Swapna Aware's Blog
Mastering AWS VPC: A Step-by-Step Guide with Real-World Example

Mastering AWS VPC: A Step-by-Step Guide with Real-World Example

Swapna Aware's photo
Swapna Aware
·

4 min read

Introduction

Amazon Web Services (AWS) Virtual Private Cloud (VPC) enables you to create a virtual network in which you can deploy AWS resources. AWS VPC is one of the most important building blocks of the cloud infrastructure as it provides you various levels of abstraction, security, and full control of your networking environment. This Blog will focus on concepts of VPC including CIDR blocks, subnets, route tables, internet gateways, VPC peering, along with a live example for better understanding.

What is AWS VPC?

  • An AWS VPC (Virtually Private Cloud) essentially allows you to configure your own network.

  • A Virtual Private Cloud (VPC) with AWS is similar to a dedicated data center for a single client.

  • It is a logically isolated section of the AWS cloud where you can launch AWS resources.

  • You can create a maximum of 5 VPCs per AWS region.

  • A maximum of 200 subnets can be created within a single VPC.

  • You can allocate up to 5 Elastic IP addresses to resources in your VPC.

  • A VPC is region-specific and cannot extend across regions.

  • Once a VPC is created, the CIDR block range cannot be changed.

Key AWS VPC Components

  • CIDR (Classless Inter-Domain Routing): This defines the starting point in IP addresses for a range of IP addresses for your VPC.

  • Subnets: Sections of the VPC that you can use to partition your network into smaller, logical sections.

  • Route Tables: Route traffic between subnets or internet.

  • Internet Gateway (IGW): Allows traffic to flow between the VPC and the internet.

  • NAT Gateway: Enables instances in private subnets to access the internet while preventing inbound traffic.

  • VPC Peering: Connects two VPCs to allow communication between them over private IP addresses.

  • Security Groups: Acts as a firewall for the associated instances, controlling both inbound and outbound traffic.

  • Network Access Control Lists (NACLs): A second layer of security, at the subnet level.

Types Of VPC

Build a VPC with all components: A Step by Step Guide

1. Create a VPC

  • Go to VPC Dashboard and select Create VPC.

  • Here therefore, enter the CIDR block for the VPC (e.g. 10.0.0.0/16) which gives you a total of 65,536 IPs that you can assign to hosts in your network.

  • Then give your vpc a readable name (e.g., MyVPC).

2. Create Subnets

  • Public Subnet:

    • Create Public Subnet inside the VPC with a CIDR Block like 10.0.1.0/24 (256 IP addresses).

  • Private Subnet:

    • Use a CIDR block like 10.0.2.0/24 for the private subnet for any associated instances that won’t require direct internet access.

3. Configuring the Internet Gateway (IGW)

  • It is necessary to first create and attach an Internet Gateway to your VPC (MyVPC).

  • It will enable an internet connection to your public subnet.

4. Configure Route Tables

  • Public Route Table:

    • Add routing in the public subnet routing table to route the traffic to the Internet Gateway (0.0.0.0/0).

  • Private Route Table:

    • Create a dedicated route table for the private subnet, without any internet access or routing traffic through a NAT Gateway (intended for outbound internet access only).

5. Attach NAT Gateway

  • You will create a NAT Gateway in the public subnet and associate it with Elastic IP.

  • Make a route in the Private route table to route the internet request of the private subnet instances to the NAT Gateway.

6. Setup of VPC Peering

  • To interact between two VPCs, you can set up a VPC Peering Connection.

    • Then, under VPC Peering Connections, create a peering request from a peering connection out of one VPC (VPC-A 10.0.0.0/16) into the target VPC (VPC-B 192.168.0.0/16).

    • By accepting the request in the target VPC and updating the route tables in both VPCs to allow traffic between the two CIDR ranges.

    • Now, instances in both VPCs can communicate privately over the internet.

7. Security Groups and NACLs

  • Define Security Groups to control the traffic to EC2 instances. For example, allow SSH access on port 22 from a trusted IP range.

  • Implement NACLs to provide an extra layer of security by controlling the inbound and outbound traffic at the subnet level.

Real Use Case: Setting up a Multi-AZ Web Server in AWS VPC

VPC and Subnet Configuration

  1. VPC and Subnet Configuration

    • Create a VPC (10.0.0.0/16) with 2 subnets:

      • Public Subnet: 10.0.1.0/24

      • Private Subnet: 10.0.2.0/24

  2. Deploy EC2 in the Public Subnet

    • Create an EC2 instance in the public subnet.

    • Attach a security group that allows HTTP (port 80) and SSH (port 22) from the internet.

  3. Deploy EC2 in the Private Subnet

    • Launch another EC2 instance in the private subnet. Use this instance for backend services or databases that don’t need direct internet access.

    • Configure internet access for the instance, via NAT Gateway.

  4. Cross-VPC Communication — VPC Peering

    • Let's assume you have another VPC (192.168.0.0/16) for more resources Next, configure VPC Peering between MyVPC and your secondary VPC, so that your instances in both VPCs can communicate without having access to the internet.

Conclusion

AWS VPC also offers ultimate control over your architecture. Understanding CIDR blocks, subnets, route tables, and other components such as internet gateways and VPC peering enables you to build scalable and secure cloud environments. From running a simple web server to designing a complex multi-VPC architecture, these are a must-know for anyone in Cloud.