Skip to main content

Cheat sheet to create a #VPC and Subnets on @AWSCloud

One of the critical things to remember for working with a AWS VPC is creating and using it. I had hard time remembering how to do it, so, I wrote down a cheat sheet for myself. 

 If anyone wants to follow along, just navigate to the VPC page on the AWS Console and start with 'Create VPC' button. Please note that this may cost some dollars if you are not on the free tier. If you are on the free tier and make mistakes, it may cost some dollars.

In the steps below, we will be creating the following on a new VPC:
  1. An internet gateway
  2. One public subnet with routes for accessibility from the internet
  3. One private subnet without any routes
  4. One EC2 web server with Apache installed in it and serving a sample html page - using the public subnet.
  5. One EC2 server with the private subnet and security group that allows access to resources running on the public subnet only. 

Create VPC

  1. Name tag: myVPC
  2. CIDR Block: 10.0.0.0/16
  3. Tenancy: default (Must have default. Otherwise, it will get very expensive quite fast.)

Create subnet for public

  1. Name tag: 10.0.1.0 - us-west-1a
  2. VPC: myVPC
  3. Availability zone: us-west-1a
  4. CIDR Block: 10.0.1.0/24
  5. Select the public subnet from the VPC console
    1. Subnet Actions drop down - Modify Auto Assign IP - Enable auto-assign public IPv4 address.
The last step ensures that your public web server will be accessible on the internet with an automatically assigned public IP address.

Create another subnet for private

  1. Name tag: 10.0.2.0 - use-west-1b
  2. VPC: myVPC
  3. Availability zone: us-west-1b
  4. CIDR Block: 10.0.2.0/24

Create Internet Gateway

  1. Name tag: myIGW
  2. Then attach to VPC: myVPC

Create Route Tables for public

  1. Name tag: myPublicRoute
  2. VPC: myVPC
  3. Routes tab: Edit
    1. Description: 0.0.0.0/0
    2. Target: myIGW (it may look different than the keyword myIGW, but it is the only one that will be selectable.)
  4. Subnet associations: Edit
    1. Checkbox: us-west-1a subnet

Create EC2 instance for public route

  1. Network: myVPC
  2. Subnet: 10.0.1.0 - us-west-1a
  3. Advanced details:
    1. Install httpd, update, start httpd and configure httpd to start on server start.
      1. yum install httpd -y && yum update -y && service httpd start && chkconfig httpd on
    2. Create a simple index.html
      1. echo “<html><h1></h1></html>” > /var/www/html/index.html
  4. Tag instance: MyWebServer
  5. New security group: myWebSG
    1. ssh 0.0.0.0/0
    2. http 0.0.0.0/0
  6. Launch
  7. Get public IP address and open in browser

Create EC2 instance for private route
  1. Network: myVPC
  2. Subnet: 10.0.2.0 - us-west-1b
  3. Tag instance: MyWebServer
  4. New security group: myWebSG
    1. ssh 10.0.1.0/24
    2. http 10.0.1.0/24
    3. All ICMP 10.0.1.0/24
  5. Launch - no public ip is provided
  6. Make a note of the private ip address

Verify

SSH to public EC2 instance using your pem key.
  1. Copy the contents of your pem key and save it on the public EC2 instance.
  2. From the public EC2 instance, SSH to the private EC2 instance using the copied pem key using the private ip address.

The private EC2 instance is accessible only from the public web server. It is not directly accessible from the internet. In fact, you cannot SSH to the private EC2 instance because there is no public IP address assigned to the instance.





Labels:

Popular posts from this blog

A @trello board to get kids excited

My 8 year old just started his summer break. He did so well in school and I am proud of him. He skipped second grade, got into the gold honor roll in every quarter and got a medal for doing that. Last night, I promised to install a new app for him on his iPad mini. I installed Trello and created a board for him while he watched. I showed him how to create cards, add labels to them and move them from To Do, to Doing to Done. I had him create some cards and label them. He could not stop creating cards. I could not convince him to go to bed after that. He created cards for everything he wants to do in the summer and he is not done with creating cards. He even created a card to email a screenshot of his Trello board to his teacher. Later last night, he was still awake in bed when I checked on him. He told me that he wanted to add three more labels - Math, Science and One-on-One. He wanted a label titled 'One-on-one' for tasks that he wants to do with me and he wants one-on-one at
Read more

A @trello board to get kids excited - continued

This is a continuation of the previous post titled - A trello board to get kids excited . At the time of writing this post, the previous post had 198 page views. I wish people commented. I did get some positive feedback on Twitter. The Trello twitter account re-tweeted my tweet and also sent out a second tweet advertising the page. Thank you very much. I hope a lot of parents and kids benefited and had fun as a result. Trello people: Idea - How about a 'Trello Kiddo'? Perhaps you could offer that to schools that give iPads for each kid to take home with them. Get them when they are young. When a kid does something religiously, regularly and feels great about it and can't wait to tell everyone about it, you know you've done well as a parent. We realized that we needed a separate column to keep track of 'Special accomplishments'. Positive reinforcement that you can see with your eyes! Some parents feel like they haven't done enough for their kids, partic
Read more

Create #VirtualPrivateCloud, NAT Instance and NAT Gateways on @AWSCloud

Create a Virtual Private Cloud, NAT instance and the new NAT Gatweay ... and making it all work. This is a YouTube playlist of three videos.
Read more