “Public Subnet”
Launch EC2 in “Private Subnet”
Now connect to your EC2 in Public Subnet using SSH.
Verify the internet connection from the instance
As we verified, as per the route table configuration with internet gateway and subnet association to “Public Subnet” and the instance is able to connect to the internet.
Connect to EC2 hosted in private subnet “Private Subnet” and try accessing internet from it
As expected the EC2 in private subnet could not establish the connection to internet. However, the EC2 would be able to communicate within VPC.
I hope this blog helps to get started with your own Virtual Private Cloud in AWS. Please comment below for any questions related to this blog.