Skip to main content

Cheat sheet to create a #VPC and Subnets on @AWSCloud

One of the critical things to remember for working with a AWS VPC is creating and using it. I had hard time remembering how to do it, so, I wrote down a cheat sheet for myself. 

If anyone wants to follow along, just navigate to the VPC page on the AWS Console and start with 'Create VPC' button. Please note that this may cost some dollars if you are not on the free tier. If you are on the free tier and make mistakes, it may cost some dollars.

In the steps below, we will be creating the following on a new VPC:
  1. An internet gateway
  2. One public subnet with routes for accessibility from the internet
  3. One private subnet without any routes
  4. One EC2 web server with Apache installed in it and serving a sample html page - using the public subnet.
  5. One EC2 server with the private subnet and security group that allows access to resources running on the public subnet only. 

Create VPC

  1. Name tag: myVPC
  2. CIDR Block: 10.0.0.0/16
  3. Tenancy: default (Must have default. Otherwise, it will get very expensive quite fast.)

Create subnet for public

  1. Name tag: 10.0.1.0 - us-west-1a
  2. VPC: myVPC
  3. Availability zone: us-west-1a
  4. CIDR Block: 10.0.1.0/24
  5. Select the public subnet from the VPC console
    1. Subnet Actions drop down - Modify Auto Assign IP - Enable auto-assign public IPv4 address.
The last step ensures that your public web server will be accessible on the internet with an automatically assigned public IP address.

Create another subnet for private

  1. Name tag: 10.0.2.0 - use-west-1b
  2. VPC: myVPC
  3. Availability zone: us-west-1b
  4. CIDR Block: 10.0.2.0/24

Create Internet Gateway

  1. Name tag: myIGW
  2. Then attach to VPC: myVPC

Create Route Tables for public

  1. Name tag: myPublicRoute
  2. VPC: myVPC
  3. Routes tab: Edit
    1. Description: 0.0.0.0/0
    2. Target: myIGW (it may look different than the keyword myIGW, but it is the only one that will be selectable.)
  4. Subnet associations: Edit
    1. Checkbox: us-west-1a subnet

Create EC2 instance for public route

  1. Network: myVPC
  2. Subnet: 10.0.1.0 - us-west-1a
  3. Advanced details:
    1. Install httpd, update, start httpd and configure httpd to start on server start.
      1. yum install httpd -y && yum update -y && service httpd start && chkconfig httpd on
    2. Create a simple index.html
      1. echo “<html><h1></h1></html>” > /var/www/html/index.html
  4. Tag instance: MyWebServer
  5. New security group: myWebSG
    1. ssh 0.0.0.0/0
    2. http 0.0.0.0/0
  6. Launch
  7. Get public IP address and open in browser

Create EC2 instance for private route
  1. Network: myVPC
  2. Subnet: 10.0.2.0 - us-west-1b
  3. Tag instance: MyWebServer
  4. New security group: myWebSG
    1. ssh 10.0.1.0/24
    2. http 10.0.1.0/24
    3. All ICMP 10.0.1.0/24
  5. Launch - no public ip is provided
  6. Make a note of the private ip address

Verify

SSH to public EC2 instance using your pem key.
  1. Copy the contents of your pem key and save it on the public EC2 instance.
  2. From the public EC2 instance, SSH to the private EC2 instance using the copied pem key using the private ip address.

The private EC2 instance is accessible only from the public web server. It is not directly accessible from the internet. In fact, you cannot SSH to the private EC2 instance because there is no public IP address assigned to the instance.





Popular posts from this blog

A @trello board to get kids excited

My 8 year old just started his summer break. He did so well in school and I am proud of him. He skipped second grade, got into the gold honor roll in every quarter and got a medal for doing that. Last night, I promised to install a new app for him on his iPad mini. I installed Trello and created a board for him while he watched. I showed him how to create cards, add labels to them and move them from To Do, to Doing to Done. I had him create some cards and label them. He could not stop creating cards. I could not convince him to go to bed after that. He created cards for everything he wants to do in the summer and he is not done with creating cards. He even created a card to email a screenshot of his Trello board to his teacher.

Later last night, he was still awake in bed when I checked on him. He told me that he wanted to add three more labels - Math, Science and One-on-One. He wanted a label titled 'One-on-one' for tasks that he wants to do with me and he wants one-on-one att…

#Git starter cheat sheet

Initialize a local repo Run the following command in the folder where you would like to initialize a git repo.
git init
Get status It is a good practice to frequently run check on status during development. The following command points out the changes between the previous commit and current state of the folder.
git status
Add content To add an untracked file named ‘text.txt’ to the staging area, execute the following command.
git add text.txt
Syntax: git add <filename>
Commit changes To commit changes made to the folder, execute the following command. The message will be used as a commit message to associate this check-in with the message.
git commit –m “Add text.txt to the code base.”
Syntax: git commit –m “<Commit message>”
Add using wild card To add multiple files using a wild card character, execute the following command.
git add ‘*.txt’
Syntax: git add ‘<wildcard_character+string>’
Check history Review commit history using the following command.
git log
Add Remote re…

@Docker cheat sheet

Installing Docker Installing Docker on Ubuntu sudo apt-get update sudo apt-get install –y docker.io sudo service docker status docker -v docker version sudo service docker start sudo docker info
Installing Docker on CentOs yum install -y docker systemctl status docker.service systemctl start docker.service
Updating Docker Add docker repo key to the local apt keychain wget =q0- https://get.docker.com/gpg | apt-key add -
Add docker repo to apt sources echo deb http://get.docker.com/ubuntu docker main > /etc/apt/sources.list.d/docker.list apt-get update apt-get install lxc-docker
Basic docker configuration Viewing Docker socket ls -l /run
Add user to docker group sudo gpasswd -a vagrant docker cat /etc/group
Configure docker deamon on a Ubuntu host to listen on a network port netstat -tlp service docker stop docker -H 192.168.56.50:2375 -d & netstat -tlp
Connect to docker Ubuntu host from centOs machine Set env variable export DOCKER_HOST=”tcp://192.168.56.50:2375”
Configure …