Creating & Configuring VPC From AWS Management Console (Part 1).

Amongst the 3 main types of cloud computing: private clouds, public clouds and hybrid clouds, public cloud is the one that gets a lot of people confused.

I've had a lot of people ask me (and some rant) why anyone would ever consider provisioning their workloads in the public cloud where it can be accessed by the general public. Laugh out loud, if you've ever had this thought fret not, you're not the first.

Public cloud can be confusing to those who are new to the cloud and cloud concepts as a rest of the "public" in the name. You must not however that even though the public cloud is accessible to the general public through an Internet connection, no one who you haven't explicitly given the permission or access can access your resources. Your workload in the public cloud remain private to you through virtualization.

Enters VPC

The VPC, Virtual private cloud, is a logically isolated network housing your resources in the cloud. From a security stand point, a VPC is the most important service offered by any cloud provider. Think of it as your private home network, devices outside your network cannot connect and communicate with your network without a router routing the traffic in and out.

You can also think of the VPC as your apartment in a collection of apartment buildings. Only yourself and those you allow have the permission to access your apartment.

The beauty of the virtual private cloud is that all the control resides with you, it allows you customize your networking configuration when provisioning from scratch. You choose your private IP Address range, internet gateways, subnets, and configure network access control lists.

Creating VPCs From the AWS Management Console

In the AWS management console there are two ways of creating and configuring your VPC, You can create it by manually creating all the supporting components one after the order or by creating the VPC along with all other components all at once.

It is worthy of note that every region in AWS comes with a default VPC already created by AWS for you. You can make use of it but considering that your VPCs should be project specific, you would need to create more VPCs as time goes on.

Method 1: Individual Creation of VPC and it's Components.

Before we get begin we need an action item list of the components required for the configuration of your VPC.

To fully configure your VPC, we need to create:

• VPC itself
• Subnets
• Route table
• Internet Gateway

Step 1. Login to aws.amazon.com with your Username and Password.

On your browser navigate to https://aws.amazon.com/console/

On the top right side, click on the sign in to console sign

Fill in all your details and hit sign in.

Step 2. Select Services

At the topmost left hand side of the the page, click on services, locate Networking and content delivery from the drop down and select VPC from the subcategory that appears.

Step 3. Time to Start Creating.

To create a VPC click on create VPC to take you to the VPC creation page.

Step 4. Enter your VPC Details.

Remember that VPCs are project specific so our naming conventions for our VPCs and it's components should reflect that said project.
We're naming this VPC "Sample-VPC"

Select VPC only.

Enter all the details

• Name tag [your-vpc-name][sample-VPC].

• Leave the IPv4 CIDR block on manual input to allow you specify your choice of IP address range.
  

• IPv4 CIDR Block [10.0.0.0/16] - This gives you 65,536 IP addresses to split across the whole VPC in various subnet ranges.

• Leave the IPv6 CIDR Block as is (No IPv6 CIDR Block) unless you want to use IPv6. In this walk through we won't be using IPv6.

• Tenancy, select Default.
• You can add any more tags you want that can help you identify your VPC (like department and location).

This is what our page should look like at this point. Review your selection to ensure you haven't made any mistakes.

• Click Create.

If you have successfully created your VPC you should see a green block confirming that you have successfully created said VPC.

Step 5. Creating Subnets

A subnet is a logical subdivision of an IP network. It is a network inside a network. Subnets make networks more efficient. We can use the subnets in our VPC to represent an availability zone in other to improve the availability of our resource.

We would create 4 subnets and configure 2 to be private subnets and the other 2 to be public facing subnets. Our private subnets will be inaccessible to the world wide web.

To create subnets, navigate to the left of your AWS management console and select Subnets as shown in the image.

Select "Create Subnet"

• Select the VPC we just created from the drop down at the provided area. Be sure to select the correct VPC in order to avoid misconfiguration.

Subnet settings

Remember we are creating 4 subnets, in two availability zones. 2 that we would configure to be public facing and 2 that would remain private.

Ensure to select the IPv4 CIDR blocks that do not overlap.
Below are the IPv4 CIDR blocks we would use for our 4 subnets

• 10.0.0.0/24 (Sample-Public-1A)
• 10.0.1.0/24 (Sample-Public-1B)
• 10.0.2.0/24 (Sample-Private-1A)
• 10.0.3.0/24 (Sample-Private-1B)

Subnet 1

• We will name our first subnet "Sample-Public-1A" VPC name specifying public or private and then AZ (we do not specify region because we are provisioning our VPC to only one region in this tutorial.

• Select the correct AZ in the region your VPC is located.

• Enter the IPv4 CIDR block for Sample-Public-1A, 10.0.0.0/24

• Click "Add new Subnet"

Subnet 2

• Enter the name "Sample-Public-1B".

• Choose a different AZ zone from subnet 1 but in the same region as your VPC.

• Enter the IPv4 CIDR block for Sample-Public-1A, 10.0.1.0/24

• Click "Add new Subnet"

Subnet 3

• Enter the name "Sample-Private-1A".

• Choose the same AZ zone as subnet 1 in the same region as your VPC.

• Enter the IPv4 CIDR block for Sample-Private-1A, 10.0.2.0/24

• Click "Add new Subnet"

Subnet 4

• Enter the name "Sample-Private-1B".

• Choose the same AZ zone as subnet 2 in the same region as your VPC.

• Enter the IPv4 CIDR block for Sample-Public-1A, 10.0.3.0/24

• Click "Create Subnet"

Confirmation that we have successfully created 4 subnets.

Step 6. Creating Internet Gateway.

Merely naming your subnets public and private does not automatically make them public and private, your internet gateway is the trigger. To provide internet access to the subnets in your VPC you need to attach an internet gateway to a Route Table.

We will create our Internet gateway before our route tables so that it is readily available to attach to the route table once it is created.

• To create the Internet gateway navigate to the left hand side of your management console and click on "Internet gateways".
  

• Click on the "Create Internet Gateway"
  

• This one is pretty straight forward. Enter the name (Sample-IGW in this case) and then click "Create Internet Gateway".

• Time to attach our Internet Gateway to our VPC. Upon successful creation of our Internet Gateway we would get a message informing us about the internet gateway that was just created, we can click on the "attach to VPC" in that message or click on "actions" and select "attach to VPC" from the drop down.

• Select our Sample-VPC
  

• Click "Attach Internet Gateway"
  

• We have successful attached our Internet Gateway to our VPC.
  

Step 7. Configuring our Public Route Tables.

A Route table defines a set of rules called routes, that is used to determine where network traffic is directed in your VPC. Each subnet is always associated with a Route table and Route tables can span across multiple availability zones (subnets).

By default, AWS creates a route table for us whenever we provision a VPC. We would use that as our Public route table and create another one to use as our Private route table. Then associate both route tables with our Public and Private subnets.

• On the left hand side of your management console, select Route Tables.
  

• We can find the Sample-VPC route table AWS created for us in two ways:

  1. By using the search function on the top of the page to search, enter the VPC name and search.
  2. Or by expanding the VPC column on the table and picking out the route table associated with the Sample-VPC.
  3. When we find the route table, we need to rename it so that it is not hard to find consequently. Rename it to "Sample-Public-RT"
  4. Click "Save".

• Next we edit the subnet association, to associate our public subnets to this route table.

  1. Check the box close to the name of the route table.
  2. Click the "actions" option.
  3. Select "Edit Subnet Associations".

• AWS brings up all subnets belonging to the VPC associated with the route table we are working on.

  1. Check the boxes of all your public subnets, as this is the public route table we would be editing the routes to allow in internet connectivity to the public.
  2. Click "Save Associations"

• Success
  

• Let's configure our route next. With our Sample-Public-RT box still ticked there are two ways we can get to the page to edit our route table.

  1. You could click on "Actions" and select "Edit Route" from the drop down menu. OR
  2. You could scroll to the bottom of the page, click on the "Routes" column and select the "Edit Route" box at the top right side.

• When the page opens up we see that AWS has configured a default route for us already, leave that as it is. Click on "Add Route".

• Under Destination enter 0.0.0.0/0 and to the right, click on the space provided for Target and select Internet gateway.

• As we already attached our Internet gateway to our VPC we would be given that internet gateway to choose (Sample-IGW), select it and click "Save Changes".

• We have successfully completed this task.

Step 8. Route Table

We will speed through this process because you should have a good understanding of the process at this point.

• Click on "Route Tables" on the left and Click on "Create Route Table"

• Enter the name of your route table (Sample-Private-RT in this case), attach it to our Sample-VPC and click "Create Route Table".

• Edit subnet association.
  1. Click on "Actions"
  2. Select "Edit Subnet Association"

• Choose the 2 Private subnets we created earlier and save changes.

There's more

The last step is to Edit the route of this route table.

We won't be doing that in this post. What you should know is that you can allow your private subnets access the Internet through a mask while denying traffic back into the subnet directly, therefore ensuring it remains private.

To do this we use a Nat Gateway.

In other post I would be showing you how to add a NAT gateway to your Private route table along with the Elastic IP, how to clean up and all other things beautiful.

It's been one very long post. Thanks for sticking to the end, hope you learnt something.