How to Create and Configure AWS VPC
Amazon Web Services offers cloud computing services on-demand for individuals, companies, and the government on a pay-as-you-go basis. Now in this big pool of cloud computing, you require to set up your private cloud and here is where VPC comes into the picture. A VPC spans all availability zones in a region.
Regions and Availability zones:
AWS Region is nothing but a physical location around the world to cluster data centers. Every region is physically isolated from and independent of every other region in terms of location, power, water supply, etc. Inside each region, you will find two or more availability zones with each zone hosted in separate data centers from another zone.
An availability zone is a logical data center inside a region ready to use for AWS customers. Each zone in a region has redundant and separate power, networking and connectivity to reduce the likelihood of two zones failing simultaneously.
VPC:
Amazon VPC enables you to build a virtual network in the AWS cloud — no VPNs, hardware, or physical data centers are required. This is your own network space where you can control how your network and AWS resources inside this network are exposed to the internet.
When you create a VPC you need to specify the range of IPv4 addresses for the VPC in the form of a Classless Inter-Domain Routing (CIDR) block. This CIDR block is used for subnetting which we will discuss later in the article.
CIDR:
When you create a VPC, you must specify a range of IPv4 addresses for the VPC in the form of a Classless Inter-Domain Routing (CIDR) block; for example, 10.0. 0.0/16. This is the primary CIDR block for your VPC.
For example, 172.31.0.0/24
the subnet mask would be /24 since the first 24 bits determine the network component of the IP address and the Host component is 32–24 = 8.
So 2 to the power of 8, 2⁸= 256
Now, what is a subnet?
We can’t put EC2 instances directly into VPC. We need to break VPC into smaller networks called subnets. A subnet is a logical group of networks that differ depending on requirements.
Subnet lets you break down your network into smaller parts. This can be achieved by specifying the CIDR block for each subnet.
Now subnet is of two types:
Public Subnet:
Public subnets are the subnets in your VPC which have direct access to the Internet. And to give it direct access to the internet it needs to be associated with the route table that has a route to an Internet Gateway.
Private subnet:
As the name suggests it is private inside your network, which means it does not have direct access to the internet and can be considered more secure than a public subnet. Now we still might need internet access to the private subnet for some software updates, patches to be installed and this can be achieved using the NAT gateway inside the route table.
Now when to use public subnet and private subnet?
You can put your application which needs interaction with the users or customers in a public subnet and the database can be stored in a private subnet.
Internet Gateway:
Internet Gateway is used to allow communication between your VPC component and the internet. You need to add a route to your subnet’s route table that directs internet bound traffic to the internet gateway.
NAT Gateway:
NAT gateway is used to enable instances in a private subnet to connect to the internet or other AWS services but preventing the internet from initiating a connection with those instances. Now one important thing is NAT gateway is associated with an Elastic IP address.
Why does a NAT gateway need an elastic IP?
It wouldn’t make sense to have a dynamic address on a NAT device — if the address changed, that would be guaranteed to break any sessions in progress and the only way to allocate a static address is by allocating an Elastic IP address (EIP).
Route Table:
A route table contains a set of rules, called routes, that are used to determine where network traffic from your subnet or gateway is directed. It simply tells the network packets which way to travel to reach the destination.
Now let us see how to set up a VPC network with a few simple steps.
First login to your AWS console and navigate to the VPC dashboard.
Now, inside VPCs and select Create VPC from the top. You should be able to see the following page:
- Name Tag: Give the name you wish to give for your VPC.
- IPv4 CIDR block: The range of IPv4 addresses for your VPC in CIDR block format, for example, 10.0.0.0/24.
- IPv6 CIDR block: For IPv6 CIDR block select No IPv6 CIDR block as we are going to use IPv4 addresses for the VPC.
- Tenancy: Tenancy gives you two options: Default and Dedicated. Go with dedicated if you want to place your VPC in single-tenant dedicated hardware or else select Default.
And after that click ‘create’.
In the above example, we have selected 10.0.0.0/16 which provides us with 65534 reserved IPv4 addresses that can be used for subnetting.
Here you can the VPC id of your created VPC, its state and IPv4 CIDR range, tenancy.
Now let’s create subnets:
- Public subnet and,
- Private subnet.
Navigate to subnets and click ‘Create Subnet’.
- Name Tag: Give a name to the subnet.
- VPC: Select the VPC you just created so the subnet will belong to that VPC.
- Availability Zone: Select the Availability Zone you want to put your subnet into.
- IPv4 CIDR block: And finally select the IPv4 CIDR block and click create.
Similarly create another subnet and name it PrivateSubnet.
Note: That we are just naming subnet for our reference. To make the subnet public or private we need to associate them to appropriate route tables.
By default, the subnets are associated with the default route table which is created at the time we create our VPC.
Here you can see all the details about the subnet: Subnet ID, VPC, Available IPv4 Addresses, AZ and default Route Table associated with the subnet.
Now, before creating the route table let’s create an Internet Gateway and NAT Gateway as it would be required to add the route to the subnets we created.
So select Internet Gateway in the VPC dashboard and click on create internet gateway.
Give the name to the internet gateway and select create. Note that it would be in a detached state at first. We need to attach it to a VPC by following the steps.
As you can see this is in a detached state and we need to go and attach it to a VPC. Under actions select Attach to VPC.
Select the VPC to which you would like to attach the instance. In our case it will be the recently created VPC, select it and click attach.
Creating NAT Gateway is a bit different from creating an Internet Gateway. You need to select a public subnet under which you want to create a NAT Gateway and then allocate an Elastic IP address to it. So now why do we need Elastic IP for NAT Gateway?
It wouldn’t make sense to have a dynamic address on a NAT device — if the address changed, that would be guaranteed to break any sessions in progress. And the only way to allocate a static address is by allocating an Elastic IP address (EIP).
So let’s go ahead and create NAT Gateway. Go to NAT Gateway and select Create NAT gateway.
Select the public subnet and click on Allocate Elastic IP address and then click Create a NAT Gateway.
Now let’s go and create two route tables:
- public route table and,
- private route table
Go to Route Table and select create route table. Give the name to the route table and select the VPC we created above.
Similarly create the Private route table.
Now we need to add routes to each of the route tables respectively. Add Internet gateway to the public route table.
Now associate the public subnet to the public route table.
Now do the same steps for the private subnet but add NAT gateway to the route from the target dropdown menu.
And associate private subnet to the private route table.
I hope this article helped you to understand all the configuration steps required to set up a VPC network infrastructure inside AWS. Now you can deploy any application inside this VPC.
Happy Clouding!
