Skip to main content

Cheat sheet to create a #VPC and Subnets on @AWSCloud

One of the critical things to remember for working with a AWS VPC is creating and using it. I had hard time remembering how to do it, so, I wrote down a cheat sheet for myself. 

 If anyone wants to follow along, just navigate to the VPC page on the AWS Console and start with 'Create VPC' button. Please note that this may cost some dollars if you are not on the free tier. If you are on the free tier and make mistakes, it may cost some dollars.

In the steps below, we will be creating the following on a new VPC:
  1. An internet gateway
  2. One public subnet with routes for accessibility from the internet
  3. One private subnet without any routes
  4. One EC2 web server with Apache installed in it and serving a sample html page - using the public subnet.
  5. One EC2 server with the private subnet and security group that allows access to resources running on the public subnet only. 

Create VPC

  1. Name tag: myVPC
  2. CIDR Block: 10.0.0.0/16
  3. Tenancy: default (Must have default. Otherwise, it will get very expensive quite fast.)

Create subnet for public

  1. Name tag: 10.0.1.0 - us-west-1a
  2. VPC: myVPC
  3. Availability zone: us-west-1a
  4. CIDR Block: 10.0.1.0/24
  5. Select the public subnet from the VPC console
    1. Subnet Actions drop down - Modify Auto Assign IP - Enable auto-assign public IPv4 address.
The last step ensures that your public web server will be accessible on the internet with an automatically assigned public IP address.

Create another subnet for private

  1. Name tag: 10.0.2.0 - use-west-1b
  2. VPC: myVPC
  3. Availability zone: us-west-1b
  4. CIDR Block: 10.0.2.0/24

Create Internet Gateway

  1. Name tag: myIGW
  2. Then attach to VPC: myVPC

Create Route Tables for public

  1. Name tag: myPublicRoute
  2. VPC: myVPC
  3. Routes tab: Edit
    1. Description: 0.0.0.0/0
    2. Target: myIGW (it may look different than the keyword myIGW, but it is the only one that will be selectable.)
  4. Subnet associations: Edit
    1. Checkbox: us-west-1a subnet

Create EC2 instance for public route

  1. Network: myVPC
  2. Subnet: 10.0.1.0 - us-west-1a
  3. Advanced details:
    1. Install httpd, update, start httpd and configure httpd to start on server start.
      1. yum install httpd -y && yum update -y && service httpd start && chkconfig httpd on
    2. Create a simple index.html
      1. echo “<html><h1></h1></html>” > /var/www/html/index.html
  4. Tag instance: MyWebServer
  5. New security group: myWebSG
    1. ssh 0.0.0.0/0
    2. http 0.0.0.0/0
  6. Launch
  7. Get public IP address and open in browser

Create EC2 instance for private route
  1. Network: myVPC
  2. Subnet: 10.0.2.0 - us-west-1b
  3. Tag instance: MyWebServer
  4. New security group: myWebSG
    1. ssh 10.0.1.0/24
    2. http 10.0.1.0/24
    3. All ICMP 10.0.1.0/24
  5. Launch - no public ip is provided
  6. Make a note of the private ip address

Verify

SSH to public EC2 instance using your pem key.
  1. Copy the contents of your pem key and save it on the public EC2 instance.
  2. From the public EC2 instance, SSH to the private EC2 instance using the copied pem key using the private ip address.

The private EC2 instance is accessible only from the public web server. It is not directly accessible from the internet. In fact, you cannot SSH to the private EC2 instance because there is no public IP address assigned to the instance.





Labels:

Popular posts from this blog

Create #VirtualPrivateCloud, NAT Instance and NAT Gateways on @AWSCloud

Create a Virtual Private Cloud, NAT instance and the new NAT Gatweay ... and making it all work. This is a YouTube playlist of three videos.
Read more

A @trello board to get kids excited

My 8 year old just started his summer break. He did so well in school and I am proud of him. He skipped second grade, got into the gold honor roll in every quarter and got a medal for doing that. Last night, I promised to install a new app for him on his iPad mini. I installed Trello and created a board for him while he watched. I showed him how to create cards, add labels to them and move them from To Do, to Doing to Done. I had him create some cards and label them. He could not stop creating cards. I could not convince him to go to bed after that. He created cards for everything he wants to do in the summer and he is not done with creating cards. He even created a card to email a screenshot of his Trello board to his teacher. Later last night, he was still awake in bed when I checked on him. He told me that he wanted to add three more labels - Math, Science and One-on-One. He wanted a label titled 'One-on-one' for tasks that he wants to do with me and he wants one-on-one at
Read more