Skip to main content

Cheat sheet to create a #VPC and Subnets on @AWSCloud

One of the critical things to remember for working with a AWS VPC is creating and using it. I had hard time remembering how to do it, so, I wrote down a cheat sheet for myself. 

If anyone wants to follow along, just navigate to the VPC page on the AWS Console and start with 'Create VPC' button. Please note that this may cost some dollars if you are not on the free tier. If you are on the free tier and make mistakes, it may cost some dollars.

In the steps below, we will be creating the following on a new VPC:
  1. An internet gateway
  2. One public subnet with routes for accessibility from the internet
  3. One private subnet without any routes
  4. One EC2 web server with Apache installed in it and serving a sample html page - using the public subnet.
  5. One EC2 server with the private subnet and security group that allows access to resources running on the public subnet only. 

Create VPC

  1. Name tag: myVPC
  2. CIDR Block: 10.0.0.0/16
  3. Tenancy: default (Must have default. Otherwise, it will get very expensive quite fast.)

Create subnet for public

  1. Name tag: 10.0.1.0 - us-west-1a
  2. VPC: myVPC
  3. Availability zone: us-west-1a
  4. CIDR Block: 10.0.1.0/24
  5. Select the public subnet from the VPC console
    1. Subnet Actions drop down - Modify Auto Assign IP - Enable auto-assign public IPv4 address.
The last step ensures that your public web server will be accessible on the internet with an automatically assigned public IP address.

Create another subnet for private

  1. Name tag: 10.0.2.0 - use-west-1b
  2. VPC: myVPC
  3. Availability zone: us-west-1b
  4. CIDR Block: 10.0.2.0/24

Create Internet Gateway

  1. Name tag: myIGW
  2. Then attach to VPC: myVPC

Create Route Tables for public

  1. Name tag: myPublicRoute
  2. VPC: myVPC
  3. Routes tab: Edit
    1. Description: 0.0.0.0/0
    2. Target: myIGW (it may look different than the keyword myIGW, but it is the only one that will be selectable.)
  4. Subnet associations: Edit
    1. Checkbox: us-west-1a subnet

Create EC2 instance for public route

  1. Network: myVPC
  2. Subnet: 10.0.1.0 - us-west-1a
  3. Advanced details:
    1. Install httpd, update, start httpd and configure httpd to start on server start.
      1. yum install httpd -y && yum update -y && service httpd start && chkconfig httpd on
    2. Create a simple index.html
      1. echo “<html><h1></h1></html>” > /var/www/html/index.html
  4. Tag instance: MyWebServer
  5. New security group: myWebSG
    1. ssh 0.0.0.0/0
    2. http 0.0.0.0/0
  6. Launch
  7. Get public IP address and open in browser

Create EC2 instance for private route
  1. Network: myVPC
  2. Subnet: 10.0.2.0 - us-west-1b
  3. Tag instance: MyWebServer
  4. New security group: myWebSG
    1. ssh 10.0.1.0/24
    2. http 10.0.1.0/24
    3. All ICMP 10.0.1.0/24
  5. Launch - no public ip is provided
  6. Make a note of the private ip address

Verify

SSH to public EC2 instance using your pem key.
  1. Copy the contents of your pem key and save it on the public EC2 instance.
  2. From the public EC2 instance, SSH to the private EC2 instance using the copied pem key using the private ip address.

The private EC2 instance is accessible only from the public web server. It is not directly accessible from the internet. In fact, you cannot SSH to the private EC2 instance because there is no public IP address assigned to the instance.





Popular posts from this blog

Create #VirtualPrivateCloud, NAT Instance and NAT Gateways on @AWSCloud

Create a Virtual Private Cloud, NAT instance and the new NAT Gatweay ... and making it all work. This is a YouTube playlist of three videos.

SQL Server tables with JSON

We can indeed store json data as-is into a traditional Microsoft SQL Server database. The document hosted on Microsoft's site left a lot of questions and unknowns that I had to explore and experiment to figure out the right recipe for creating a table to store json, inserting the data as json and querying for the values of individual keys within the json. Here you go:  --Create a table with an identity column and a nvarchat(max) column to store the individual json documents create table dbo.logs (     _id bigint primary key identity,     json_log nvarchar(max) ); --Add a constraint to the json_log column of the table to ensure that the table accepts only json as value to store ALTER TABLE dbo.logs ADD CONSTRAINT [json_log record should be formatted as JSON] CHECK (ISJSON(json_log)=1); --Insert json into the table insert into dbo.logs values ('{"key": "value"}'); insert into dbo.logs values ('{"key": "value1"}'); --Query for al