Scribd
Upload
23 views13 pages

VPC-Document

A Virtual Private Cloud (VPC) is a secure, isolated section of the AWS cloud that allows users to define their own virtual networking environment. VPCs enable custom networking, secure communication, and isolation for sensitive data, with key components including subnets, route tables, internet gateways, and NAT gateways. The document outlines the configuration steps for creating a VPC, including setting up subnets, gateways, and launching EC2 instances for both public and private access.

Uploaded by

suresh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
23 views13 pages

VPC-Document

A Virtual Private Cloud (VPC) is a secure, isolated section of the AWS cloud that allows users to define their own virtual networking environment. VPCs enable custom networking, secure communication, and isolation for sensitive data, with key components including subnets, route tables, internet gateways, and NAT gateways. The document outlines the configuration steps for creating a VPC, including setting up subnets, gateways, and launching EC2 instances for both public and private access.

Uploaded by

suresh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 13

VIRTUAL PRIVATE CLOUD (VPC)

What is VPC?
• A Virtual Private Cloud (VPC) is a logically isolated section of the AWS cloud where you
can launch AWS resources in a virtual network that you define.

• You have complete control over your virtual networking environment, including the
ability to create your own IP address range, create subnets, configure route tables, and
gateways.

Why we need to use VPC?


➢ For Isolation:

This isolation is fundamental for scenarios involving sensitive data, compliance


requirements, or when resources need to operate independently without
interference.

➢ For Custom Networking:

A multi-region application deployment can use separate VPCs for different


environments like staging, testing, and production, each tailored to specific
networking rules.

➢ For Secure Communication:

It ensures that sensitive traffic remains protected while accessing resources like
databases, file servers, or APIs from on-premises networks.

Key Components in Virtual Private Cloud (VPC):


1. VPC:
The foundational virtual network in AWS that acts as a private cloud where
resources (like EC2, RDS, etc.) are securely hosted. It provides the boundary for
your network.

2. SUBNET:

A segment within the VPC's IP range, used to divide resources logically and
ensure efficient network organization. Subnets can be public or private based on their
use case.
In this Subnet, there are two types in it such as Public Subnet and Private
Subnet. For example, A private subnet is used to secure a database, while a public
subnet hosts application servers exposed via a load balancer.

3. ROUTE TABLE:

Defines the traffic routing rules within a VPC and to control the flow of traffic to
and from subnets.

For Example, routing public internet traffic through the Internet Gateway and
private traffic through the NAT Gateway.

4. INTERNET GATEWAY (IGW):

A gateway to enable communication between your VPC and the internet.

Why we use it means, to allow public-facing resources access to the internet.

5. NAT GATEWAY:

Allows outbound internet access for private resources while keeping them
secure.

To download patches or updates without exposing private instances to the


public internet.

Real-Time Example of VPC: Hosting an E-Commerce Website

➢ VPC:

Acts like the house for your entire e-commerce system, giving it a private space
to run securely and efficiently.

➢ SUBNETS:

Public Subnet: Hosts the website frontend that customers access.

Private Subnet: Stores the backend database and processes payment


information securely.

➢ INTERNET GATEWAY (IGW):

Allows your public website to connect to the internet so customers can browse
and shop online.
➢ NAT GATEWAY:

Allows backend servers (like inventory or payment systems) in the private


subnet to access the internet for updates without exposing them publicly.

Architecture of Virtual Private Cloud:

In this AWS VPC setup:

1. The public subnet (10.0.1.0/24) hosts an EC2 instance with direct internet access
through an Internet Gateway (IGW), ideal for web servers.

2. The private subnet (10.0.3.0/24) hosts an EC2 instance without direct internet access
for security. Outbound traffic uses a NAT Gateway.

3. The NAT Gateway, with an Elastic IP, allows private instances to access the internet for
updates or external services without exposing them to incoming traffic.

4. A Route Table ensures proper traffic flow:

• Public subnet traffic goes to the IGW.

• Private subnet traffic goes to the NAT Gateway.


Configuration of VPC with Subnets, Route Table, Internet Gateway and
NAT Gateway

Step 1: Create the VPC


➢ Go to the AWS Management Console.
➢ Navigate to VPC Dashboard → Your VPCs → Create VPC
• Name: Provide a meaningful name (e.g., VPC-SETUP).
• IPv4 CIDR Block: Enter the CIDR block range (e.g.,
12.0.0.0/16).
• Click Create VPC.
➢ Ensure the VPC creation as below,
Step 2: Create Subnets
➢ Navigate to Subnets → Create Subnet.
➢ Create the Public Subnet:
• Name Tag: Give it a name like Public-Subnet.
• Select the VPC created in Step 1.
• Availability Zone (AZ): Choose one AZ (e.g., ap-south-2a).
• IPv4 CIDR Block: Assign 12.0.1.0/24.
• Click Create.

➢ Create the Private Subnet:


• Name Tag: Use Private-Subnet.
• Select the same VPC as above.
• Availability Zone (AZ): Use the same AZ (e.g., ap-south-2a).
• IPv4 CIDR Block: Assign 12.0.2.0/24.
• Click Create.
Once you created the Public and Private Subnet as Shown above, you’ll get the Subnet
Dashboard as below. In that, the last 3 subnets are default one which is associated
with the default VPC.
Step 3: Create an Internet Gateway (IGW)
➢ Navigate to Internet Gateways → Create Internet Gateway.
• Name Tag: Enter a name like VPC-SETUP-IGW.
Click Create as shown below,

➢ After creating, attach the IGW to the VPC as below:

Step 4: Create a NAT Gateway


Before configuring the NAT Gateway, we need to know why we use it for Private-
Subnets!

Why Do We Need to Create a NAT Gateway?

A NAT Gateway (Network Address Translation Gateway) is important in AWS to


allow instances in a private subnet to access the internet securely without
exposing them to incoming traffic from the internet.
Workflow of NAT Gateway:

1. The NAT Gateway in the public subnet helps private EC2


instances access the internet securely.
2. How it works:
3. Private instances send requests through the NAT Gateway.
4. The NAT Gateway forwards the request to the internet using its
Elastic IP.
5. The response comes back through the NAT Gateway to the
instance.
6. Without a NAT Gateway, private instances can’t connect to the
internet for updates or external access.

Let’s start the NAT Gateway Configuration Step


➢ Navigate to NAT Gateways → Create NAT Gateway.
• Name: Assign a name like VPC-SETUP-NAT.
• Subnet: Choose the Public Subnet created earlier.
• Elastic IP: Click Allocate Elastic IP or select an existing
Elastic IP.
• Click Create NAT Gateway.
• Follow the below procedures to create NAT Gateway.
Once the NAT Gateway created, we need to do routing process in Route Tables.

Step 5: Configure Route Tables

➢ Navigate to Route Tables → Create Route Table.


➢ For Public Subnet:
• Name Tag: Assign a name like VPC-PUBLIC-RT.
• Select the VPC created earlier.
• Add the route:
• Destination: 0.0.0.0/0.
• Target: Internet Gateway.
➢ Associate Subnet: Attach the route table to the Public Subnet.
Make the attachment process through Subnet Association Option in Each Route Tables
which we have created in this process.

After the Route process, we also need to do Subnet Association. Because, Subnet
association is required to bind the correct route table to its respective subnet so that
the traffic follows the desired path (Internet Gateway for Public Subnet, NAT Gateway for
Private Subnet).

➢ Subnet Association:
• Click on the Route Table ID (e.g., VPC-PUBLIC-RT).
• Navigate to the Subnet Associations tab.
• Click Edit Subnet Associations and Associate it as below.
• For Public Route Table, select Public Subnet (e.g., 12.0.1.0/24).

➢ Also, we need to do the above step for Private Subnet Association in Route Table.
Step 6: Launch EC2 Instances

➢ Public Subnet Instance:


• Launch an EC2 instance with the above created VPC and Public

Subnet under Network Settings as shown below.


• Ensure it has a public IP enabled for direct Internet access.

➢ Private Subnet Instance:


• Launch an EC2 instance with the above created VPC and Private
Subnet under Network Settings as Previous Method
• Ensure it has public IP disabled. Because, we don’t need publicly
exposed network.
• So, we need to disable Auto-assign Public IP.
Once all the above process is done, we can able to Test our EC2 Instance. To login our Public
Instance, we can use ssh command or any tools such as MobaXterm or Putty to login using the
Instance’s IP and KEY file.

Here is the main thing that if we need to login to our Private Instance means, first we need to
Login to Public Instance.

Then, Open Remote Desktop Connection RDC (Windows Server used here) in that Public
Instance and Enter the Private IP address of the Private Instance. Because, we don’t provide
public IP for this instance.

When accessing it, it will ask Username and Password. To get that, we need to select the
Private Instance and click connect button. You’ll have that page as below,
From that Image, you’ll get the Private IP and Username visibly. In order to get the Password,
Click on Get password. You’ll get a page as below,

Here, you need to upload the .pem file for the respective EC2 Instance. Then click on Decrypt
Password.

By doing all the above steps, you’ll get the VPC Connection with Public as well Private Instance.

You might also like