Hello Friends, In this article I will create a VPC in AWS cloud. The resources present in this VPC should be publicly available.
What is VPC?
First of all we should be aware of VPC and what are its utilization. A virtual private cloud(VPC) is logically isolated section provided by AWS to launch resources or services in the section you define. A VPC is present in any of the regions of the world supported by AWS. While creating a VPC we need to provide a CIDR block of IP addresses. VPC provides us the flexibility to provision the resources in public subnet or private subnet. Resource such as web server are present in the public subnet which makes it accessible over internet. Resources such as back end services, databases should be present in the private subnet to protect them from outside world. And hence increasing the level of protection. You should be wondering what is a subnet.
A VPC spans across multiple availability zone present in the region. And these AZ are denoted by subnet in a VPC. We can create one or more subnet for each AZ in a subnet. Again while creating a subnet we have to provide a CIDR block of IP addresses which should be subset of the VPC’s CIDR block.
Creating my First VPC and Public Subnet
In this section I will cover the step by step guide on launching my first VPC having a public and private subnet. I will not use the short cut provided by AWS.
- Login to your AWS console using IAM user. Note that you should never use root account to create services. Root account is the one which you have created by providing your email ID. And this in the administrator account for your AWS console.
- Go the VPC under network and content delivery section under services. You can find the services section in top left corner of the AWS console.
- Once you are in VPC dashboard. You can see “Your VPCs” in the left pane of the page. Click on “Your VPCs”.
- In this window you can see all the VPC created by you and a default VPC which is created by AWS. There is one default VPC present in each region. It is a good practice to not use this default VPC for launching any instances.
- Click on “Create VPC” button present on top of the screen.And you can see a screen pop up. In this pop up you need to provide the VPC name, IPV4 CIDR address range. You can see the inputs provided by me in the window below. It is very important to note here that once you have created a VPC you will not be able to change or delete the address range which you have assigned while creating it. Hence be very careful while assigning the CIDR block IP address range.
- Click “Yes, Create” and you should be able to see the VPC in the Dashboard.
- Now click on the Subnets in the left pane. And you should see all the subnets present for your AWS account. Click “Create Subnet” in the top of the screen. In the create subnet screen you should be able to enter the details of the subnet as shown in the figure below. As you can notice in the figure, I have kept the name of the subnet as same as the name of the region and added a suffix -public to easily recognize it.
- Once you have created a VPC. A route table is automatically created for the VPC. This the default route table for the VPC and its is recommended not to change anything for this route table. Click on the “Route tables” in the left navigation pane. You will get the list of all the route tables present for your account. Select the route table for the VPC which you have created in the previous step. Once you select the route table by clicking the checkbox in the first column of the table, you can see the details of the table in bottom of the page. You can see that it is not associated with any of the subnet.
- Go the routes tab. And you should be able to see an entry with destination as 10.0.0.0/16 and target as local. This route allows resources present in the VPC to communicate with each other.
- We have an entry to route out the traffic and make our resource available from internet. For the same purpose we need to create an internet gateway.
- Click on the “Internet gateways” in the left navigation pane. And click “Create Internet gateway” present on the top left corner of the screen.
- An internet gateway is a virtual device which is used to route traffic out of VPC and it also keeps a mapping of the public and private IPs. I have created an internet gateway with name “MyIGForDemo”. In Addition we need to attach the internet gateway to our VPC. Click the Action button on the top. And Select “Attach to VPC”. Finally select the VPC we created in step 5 and attach it.
- We have to create a route table to be associated with public subnet. Click on “Route Table” in the left navigation pane. And click route table button in the top left corner. Enter the name of the route table. I named it as “RouteTableForPublicSubnet”. And associate it with the VPC created in step 5. Once you click on the VPC drop down you should be able to see list of all the VPCs in your account. Also we need to associate the route table to subnet we created in step 7. Click on the subnet associations and associate the subnet. Finally we need to associate the internet gateway for a public route. Go to the routes tab as shown in the figure below and add a route. Select the Internet gateway we created in previous step from list and click save.
- This route in the route table allows to have to and fro traffic from internet.
- And hence we have create a pubic subnet for our resources.
- Similarly we can create one more subnet in any other availability zone and associate it with default route table. This subnet is the private subnet.
This was all about setting up a AWS VPC to host publicly accessible resources in AWS cloud. In my next article I will set up an EC2 instance and set up an apache web server to host a web application which can be accessed from any where in the world.