Amazon VPC setup for production
This is the 2nd part of my previous blog
So now we will do a practical demonstration on VPC.
Step 1.
First create aws account on amzn.to/3dW7AsU
After that search for VPC in AWS services and click on VPC.
You can select different-2 regions according to your requirement.
Now click on ‘create VPC’.
Step 2.
Now you will switch on a window where you have to configure your VPC according to your needs.
Now you have to fill all fields. For example
- Name tag = Name your VPC as per your choice( example: demoVpc ).
- IPv4 CIDR block = 10.0.0.0/16(you can CIDR block according to your need).
- We are not using IPV6 so select on ‘No IPv6 CIDR block’, you can also select IPV6 CIDR block.
- The tenancy has two types Default and Dedicated, if you choose Default then your resources that exist in the same region and outside of your VPC can use your VPC, But if you choose Dedicated Tenancy then the resource which exists outside from your VPC within the same region can’t use your VPC.
- It depends on you to choose the tenancy type, I am going with default for the demo.
- Tag automatically set with your VPC name.
- Now click on create VPC.
VPC created successfully.
Step 3.
Now you have to configure your subnet-
- Click on ‘subnets’ and after that click on Create Subnet.
- On VPC ID select your VPC that was created previously.
- Give the name of your subnet( Example: demo-public-subnet ).
- Choose Availability Zone(Example: US East (Ohio)/ us-east-2a ).
- Give IPv4 CIDR block (Example: 10.0.0.0/24).
Here I am creating two subnets for your understanding ( private and public ).
If you use EC2 and Amazon RDS then create one public subnet for EC2 and two private subnets one for primary use and the second for backup.
- Click on Add new subnet on the bottom side.
- Give the name of your subnet( Example: demo-private-subnet ).
- Choose Availability Zone(Example: US East (Ohio)/ us-east-2b ).
- Give IPv4 CIDR block (Example: 10.0.1.0/24).
- Now click on Create Subnet.
Subnets created successfully.
Step 4.
Now we will create a routing table for our VPC.
- Click on create route table.
- Give the name of your route table ( Example: demoVPcRouteTable).
- Select your VPC (demoVpc).
- Now click on Create.
- Click on Subnet Associations at the bottom and click on Edit subnet Association.
- Now choose which subnet you want to attach with your VPC for public access via the internet( Example: demo-public-subnet).
- Click on save.
Route table created successfully with the association of subnet.
Step 5.
Now click on Internet Gateways
- Click on Create Internet gateway.
- Name your internet gateway ( Example: demo-vpc-Internet-gateway).
- Click on Actions then Attach to VPC and select your VPC.
- Click on Attach internet gateway.
Internet Gateway created successfully.
Step 6.
Now we have to attach our Internet gateway to the public subnet. The first question that arrives why we have to attach an internet gateway with a public subnet?
- So answer is if you want to launch an EC2 instance in VPC, it has to be accessible via the internet because we are hosting our application or website.
- Private subnet comes when we talk about the database, storage system, etc. which should not be publically accessible by anyone.
So for that, we have to follow these steps-
- Go into the Route tables and select your route table.
- Now click on Routes on the bottom side as shown in the above picture.
- Click on Edit routes and Add route to tell your route table that you have to access the internet via the Internet Gateway that you created previously.
- So now add 0.0.0.0/0 in Destination and choose Internet Gateway, which will show you like this igw-(some id) your internet gateway name select and click on Save routes.
Routes successfully edited.
Now your VPC setup is ready by using this you can launch your applications or website in a secure environment.
I am giving you a brief example of how should you use this architecture.
- When you launch your application or website then it has to be in the public subnet Because it has to be accessible by users.
- When you create a database or storage service(s3) etc. Which should not be publicly accessible that has to be in the private subnet.
- So only your application is publically accessible, Your backend services like database are safe.
Part 1
Please clap👏👏 and share If you find it useful.