Amazon Virtual Private Cloud (VPC)
By using Virtual Private Cloud, in here it is possible to launch AWS resources in a virtual network that we declare. In simple way we have a complete control all over the network which we create include section of our own IP address range, subnets of that IP and also route tables configuration and gateways for the network. In VPC we can use both version of IP, IPV4 and IPV6.
After creating VPC once, You can change a size and also a IP address if you want. Make sure the CIDR block size can be from /16 to /28 for IPV4 but for IPV6 it is /64 . Where CIDR stands for Classless inter-domain routing (CIDR). It is a set of Internet protocol (IP) standards that is used to create unique identifiers for networks and individual devices.
This lab Will cover following steps which is as bellow,
- Create Amazon VPC.
- Set up routing for VPC.
- Deploy Amazon EC2 instance into VPC.
- Attach an Internet gateway to the VPC.
Login using appropriate credential for AWS
First of all you have to login in AWS to access the services,
Click on Services and select VPC which is in Network and Content Delivery section
Step 1: Create Amazon VPC
To create VPC just click on Start VPC Wizard which is on the top of the page,
After click on that wizard select a first option which is for single public subnet and then go to next step. The configuration of a VPC with a single public subnet, and an Internet gateway to enable communication over the Internet. This is a recommend configuration if you need to run a single-tier, public-facing web application, such as a blog or a simple website.
In the next step give a VPC name in here the name of VPC is origzovpc and also look that two IPV4 address first is for CIDR block and second is for Public subnet. Where CIDR stands for Classless inter-domain routing (CIDR). It is a set of Internet protocol (IP) standards that is used to create unique identifiers for networks and individual devices. You can always add and remove subnets later, but you will not be able to modify the CIDR block assigned to the VPC.
At the end click on Create button to create VPC.
After that just select a new created VPC and saw the details which is provide down side and see about DNS setting both are in yes status,
You can see a default gateway for the VPC which is newly created now and also one default gateway in the Internet Gateway option which is in left side. An Internet gateway is a horizontally scaled, redundant, and highly available component in VPC that allows communication between instances in your VPC and the Internet. An Internet gateway serves two purposes: to provide a target in your VPC route tables for Internet-rout able traffic, and to perform network address translation (NAT) for instances that have been assigned public IPv4 addresses.
Step 2: Setup Routing
For routing table for VPC just click on the route tables and then click on the VPC for which you want ton see Routes, in here new created VPC was origzovpc and for that we saw there are two destination available one is for local route and it is default so we could not remove it. Second shows the route that the VPC wizard added to enable traffic destined for an IP address outside to flow to the Internet Gateway. This subnet refer as a public subnet because all traffic from the subnet goes to the Internet Gateway.
Step 3: Setup Security Group
A security group acts as a virtual firewall that controls the traffic for one or more instances. When you launch an instance, you associate one or more security groups with the instance. You add rules to each security group that allow traffic to or from its associated instances. You can modify the rules for a security group at any time; the new rules are automatically applied to all instances that are associated with the security group. When we decide whether to allow traffic to reach an instance, we evaluate all the rules from all the security groups that are associated with the instance.
To create Security group just click on Security Groups in the left side and then click on create security group, after that a new popup come on the screen fill up the name of the security group and also name tag and also select for which VPC this security group will be create,
In here name of the security group was WebServerSG, after creating this just click on that group and select Inbound rules and add some rules which is for HTTP, SSH and RDP, the source for all this rule are same which is 0.0.0.0/0 and hit on save.
After that click on outbound field and remove that existing rule because if it is available in 0.0.0.0/0 so it allow all the traffic from the out side to access your instance which one is not safe,
Step 4: Launching an Amazon EC2 instance
Now to create a Amazon EC2 instance click on services and select EC2 services from the compute section,
After click on EC2 service in compute click on Launch Instance button which is in the center of the page,
Then you are in the main page of the creating instance, in here you can see a list of operating systems and also with different version, select which one is required and hit on select, i am going with Amazon Linux AMI
In the next step select which type of Instance you want like how many vCPU or a how much GB Memory or required storage space all the things will come in a package so select which is comfort for you, I will go with t2.small which is shows in a bellow picture,
After selection of Instance type in the next step to configure it with a required VPC, subnet and also we can increase a same number of instance if we need more then on just increase the count of the instances which is shows in bellow image, i will go with a new VPC which is created before and rest of other options are default as given.
In next step select the total storage for this instance and also provide a tag for the instance which makes easy to remember also. After that select a security group for the Instance means by using this security group we can manage inbound and outbound traffic using specific port number,
At the end it is about key pair, means you have to create a key pair or select from the existing key pair for the instance. Use of the key pair is for login first of all if we are using a Linux machine at that time key pair will ask for login and if we are using windows then we have to use key pair to decrypt the password from that key pair, Bellow image show that popup for the key pair and also show the last checkbox which is for acknowledgement to have that key pair and without this, there is no possibility to login this instance.
Step 5: Attaching an internet gateway to your VPC
An Elastic IP address is a static IPv4 address intended for element distributed computing. An Elastic IP address is related with your AWS account. With an Elastic IP address, you can veil the disappointment of an occasion or programming by quickly remapping the deliver to another occurrence in your record. An Elastic IP address is an open IPv4 address, which is reachable from the Internet. On the off chance that your case does not have an open IPv4 address, you can relate an Elastic IP deliver with your occurrence to empower correspondence with the Internet; for instance, to associate with your occasion from your neighborhood PC.
To attach an Internet Gateway to your VPC, you create an Elastic IP address, which is a public IP address, which is also a public IP address which is also belongs to your AWS account, and also associated with your Instance to make it accessible from the Internet,
For this just go to the VPC dashboard and then click on Elastic IPs which is in the left side panel, and then click on allocate new address as bellow image,
After click on allocate new address you could see Elastic IP and hit on close.
Select the new generated Elastic IP from the list and then go to action to select Associate address option,
When you click on Associate address option, new popup will come on the screen and then provide a instance details by using instance or network interface and select Id for Instance or a network interface and also select private IP for that and then hit on associate button which in on bottom of the page,
END OF THIS LAB
By using VPC you can easily customize the network configuration for your virtual private cloud. In VPC use different network IP and subnets also. so at the end we have a complete control on the network. You also differentiate public facing subnet and private facing subnet so we can easily manage and make some limitations for the users who can assess outside world.
In VPC they will charge $0.05 per connection hour. if you choose to create a NAT gateway in your VPC it will charge for each NAT Gateway hour that you NAT gateway is available if you want to stop getting charge for the gateway then delete that gateway. It will depend on the region. For Sydney they will charge $0.059 per hour and also $0.059 per GB per GB data processed.