VPC with one public subnet and one private subnet

In this article I will show how to create the following setup:

  • a VPC with two subnets: a private and a public one
  • the public subnet will contain the Internet facing stuff, for example a web server
  • the private subnet will contain the stuff that should not be accessible from Internet, for example, a database
  • however, machines in the private subnet should be able to access Internet (for software updates)

The setup is pretty much what the following diagram shows:

Create the VPC

A VPC is a logically isolated network in the AWS cloud. For creating a new VPC follow the steps below:

  • Go to Services > VPC > VPCs > Create VPC, fill in the following:
  • Name tag: the name of the VPC
  • IPv4 CIDR block: the range of the IP addresses for the VPC; for example, 192.168.0.0/16 – specify an IP range from 192.168.0.0 to 192.168.255.255 (first 16 bytes of the IP address are fixed)

Create the SUBNETS

At this point, there is no difference between our two subnets. So, follow the steps below for both:

  • Go to Services > VPC > Subnets > Create subnet; fill in the following:
  • Name tag: the name of the subnet; for example, “web” for the public one and “db” for the private one
  • VPC: select the VPC created above
  • Availability Zone: the subnet will be created under an AZ specified by this field
  • IPv4 CIDR block: the IP address range for the subnet; it should be a subset of the IP range defined on the VPC; for example, 192.168.1.0/24 specifies an IP range between 192.168.1.0 and 192.168.1.255; the two subnets IP ranges should be disjoint

Give Internet access to the public subnet

First, we need to create an Internet Gateway.

  • Go to Services > VPC > Internet Gateways > Create Internet Gateway
  • Fill in the Name tag, the only field needed

Then, the Internet Gateway should be attached to our VPC

  • Select the Internet Gateway created above
  • From Actions choose Attach to VPC
  • Select the VPC create at the first step

Then, we need to create a Route Table. A route table will allow our public subnet to access the internet through the Internet Gateway

  • Go to Services > VPC > Route Tables > Create Route Table; fill in the following:
  • Name tag: the name of the route table
  • VPC: select the VPC created at the first step

Then, we need to configure the route table:

  • Select the routing table and go to Routes; by default, a route table know how to route traffic locally withing the subnet that will be associated to
  • Click Edit and Add another route; fill in the following:
  • Destination: 0.0.0.0/0 – this means any IP in the subnet will be able to access the Target
  • Target: the Intenet Gateway created above

And the last thing, associate the route table created above to the public subnet (web):

  • Select the routing table and go to to Subnet Associations
  • Click Edit, select the public subnet and Save

 

 

Categories:

Leave a Reply

Your email address will not be published. Required fields are marked *