Lab 10 2 VPC From Scratch - nicolas-tullio/Tech-Journal GitHub Wiki

Deliverables

New VPC Details

image

New Subnet Details

image

image

New Routing Table Details

image

image

Pings from Private Instance (success to Public, Fail to Internet)

image

Pings from Public Instance (success to Private, Success to Internet)

image

Steps

VPC Configuration

Navigate to VPC > Your VPCs

image

Click on Create VPC

  • Name tag: testVPC
  • IPv4 CIDR block: 10.0.0.0/16
  • IPv6 CIDR block: No need to change this, make sure No IPv6 CIDR Block is checked.
  • Tenancy: No need to change this, make sure Default is selected.
  • Now click on Create VPC

image

Once VPC is created, click on Your VPCs

image

Subnet Configuration

For the Public Subnet, click on Subnets from the left menu and click on Create subnet.

  • VPC: Select testVPC from the list you created earlier.
  • Name tag: PublicSubnet
  • Availability Zone: Select us-east-1a
  • IPv4 CIDR block: Enter the range 10.0.1.0/24
  • Click on Create subnet

image

For the Private Subnet, click on Subnets from the left menu and click on Create subnet.

  • VPC: Select testVPC from the list you created earlier.
  • Name tag: PrivateSubnet
  • Availability Zone: Select us-east-1b
  • IPv4 CIDR block: Enter the range 10.0.2.0/24
  • Click on Create subnet

image

Create and configure Internet Gateway

Click on Internet Gateways from the left menu and click on Create internet gateway

image

Select the Internet gateway you created from the list

image

  • Click on Actions
  • Click on Attach to VPC
  • Select test which you created from the list and click on Attach internet gateway

image

Create Route Tables

Go to Route Tables from the left menu and click on Create route table

  • Name Tag: PublicRouteTable
  • VPC: Select testVPC from the list.
  • Click on Create

image

Repeat the same steps to create a route table for the RDS database tier (Private Subnet)

  • Name Tag: PrivateRouteTable
  • VPC: Select testVPC from the list
  • Click on Create

image

image

Associate the public subnet to the public route table

Select PublicRouteTable and go to the Subnet Associations tab

Click on Edit subnet associations

image

Select PublicSubnet from the list and save

image

Associate the private subnet to the private route table

Select PrivateRouteTable and go to the Subnet Associations tab

Click on Edit subnet associations

image

Select PrivateSubnet from the list and save

image

PublicRouteTable: Add a route to allow Internet traffic to the VPC.

  • Select PublicRouteTable from the list.
  • Go to Routes tab, click on Edit routes

image

Specify the following values:

  • Destination: 0.0.0.0/0
  • Target: Select Internet Gateway from the dropdown menu to select IGW
  • Click save

image

image

EC2 Instances

Launch 2 Free-Tier EC2 instances

Make sure to assign your new VPC and subnets when configuring

One on Public Subnet

  • For this instance - make sure to "enable" auto assign Public IP

image

One on Private Subnet

  • For this instance - leave auto-assign IP as disabled

image

SSH into your Public Instance with your private key

image

Use scp to copy your aws ssh key to the Public instance

image

You should then be able to SSH from the Public Instance to the Private Instance

image

The Private Instance should be able to ping the Public Instance but not the Internet (Screenshot)

image

The Public Instance should be able to ping Private Instance and the Internet (Screenshot)

image