VPC is a virtual private cloud. It’s a secure, isolated private network on the AWS cloud platform. VPC customers can host different AWS services within VPC
Components of VPC
- Subnets like public and private
- VPC and subnet CIDR
- Route table
- Internet Gateway
- NAT Gateway.
- Security Group
- Elastic IP
Subnet: It is a portion of the network that shares a common address space. All devices whose addresses have the same prefix are in the same subnet. Ex: – 10.0.0.0/24
VPC: It’s a private network in the AWS cloud. Resources within VPC can communicate with each other.
Route Table: It’s a set of rules, which determine where the network traffic directed.
Internet Gateway: It’s a VPC component, that helps instances to communicate to internet.
Security Group: Its instance a specific firewall. Control the application traffic.
Elastic IP: It’s a public, statically assign to instance.
Types of VPC:
Default VPC and Custom VPC.
|Default VPC||Custom VPC|
|1) Created by AWS when you create new account.||1) Created and configured by you for EC2 instances|
|2) We need to create Subnets, NAT gateway, Internet Gateway, Security group etc.|
- Create VPC: – VPC name: – VPC-01
CIDR: – 10.0.0.0/16
- Create Subnet: –
- Create subnet as PrivateSubnet in any of AZ in region using CIDR 10.0.0.0/24
- Create subnet as PublicSubnet in any of AZ in region using CIDR 10.0.1.0/24
- Create Route Table
- We need two route table as PublicRT and PrivateRT
- Rename default route table in VPC-01 as PublicRT and associate PublicSubnet to it
- Create new route table as PrivateRT and associate PrivateSubnet to it.
4)Create Internet Gateway: – It’s a VPC component that helps instances to communicate over the internet using targets provided in route table.
- Internet Gateway Name: TestIGW and attach it to VPC-01
- Edit PublicRT: Add rule 0.0.0/0 pointing to TestIGW
5) NAT Gateway: It enables instance in private subnet to access the internet or other AWS resources, but prevent the internet from initiating connection to the instance.
- Name: test-nat-gateway
- Subnet: PublicSubnet
- Allocate Elastic IP — > create
6) Update PrivateRT
- Add rule 0.0.0/0 connect to NAT Gateway.
7) Create VM in PublicSubnet and PrivateSubnet. Keep both VM in the same security group.
- For VM in PublicSubnet, Enable Public IP
- For VM in PrivateSubnet, don’t assign Public IP.
- Open ICMP traffic through the Security Group associated with EC2 instances.
8) Now VM in PublicSubnet and PrivateSubnet can communicate with each other using ping command.
Author: Amol Shende
IT Education Centre Placement & Training Institute
© Copyright 2023 | IT Education Centre.