Scribd
Upload
171 views

01) VPC - Normal Setup

The document describes steps for configuring a VPC with public and private subnets across two regions: 1) Create two VPCs with subnets in Mumbai and Singapore regions, with one public subnet and one private subnet in each. 2) Launch instances in the subnets and configure security groups, route tables, and a NAT gateway to allow instances in the private subnet to access the internet while preventing public internet access. 3) Additional configuration includes VPC peering, transit gateways, database and webserver access across subnets, and application of network access control lists.

Uploaded by

hanuman challisa
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
171 views

01) VPC - Normal Setup

The document describes steps for configuring a VPC with public and private subnets across two regions: 1) Create two VPCs with subnets in Mumbai and Singapore regions, with one public subnet and one private subnet in each. 2) Launch instances in the subnets and configure security groups, route tables, and a NAT gateway to allow instances in the private subnet to access the internet while preventing public internet access. 3) Additional configuration includes VPC peering, transit gateways, database and webserver access across subnets, and application of network access control lists.

Uploaded by

hanuman challisa
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 23

VPC Lab

1) Create 2 VPC with one subnet in Mumbai.


2) Launch one windows server in both VPC and try to connect internally each
other using RDP and HTTP.
3) VPC peering same region.
4) VPC peering different region different account.
5) Transit gateway
6) Create public and private Network.
7) Accessing DBserver using Webserver.
8) Provide outbound internet connection to private subnet( NAT gateway and NAT
Instance)
9) VPC Endpoint
10) NACL
Subnet Classification

Public Subnet – Frontend network – internet facing Subnet

Private Subnet – Backend Network – No Internet facing Subnet


VPC
• Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically
isolated section of the AWS Cloud where you can launch AWS resources in
a virtual network that you define.

• You have complete control over your virtual networking environment,


including selection of your own IP address range, creation of subnets, and
configuration of route tables and network gateways. You can use both
IPv4 and IPv6 in your VPC for secure and easy access to resources and
applications.

• You can easily customize the network configuration of your Amazon VPC.
For example, you can create a public-facing subnet for your web servers
that have access to the internet. You can also place your backend systems,
such as databases or application servers, in a private-facing subnet with
no internet access. You can use multiple layers of security, including
security groups and network access control lists, to help control access to
Amazon EC2 instances in each subnet.
Security Group and NACL
Firewall concept in VPC
NACL
NACL also adds an additional layer of security associated with
subnets that control both inbound and outbound traffic at the
subnet level.

Maximum number of rules that exist per NACL: 20


Maximum number of rules that can exist per Security Group: 50
Maximum number of Security Groups that can exist per instance: 5
Maximum number of rules that can exist per instance: 5*50 + 20 =
270
VPC Configuration Steps
Region Mumbai Singapore

VPC ID 10.100.0.0/16 10.200.0.0/16

Subnet 1 ID 10.100.1.0/24 10.200.1.0/24

Subnet 2 ID 10.100.2.0/24 10.200.2.0/24

In Mumbai
1) Open AWS Console –Services – VPC – Your VPC – Create VPC- Type name :
project1-vpc – IP CIDR block -10.100.0.0/16 – Create VPC

2) Subnets – Create Subnets –Select VPC ID – subnet name: project1-subnet1 –


Availiblity zone : ap-south-1a – IPV4 CIDR block:10.100.1.0/24 – Create Subnet
VPC Configuration Steps
3) Internet gateway – Create Internet gateway –Tag – project1-int-gtw -- Create Internet
gateway
Then go to action –Attach to VPC – Available VPCs –select project1-vpc – Attach
Internet gateway

4) Route table –Create Route table – Name tag: Project1-RT1 – VPC - project1-vpc –
Create
After creating select it – subnet association –edit –select project1-subnet1 ---save
Go to Routes –Edit –Add route – 0.0.0.0/0 --- Target – Internet gateway - project1-int-
gtw – save routes

5) Do the same VPC Setup in Singapore Region with different VPC ID


Hands on – Configure custom VPC with public and private network
Private IP address range

Class Starting Ending

A 10.0.0.0 10.255.255.255

B 172.16.0.0 172.31.255.255

C 192.168.0.0 192.168.255.255
Reserved IP in VPC --Subnet

The first four IP addresses and the last IP address in each subnet CIDR block
are not available for you to use, and cannot be assigned to an instance.

• 10.0.0.0: Network address.

• 10.0.0.1: Reserved by AWS for the VPC router.

• 10.0.0.2: Reserved by AWS for mapping to the Amazon-provided DNS.


(Note that the IP address of the DNS server is the base of the VPC network
range plus two. For more information, see Amazon DNS Server.)

• 10.0.0.3: Reserved by AWS for future use.

• 10.0.0.255: Network broadcast address. We do not support broadcast in a


VPC, therefore we reserve this address.
DB Server Security

1) No public IP
2) Security group--SSH –mapped—webserver-SG
3) No route table configuration
Provide Internet Connectivity (Outbound) to Private Subnet

You might also like