AWS Virtual Private Cloud (VPC) is a networking service that enables you to launch AWS resources in a logically isolated virtual network that you’ve defined. This virtual network closely resembles a traditional network that you’d operate in your own data center, with the benefits of using the scalable infrastructure of AWS.

This lab will teach you how to create a custom AWS VPC with a public and private subnet. You will also learn how to create an internet gateway and route table to allow the public subnet to access the internet.

Amazon will bill you for any applicable AWS resources and time used that are not covered in the AWS Free Tier.

Part 1: Create a VPC and Subnets

VPCs are used to isolate your AWS resources from the public internet and other VPCs. They define a virtual network that closely resembles a traditional network that you’d operate in your own data center. Subnets are used to divide a VPC into multiple networks. They are used to isolate resources within a VPC from each other. Subnets can be public or private, depending on whether they are connected to the internet.

  1. Go to the VPC Dashboard in the AWS console.
  2. Click Create VPC.
  3. Enter a Name for your VPC.

  4. Enter a CIDR block for your VPC.

    When creating a VPC, it is important to choose a CIDR block that is large enough to accommodate your needs. You can use a CIDR calculator to help you choose the right CIDR block.

  1. Click Create VPC.

    When creating subnets, it is important to divide your VPC into logical groups. For example, you may want to create a subnet for web servers, a subnet for database servers, and a subnet for bastion hosts.

  1. Go to the Subnets page in the AWS console.
  2. Click Create subnet.
  3. For VPC, select the VPC you created in step 5.
  4. For Subnet name, enter Public subnet.
  5. For Availability Zone, select an availability zone.
  6. For IPv4 CIDR block, enter a CIDR block for the public subnet.
  7. Select the Enable auto-assign public IPv4 address checkbox.
  8. Click Create subnet.
  9. Repeat steps 7-13 to create a private subnet.

Part 2: Create Internet Gateway

  1. Go to the Internet gateways page in the AWS console.
  2. Click Create internet gateway.
  3. For Name, enter Internet Gateway.
  4. Click Create internet gateway.
  5. Go to the Internet gateways page in the AWS console.
  6. Select the internet gateway you created in step 18.
  7. Click the Actions tab.
  8. Click Attach to VPC.
  9. Select the VPC you created in step 5.
  10. Click Attach.

Part 3: Create Route Tables

  1. Go to the Route tables page in the AWS console.
  2. Click Create route table.
  3. For Name tag, enter Public route table.
  4. For VPC, select the VPC you created in step 5.
  5. Click Create route table.
  6. Go to the Route tables page in the AWS console.
  7. Select the public route table you created in step 29.
  8. Click the Routes tab.
  9. Click Add route.
  10. For Destination, enter the CIDR block 0.0.0.0/0.
  11. For Target, select the internet gateway you created in step 18.
  12. Click Save.
  13. Go to the Route tables page in the AWS console.
  14. Select the public subnet route table you created in step 29.
  15. Click the Subnet Associations tab.
  16. Click Add subnet.
  17. Select the public subnet you created in step 9.
  18. Click Save.

Part 4: Create Security Groups

  1. Go to the Security groups page in the AWS console.
  2. Click Create security group.
  3. For Security group name, enter Public security group.
  4. For Description, enter Public security group.
  5. For VPC, select the VPC you created in step 5.
  6. Click Create security group.
  7. Repeat step 43.
  8. Select the public security group you created in step 48.

  9. Click the Inbound rules tab.

    Security groups are used to control inbound and outbound traffic to and from your AWS resources. You can use security groups to control traffic based on IP address, port, and protocol.

  10. Click Edit inbound rules.
  11. Click Add rule.
  12. For Type, select SSH.
  13. For Source, select My IP.
  14. Click Save rules.
  15. Go to the Security groups page in the AWS console.
  16. Repeat steps 43-56 to create a private security group that allows SSH from the public security group.

Part 5: Create EC2 Instances

A bastion host is a server that is used to access other servers in a secure manner. Bastion hosts are typically placed in a public subnet and are configured to only allow SSH traffic from authorized IP addresses. Once you have connected to the bastion host, you can then SSH to other servers in the VPC.

  1. Go to the EC2 Dashboard in the AWS console.
  2. Click Launch instance.
  3. Select the Amazon Linux 2 AMI.
  4. Select the t2.micro instance type.
  5. Click Next: Configure Instance Details.
  6. For Network, select the VPC you created in step 5.
  7. For Subnet, select the public subnet you created in step 9.
  8. For Auto-assign Public IP, select Enable.
  9. Click Next: Add Storage.
  10. Click Next: Add Tags.
  11. Click Add Tag.
  12. For Key, enter Name.
  13. For Value, enter Public EC2 instance.
  14. Click Next: Configure Security Group.
  15. Select the public security group you created in step 48.
  16. Click Review and Launch.
  17. Click Launch.
  18. Select Create a new key pair.
  19. For Key pair name, enter SSH key pair.
  20. Click Download Key Pair.
  21. Click Launch Instances.
  22. Repeat steps 57-73 to create an EC2 instance in the private subnet using the private security group.

Part 6: Connect to the EC2 Instances

  1. Go to the EC2 Dashboard in the AWS console.
  2. Select the public EC2 instance you created in step 73.
  3. Click Connect.
  4. Copy the SSH command.
  5. Open a terminal.
  6. Paste the SSH command into the terminal. 
    ssh -i "SSH key pair.pem" ec2-user@<public EC2 instance IP address>
  7. From the EC2 instance, SSH into the private EC2 instance. 
    ssh -i "SSH key pair.pem" ec2-user@<private EC2 instance IP address>

More Info