Networking In AWS Cloud

Setting up a VPC

Dharamjeet Singh's photo
Dharamjeet Singh
·

5 min read

The exercises in this course will incur charges in your AWS account. In this exercise, you will create or use the following resources:

  • AWS Identity and Access Management (IAM) policy and user: These are account features offered at no additional charge.

  • Amazon Elastic Compute Cloud (Amazon EC2) instance

  • Virtual Private Cloud (VPC) with subnets and route tables

Familiarise yourself with Amazon EC2 pricing and the AWS Free Tier.

Exercise 4: Setting up a VPC

In this scenario, you will create the network infrastructure where the EC2 instance that hosts the employee directory will reside.

You will set up a new VPC with four subnets (two public and two private) and two route tables (one public and one private). Then, you will launch an EC2 instance inside this new VPC. At the end of the exercise, you will stop the instance to prevent future costs.

Task 1: Creating the VPC

  1. Log in to the AWS Management Console as your Admin user if needed.

  2. In the Services search box, enter VPC and open the VPC console.

  3. In the navigation pane, under Virtual Private Cloud, choose Your VPCs.

  4. Choose Create VPC.

  5. Configure the settings as follows:

    • Name tag: app-vpc

    • IPv4 CIDR block: 10.1.0.0/16

  6. Choose Create VPC.

  7. In the navigation pane, under Virtual Private Cloud, choose Internet gateways.

  8. Choose Create internet gateway.

  9. For Name tag, enter app-igw and choose Create internet gateway.

  10. On the details page for the internet gateway, choose Actions and then Attach to VPC.

  11. For Available VPCs, choose app-vpc and then choose Attach internet gateway.

Task 2: Creating Subnets

  1. From the navigation pane, choose Subnets.

  2. Choose Create subnet.

  3. For the first public subnet, configure these settings:

    • VPC ID: app-vpc

    • Subnet name: Public Subnet 1

    • Availability Zone: Choose the first Availability Zone (e.g., us-west-2a)

    • IPv4 CIDR block: 10.1.1.0/24

  4. Choose Add new subnet.

  5. For the second public subnet, configure these settings:

    • Subnet name: Public Subnet 2

    • Availability Zone: Choose the second Availability Zone (e.g., us-west-2b)

    • IPv4 CIDR block: 10.1.2.0/24

  6. Choose Add new subnet and configure the first private subnet:

    • Subnet name: Private Subnet 1

    • Availability Zone: Choose the first Availability Zone (e.g., us-west-2a)

    • IPv4 CIDR block: 10.1.3.0/24

  7. Choose Add new subnet and configure the second private subnet:

    • Subnet name: Private Subnet 2

    • Availability Zone: Choose the second Availability Zone (e.g., us-west-2b)

    • IPv4 CIDR block: 10.1.4.0/24

  8. Choose Create subnet.

  9. After the subnets are created, select the check box for Public Subnet 1.

  10. Choose Actions and then Edit subnet settings.

  11. For Auto-assign IP settings, select Enable auto-assign public IPv4 address and then choose Save.

  12. Repeat steps 9-11 for Public Subnet 2.

Task 3: Creating Route Tables

  1. In the navigation pane, choose Route Tables.

  2. Choose Create route table.

  3. Configure the settings for the public route table:

    • Name: app-routetable-public

    • VPC: app-vpc

  4. Choose Create route table.

  5. If needed, open the route table details pane by choosing app-routetable-public from the list.

  6. Choose the Routes tab and then Edit routes.

  7. Choose Add route and configure these settings:

    • Destination: 0.0.0.0/0

    • Target: Internet Gateway, then choose app-igw

  8. Choose Save changes.

  9. Choose the Subnet associations tab.

  10. Scroll to Subnets without explicit associations and choose Edit subnet associations.

  11. Select the two public subnets (Public Subnet 1 and Public Subnet 2) and choose Save associations.

Next, create the private route table. 12. In the navigation pane, choose Route Tables. 13. Choose Create route table and configure the settings: - Name: app-routetable-private - VPC: app-vpc 14. Choose Create route table. 15. If needed, open the details pane for app-routetable-private by choosing it from the list. 16. Choose the Subnet associations tab. 17. Scroll to Subnets without explicit associations and choose Edit subnet associations. 18. Select the two private subnets (Private Subnet 1 and Private Subnet 2) and choose Save associations.

Task 4: Launching an EC2 Instance

  1. In the search box, enter EC2 and open the Amazon EC2 console.

  2. In the navigation pane, choose Instances and choose Launch instances.

  3. For Name, enter employee-directory-app.

  4. Under Application and OS Images (Amazon Machine Image), choose the default Amazon Linux 2023.

  5. Under Instance type, select t2.micro.

  6. Under Key pair (login), choose the app-key-pair created in Exercise 3.

  7. Configure the following settings under Network settings and choose Edit:

    • VPC: app-vpc

    • Subnet: Public Subnet 1

    • Auto-assign Public IP: Enable

  8. Under Firewall (security groups), choose Create security group. Use web-security-group as the Security group name and change the Description to Enable HTTP access.

  9. Under Inbound security groups rules, remove the ssh rule.

  10. Choose Add security group rule. For Type, choose HTTP. Under Source type, choose Anywhere.

  11. Choose Add security group rule. For Type, choose HTTPS. Under Source type, choose Anywhere.

  12. Expand Advanced details and under IAM instance profile, choose S3DynamoDBFullAccessRole.

  13. In the User data box, paste the following code:

    bashCopy code#!/bin/bash -ex
wget https://aws-tc-largeobjects.s3-us-west-2.amazonaws.com/DEV-AWS-MO-GCNv2/FlaskApp.zip
unzip FlaskApp.zip
cd FlaskApp/
yum -y install python3-pip
pip install -r requirements.txt
yum -y install stress
export PHOTOS_BUCKET=${SUB_PHOTOS_BUCKET}
export AWS_DEFAULT_REGION=<INSERT REGION HERE>
export DYNAMO_MODE=on
FLASK_APP=application.py /usr/local/bin/flask run --host=0.0.0.0 --port=80

  14. Change the line export AWS_DEFAULT_REGION=<INSERT REGION HERE> to match your region (e.g., us-west-2).

  15. Choose Launch instance.

  16. Choose View all instances.

  17. Wait for the Instance state to change to Running and the Status check to change to 2/2 checks passed. Refresh the page if needed.

  18. Select the running employee-directory-app instance by selecting its check box.

  19. On the Details tab, copy the Public IPv4 address.

  20. In a new browser window, paste the IP address (use http instead of https).

  21. You should see an Employee Directory placeholder.

Task 5: Stopping the Instance

To prevent future costs, stop the instance.

  1. Return to the console, choose Instance state, and then Stop instance.

  2. In the dialog box, choose Stop. The Instance state will change to Stopped.

Congratulations! You have successfully set up a VPC and launched an EC2 instance for your employee directory application.

aws networkingAWSAWS Certified Solutions Architect AssociateAWS VPC