Swapna Aware's Blog
Mastering AWS VPC: A Step-by-Step Guide with Real-World Example

Mastering AWS VPC: A Step-by-Step Guide with Real-World Example

Swapna Aware's photo
Swapna Aware
·

5 min read

Introduction

Amazon Web Services (AWS) Virtual Private Cloud (VPC) allows you to launch AWS resources in a virtual network you define. AWS VPC is one of the most crucial components in cloud infrastructure, providing flexibility, security, and full control over your networking environment. In this blog, we’ll dive into key VPC components such as CIDR blocks, subnets, route tables, internet gateways, and VPC peering, along with a live example for better understanding.

What is AWS VPC?

  • An AWS Virtual Private Cloud (VPC) gives you complete control over your network setup.

  • An AWS VPC (Virtual Private Cloud) is like a virtual network or data center dedicated to a single client within AWS.

  • It is logically isolated from other virtual networks within the AWS cloud.

  • Up to 5 VPCs can be created in a single AWS region.

  • A maximum of 200 subnets can be created within a single VPC.

  • You can allocate up to 5 Elastic IP addresses to resources in your VPC.

  • A VPC is region-specific and cannot extend across regions.

  • Once a VPC is created, the CIDR block range cannot be changed.

Key AWS VPC Components

  • CIDR (Classless Inter-Domain Routing): The block of IP addresses that define the network range for your VPC.

  • Subnets: Segments of the VPC used to divide your network into smaller, logical sections.

  • Route Tables: Direct traffic between different subnets or out to the internet.

  • Internet Gateway (IGW): Allows traffic to flow between the VPC and the internet.

  • NAT Gateway: Enables instances in private subnets to access the internet while preventing inbound traffic.

  • VPC Peering: Connects two VPCs to allow communication between them over private IP addresses.

  • Security Groups: Controls inbound and outbound traffic to resources in your VPC.

  • Network Access Control Lists (NACLs): An extra layer of security at the subnet level.

Types Of VPC

Step-by-Step Guide: Creating a VPC with All Components

1. Create a VPC

  • Navigate to VPC Dashboard and click on Create VPC.

  • Specify the CIDR block for the VPC (e.g., 10.0.0.0/16), which provides a range of 65,536 IP addresses for use in your network.

  • Give your VPC a recognizable name (e.g., MyVPC).

2. Create Subnets

  • Public Subnet:

    • Create a public subnet within the VPC with a CIDR block like 10.0.1.0/24 (providing 256 IP addresses).

  • Private Subnet:

    • Create a private subnet with a CIDR block such as 10.0.2.0/24 for instances that won’t need direct internet access.

3. Set up the Internet Gateway (IGW)

  • Create and attach an Internet Gateway to your VPC (MyVPC).

  • This will allow your public subnet to connect to the internet.

4. Configure Route Tables

  • Public Route Table:

    • Associate the public subnet with a route table that routes traffic to the internet (0.0.0.0/0) via the Internet Gateway.

  • Private Route Table:

    • For the private subnet, create a separate route table with no internet access or route traffic through a NAT Gateway (for outbound internet access only).

5. Deploy NAT Gateway

  • Create a NAT Gateway in the public subnet and associate it with an Elastic IP.

  • Update the Private Route Table to route internet-bound traffic from private subnet instances via the NAT Gateway.

6. VPC Peering Setup

  • To establish communication between two VPCs, you can create a VPC Peering Connection.

    • In the VPC Peering Connections section, initiate a peering request from one VPC (VPC-A with CIDR 10.0.0.0/16) to another VPC (VPC-B with CIDR 192.168.0.0/16).

    • Accept the request in the target VPC and update the route tables in both VPCs to allow traffic between the two CIDR ranges.

    • Now, instances in both VPCs can communicate with each other using private IPs without passing through the internet.

7. Security Groups and NACLs

  • Define Security Groups to control the traffic to EC2 instances. For example, allow SSH access on port 22 from a trusted IP range.

  • Implement NACLs to provide an extra layer of security by controlling the inbound and outbound traffic at the subnet level.

Live Example: Creating a Highly Available Web Server in AWS VPC

  1. VPC and Subnet Configuration

    • Create a VPC (10.0.0.0/16) and set up two subnets:

      • Public Subnet: 10.0.1.0/24

      • Private Subnet: 10.0.2.0/24

  2. Deploy EC2 in the Public Subnet

    • Launch an EC2 instance in the public subnet.

    • Attach a security group that allows HTTP (port 80) and SSH (port 22) from the internet.

  3. Deploy EC2 in the Private Subnet

    • Launch another EC2 instance in the private subnet. Use this instance for backend services or databases that don’t need direct internet access.

    • Ensure the instance can communicate with the internet through the NAT Gateway.

  4. VPC Peering for Cross-VPC Communication

    • Suppose you have another VPC (192.168.0.0/16) for additional resources. Set up VPC Peering between MyVPC and this secondary VPC, allowing instances in both VPCs to communicate without needing external internet access.

Conclusion

AWS VPC gives you complete control over your network architecture. By mastering CIDR blocks, subnets, route tables, and other components like internet gateways and VPC peering, you can design scalable and secure cloud environments. Whether you’re setting up a basic web server or a complex multi-VPC architecture, understanding these components is essential for any cloud professional.