Let’s configure a custom Vpc
Amazon Virtual personal Cloud (Amazon VPC) allows you to provision a logically isolated section of the AWS Cloud wherever you’ll be able to launch AWS resources in an exceedingly virtual network that you just outline. you’ve got complete management over your virtual networking setting, as well as choice of your own information science address vary, creation of subnets, and configuration of route tables and network gateways. you’ll be able to use each IPv4 and IPv6 in your VPC for secure and straightforward access to resources and applications.
You can simply customise the network configuration of your Amazon VPC. for instance, you’ll be able to produce a public-facing subnet for your internet servers that have access to the net. you’ll be able to additionally place your backend systems, like databases or application servers, in an exceedingly private-facing subnet with no web access. you’ll be able to use multiple layers of security, as well as security teams and network access management lists, to assist management access to Amazon EC2 instances in every subnet.
Now that you understand what a Vpc is, and what it does, you should be able to play around with it on the console.
Note: when creating a Vpc by default it has a Route, Route table, Network access control list(NACL), and a Security group.
On your console, go to services and search for Vpc under networking and content delivery.
Note: do not launch Vpc wizard!
When you examine your default Vpc, you will see it has 3 subnets associated with it, including a Route table, an Internet gateway(allows your Vpc to communicate with your internet), then you have your NACL and also a Security group.
Let’s get started
Architecture:
Step 1
Create Vpc
Add name, just as you see in the figure below.
IPv4 CIDR block* (internet protocol version 4) (classless inter-domain routing) should be the largest address you can assign which is what you’ll use. You’ll be using the amazon ipv6. Leave the tenancy as default. Then click on create.
Now look through the newly created Vpc and see what services was configured when you created the Vpc. You will discorver that on the creation of your new Vpc, a Router, a Route table, a NACL, a Security group was created by default just as shown in the diagram below.
Step 2
Let’s create a subnet
Hover to the left of your Vpc dashboard and create a subnet. Add name(whatever suits you), then under VPC CIDRs, search for your Vpc you created and click that. Input an availability zone for your subnet just as shown below. Input your CIDR address as shown. Then click create.
Repeat the process for another subnet. But this time, change the availability zone and the CIDR address.
Note : availability zones are random and also you can’t have a subnet span availability zone(1 subnet = 1 availability zone)
Next, you’ll like to make one of your subnet as private and the other as public. Incase you are wondering why there are only 251 IP address instead of 256.
Note that aws reserves 5 IP addresses. Check this link here for more information.
Select the subnet you want to modify and click on action, then go to modify auto assign IP settings. Then enable it.
This is what your Vpc should look like now
Step 3
Create an internet gateway
This helps you communicate with your Vpc
Create your internet gateway. Notice it’s status is on “detached” so go to actions and attach to Vpc, then select your Vpc and attach it. Then save.
Note : you can only have 1 internet gateway per Vpc
Step 4
Create a Route table
Give it a name, assign it to your Vpc and then click create. Whenever you create a subnet, it will be associated with the main Route table.
Always keep your default Route table as private due to security reasons. In order to associate it with the internet, Click on edit route. Add Route to make public, destination- 0.0.0.0/0 and target- select your internet gateway. To add an ipv6, you can input the destination as- ::/0 and the target- select your internet gateway. Then click save routes. Any subnet associated with this Route table will automatically become public.
Click on subnet associations, edit subnet and then add the subnet to your Route table. That will associate your subnet with your Route table.
Step 5
Launching an ec2 instance
Launch your instance using the amazon Linux AMI if you are on free tier, t2micro, then change the Vpc from default to your Vpc. Select your public subnet. The auto assign-subnet public IP address is enabled by default. Leave everything else as default. Next add your storage, add your tags then configure your security groups. Create a Security group and add a Route to the internet just as shown below. Then launch.
Note: security groups do not span Vpc’s
Create a new key pair and download it.(make sure you keep it save as you’ll need it to ssh into your instance.
Repeat the process for the second ec2, but this time associate it with your other subnet. Choose an existing security group which is your default “security group”. Then launch using the same key pair.
Step 6
Connecting to your ec2 instance using the CLI(Command Line Interface)
You need to be familiar with Linux to understand what is going to be done here. Find the path. Next you’ll do the required permission as it’s a new key pair. Please reach this link here understand about Linux file permission. (Sad story to learn from- I had an interview sometimes back, which was based on using linux command, I took it for granted as I am very familiar with the commands on linux as I use it on daily basis. Little did I know, when asked on the interview, I failed to hit the main detail of using that permission).
Understand your r-w-x permission very well and do not take it for granted.
Next you want to ssh into your instance. Use the command below to archive this.
$ ssh ec2-user@your public ip address -i MyOhKP.pem
Copy your public IP address from your instance and paste it when typing the command. You’ll then be able to see that your ec2 instance has now been connected.
This is what your Vpc should look like:
Note: you can only communicate with your public instance and not your private instance.
Then elevate your privilage to root with the command “sudo”.
Step 7
Create a security group for your second instance
Give it a name just as shown below, attach it to your Vpc. Next add your inbound rules. Here you will be able to use this set of rules to communicate with your ec2 instance inside the security group.
Note: know your ports and protocols.
First thing you want is ICMP(Internet Control Message Protocol) In order to be able to ping your ec2 instance in this security group. In your source you can use your security group 1 or use it’s IP address range(10.0.1.0/24). Allow the various ports as shown below.
Next go to your ec2 dashboard on the console and select your 2nd instance, click on action and hover to networking, then change security groups. Make sure you select the security group you created for your second instance as shown below otherwise you won’t be able to ping your private IP address or connect your instance via ssh.
Next copy and paste your private IP address after typing ping as shown below to see how it works. Just as you can ping google.com to test your Linux environment to the internet.
Step 8
Ssh into your private server
In doing so, you should ensure you have a bastion host for security purpose, but you’ll do this another way, by using the private key. You can open it using a text editor and copy it to the file you are creating. You want to use the command:
$ nano MyPvKey.pem
Paste it and then click ctrl x then enter.
Then, chmod it as it’s a new key pair. To know more about the change permissions, click here.
$ chmod 400 MyPvKey.pemThen connect the private ec2 instance by using the command:
$ ssh ec2-user@your private ip address -i MyPvKey.pem
As you can see, you are now connected to your private instance. You have successfully ssh into your database server which is in your private subnet.
That is all for this project.
Services
VPC
EC2
CLI
Visualization
draw.io
Thanks for reading..
