Production based VPC setup on AWS

Whenever we talk about launching a website or an application, We first thought about security. So for that our website or application should be in a secure environment.

For securing our environment we will use Amazon VPC.

In this blog, we will learn about

1. What is Cloud?
2. What is VPC?
3. What is CIDR?
4. What is Subnet?
5. What is Route Table?
6. What is Internet Gateway(igw)?
7. VPC setup.

Maybe this article will consume more time to read, So please have patience and enjoy the blog😀.

1. What is cloud?

Basically Cloud is an on demand availablity of computer resources like CPU, RAM, Storage etc. over the internet, so you don’t have to worry about your data because that is accesable through the internet remotely.

• You can access your data anywhere, anytime with high availability, speed and in more secure way.

image source europeancloudalliance.com

2. What is VPC?

A virtual private cloud (VPC) is a virtual network dedicated to your AWS account. It is logically isolated from other virtual networks in the AWS Cloud. You can specify an IP address range for the VPC, add subnets, associate security groups, and configure route tables. A subnet is a range of IP addresses in your VPC.

• Let me tell you about security groups, It is basically a virtual firewall for your instances to control inbound and outbound traffic. It contain set of rules to define security in terms of ports.
• VPC is specific to a region that means if you create a VPC in the region ‘A’ then your resources that exist in the region ‘A’ can not accessible by another region’s resources without VPC peering.
• “cloud region” describes the actual, real-life geographic location where your public cloud resources are located. like Ohio, Mumbai, Europe etc.
• VPC peering enables in between two different regions VPC’s by using that private IP addresses can communicate with each other and route the traffic between each other bidirectionally.
• Private IP address is used to communicate within the same network and Public IPis used to communicate outside the network. For example we have two networks A and B then the IP which exist in A they can communicate using private IP, But IP which exist in A can’t communicate with B’s IP using private ip.
• VPC can use IPV4 or IPV6 or both for communication.

The default limit for creating VPC per region is 5, but we can create 100s of VPC within the same region.

image source softnas.com

3. What is CIDR block.

• CIDR, which stands for Classless Inter-Domain Routing.
• It is an IP addressing scheme that improves the allocation of IP addresses. It replaces the old system based on classes A, B, and C. This scheme also helped greatly extend the life of IPv4 as well as slow the growth of routing tables.
• CIDR manage IP address between subnets. For example 10.0.0.0/16 This is the primary CIDR block, which means 16 represents a number of bits occupied in the network(10.0.0.0), So 10.0 is occupied that is our starting network bit and the rest is use for dividing a network into subnets, for that we can use this formula

2^(32- number of bits ) -2 = 2^(32-16) -2 => 2¹⁶ -2 =65534.

• Now we have 65534 available host.
• We can create One primary CIDR block for a VPC and 4 secondary CIDR block after creating VPC.

Maybe it looks like boring 🥱 thing but this knowledge will make you good in designing your VPC architecture.

4. What is subnet?

A subnetting is a process of dividing a network into it’s sub networks.

Subnet has two parts-

1. Network address
2. Host identifier

Example- This network 192.168.43.48/24 is ipv4 , So 24 bits(192.168.43) are reserved for network address and remaining 8 bits(48) are host identifier.

There is two type of subnets in VPC

• Private subnet
• Public subnet

Private subnet is basically used for backend services like Databases, Storage system(Amazon s3). Because these services should not be publically accesable by anyone so if public subnet instance compromised than private subnet is safe.

Public subnet is used for host our website or application to public, So client can intract with our application through public subnet instance.

• To access private instance, you should have a one instance in public subnet from which you can access the instance, normally AWS called it bastion.

We will also assign CIDR block to private and public subnet.

• We will practically demonstrate VPC setup in 2nd part of this blog.

5. Route Tables

A route table contains a set of rules, called routes, that are used to determine where network traffic from your subnet or gateway is directed.

Main route table — The route table that automatically comes with your VPC. It controls the routing for all subnets that are not explicitly associated with any other route table.

Custom route table — A route table that you create for your VPC.

Subnet route table — A route table that’s associated with a subnet.

Gateway route table — A route table that’s associated with an internet gateway or virtual private gateway.

Destination — The range of IP addresses where you want traffic to go (destination CIDR).

Target — The gateway, network interface, or connection through which to send the destination traffic for example, an internet gateway.

Each route in a table specifies a destination and a target. For example, to enable your subnet to access the internet through an internet gateway, add the following route to your subnet route table.

Destination = 0.0.0.0/0 , Target = igw-12345678901234567

6. Internet Gateway

Internet Gateway allows public subnet to communicate with internet outside the VPC.

The gateway is the Internet Service Provider that gives you access to the entire Internet.

VPC architecture

image source quora.com

Please check out next part of this blog for VPC setup.

part 2

Amazon VPC setup for production

Thanks for reading out this blog Please do share if you like it.

That’s all! I hope you enjoyed reading. Please 👏 (clap) and share if you find this post useful.