Monday, 11 September 2023

AWS VPC Tutorial

 Configure custom Amazon VPC and provision web server in public subnet of the VPC.


Objectives:

1. Learn to design and implement custom Amazon VPC.

2. Learn to provision a web server in public subnet.

3. Learn to provision NAT gateway.


Step 1: In AWS Management Console, go to VPC service. In VPC side Panel, click Your VPCs. Your default VPC is visible in this window. Click on Create VPC.

In VPC settings:

Name tagmyVPC

IPv4 CIDR block10.0.0.0/16

Keep rest default, scroll down and click on Create VPC. In the next successful creation window, click on Actions -> Edit DNS Hostnames.

Check the Enable box and Save changes.


Step 2: Go back to VPC dashboard. Click on Subnets. Here there would be existing subnets of default VPC. Click on Create Subnets.

Select myVPC from drop down.

Configure Subnet settings as follows:

Subnet Name: myPublicSN

Availability Zone: ap-south-1a

(The above values may vary according to your own region, subnets and requirements)

IPv4 CIDRs: 10.0.0.0/24

Keep the rest values default, scroll down and click on Create Subnet.

Select the myPublicSN, go to Actions -> Modify auto-assign IP settings

Check the Enable auto assign public IPv4 address. And click Save.

Go back to Subnets, click on Create Subnets. Select myVPC from drop down.

Configure private subnet according to following configurations:

Subnet Name: myPrivateSN

Availability Zone: ap-south-1b

(The above values may vary according to your own region, subnets and requirements)

IPv4 CIDRs: 10.0.1.0/24


Step 3: In VPC console side panel, go to Internet Gateways. Click on Create internet gateway.

Provide Name tagmyIGW.

Keep the defaults as is, scroll down and click on Create internet gateway.

In the successful creation window, click on Actions -> Attach to VPC.

Select myVPC from drop down and click on Attach internet gateway.


Step 4: Go back to VPC service console. Select Route Tables. Here we create 2 route tables.

Click on Create route table.

Provide following configurations:

Name TagPublicRT

VPCmyVPC (from drop down)

Click on Create button.

Follow the same procedure to create Private route table.

Go back to Route Tables. Click on Create route table.

Provide following configurations:

Name TagPrivateRT

VPCmyVPC (from drop down)

Click on Create button.


Step 5: Go back to Subnets. Select myPublicSN. Go to Actions -> Edit route table associations.

Select the PublicRT from drop down. Click on Save.

Go to Actions -> Edit Routes.

Configure as follows:

Destination: 0.0.0.0/0

Target: myIGW (from drop down)

Click on Save Routes.

Go back to Subnets. Select myPrivateSN. Go to Actions -> Edit route table associations.

Select the PrivateRT from drop down. Click on Save.


Step 6: In VPC console side panel, click Security Groups under Security.

Click on Create security group.

Configure it as follows:

Security group name: MyWebServerSG

Description: Security Group for EC2 Webserver in custom VPC

Select myVPC from drop down.

Add three rules under Inbound Rules:

1. Type: HTTP

Source: 0.0.0.0/0

2. Type: HTTP

Source: ::/0

3. Type: SSH

Source: 0.0.0.0/0

After adding the rules, scroll down and click on Create security group.

Now also create a database security group. Go to Security Groups under Security.

Click on Create security group. Configure it as follows:

Security group name: MyDatabaseSG

Description: Security Group for RDS Database in custom VPC

Select myVPC from drop down.

Add three rules under Inbound Rules:

1. Type: SSH

Source: 0.0.0.0/0

2. Type: MYSQL/Aurora

Source: MyWebServerSG (The Security group created above for ec2 webserver instance creation)

After adding the rules, scroll down and click on Create security group.


Step 7: In VPC console, go to NAT Gateways. Click on Create NAT gateway.

Configure as follows:

Name: myNATGW

Subnet: myPublicSN

Elastic IP allocation ID: Select the Allocate Elastic IP option

Scroll down and click on Create NAT gateway.

Go back to Route Tables. Select PrivateRT. Go to Action -> Edit Routes.

Add route with following configuration:

Destination: 0.0.0.0/0

Target: myNATGW

Click on Save routes.


Step 8: In AWS console go to EC2 services. Select Instances.

Click on Launch instances.

Select Linux 2 AMI.

In next step keep the default t2.micro.

In next step, Configure Instance Details, select:

Network: myVPC

Subnet: myPublicSN

Scroll down to Advanced Details. Under User data, in the text box, provide the following script:

#!/bin/bash

yum -y update

yum -y install httpd

chkconfig httpd on

service httpd start

echo "<html><h1>Hello! How are You? This is your Web Server!</h1></html>" > /var/www/html/index.html

In next step keep default storage selection.

In next step add tags as follows:

Key: Name

Value: MyWebServerForVPC

In next step, click on Select exiting security groups radio button. Select the MyWebServerSG created previously.

Select the key pair, and launch the instance.

Copy the Public IPv4 address, run it in a different tab and test the web server instance.

If you no longer need this infrastructure, make sure to dissociate and release the elastic IP address, delete the EC2 instance, NAT gateway and the custom VPC.