With Amazon Virtual Private Cloud (Amazon VPC), you can create a special virtual network for your AWS stuff. It's like having your own private space in the cloud, similar to how you'd organize things in your own computer room. The cool part is, you get all the advantages of AWS's big and flexible system.
This is an example diagram from Amazon docs showing an example of a VPC that has one subnet in each of the Availability Zones in the Region, EC2 instances in each subnet, and an internet gateway to allow communication between the resources in your VPC and the internet.
Here's a list of what components you need to make this happen:
my-cool-vpc
.
my-cool-kp
.
public-sg
: This will be attached to Internet
facing resources.
private-sg
: This will be attached to private
resources.
web-server
.database-server
.public-subnet
.private-subnet
.default
.private-rt
.my-cool-ig
.
my-cool-natgw
.
Simply follow these steps to create your own VPC.
my-cool-kp.
my-cool-vpc
with a
CIDR of 10.0.0.0/16
.default
. 10.0.1.0/24
: public-subnet
.
10.0.2.0/24
: private-subnet
.
public-sg
will have 2 inbound rules:
private-sg
: will have 1 inbound rule
public-subnet
)
public-subnet
: associate it with the
default
(which can be accessed from the Internet)
route table.
public-subnet
: associate it with the
private-rt
.
web-server
, attach it to
public-subnet
, enable Auto-assign public IP and select
public-sg
for the security group.
database-server
, attach it to
private-subnet
, enable Auto-assign public IP and select
public-sg
for the security group.
Assigning a public IP address and linking it with the
public-sg
may seem illogical, but this is solely for
testing purposes.
After completing the testing phase,
terminate this instance and deploy a new one without a public IP
address, attaching the private-sg
to it.
webserver
accessable from the internet: you should
be able to ssh
your webserver
from the
internet. ✅
database-server
accessable from the internet: you
should not be able to
ssh
your database-server
from the
internet. ✅
database-server
accessable from
public-subnet
: you should be able to
ssh
your database-server
from the
webserver
. ✅
webserver
have Internet access: you should be
able to update your EC2 isntance using
sudo yum update -y
. ✅
database-server
have Internet access: you should
be able to update your EC2 isntance using
sudo yum update -y
. ✅
And there you have it, VPC pros! Your AWS VPC adventure awaits - keep those cloud vibes strong and enjoy crafting your virtual networks. Until next time, happy cloud surfing! 🚀☁️