AWS how to setup VPC, Public, Private Subnet, NAT, Internet Gateway, Route Table? - (Part-5)

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

welcome back to another chapter of this AWS series and in this chapter we are going to focus more onto the networking concept and when we are talking about the networking concept then I'm talking about the VPC public subnet private subnet how to create your internet gateway how to create your route table and how to provision your resources for example ec2 or any other resource inside your public as well as into your private subnet so I would highly recommend to pay careful attention onto this networking concept because these networking concept are going to used quite a lot when we will move ahead into another chapter and another topics so without further Ado let's jump into the topic and start setting up your own uh whole VPC Network to begin with here you can see this is our targeted uh setup which we want to achieve once we start setting up our VPC public subnet and private subnet so here onto the screen you can see the first box which I have denoted as a AWS so this is our AWS Cloud account or you already have signed up for AWS account so that's the boundary of our AWS inside that AWS you will find another uh rectangle which is a VPC so this is our virtual private Cloud so consider this VPC as a data center so you're trying to set up a data center on AWS account and this VPC in in this VPC you're just going to create all the resources whether you're just going to create a ec2 instance whether you're just going to create a Lambda whether you're just going to create ECS service kubernetes so everything we will all inside this VPC so that's why we are calling it as a VPC or in other words we can also call it as our data center or we can say it as a virtual data center also now inside the data center you just need to create more networking and in the terms of networking what I mean to say is we need to create our public subnet where we will put our resources which is publicly accessible uh via internet so that's why we are just going to create our public subnet which you can see over here and for example I have just put a ac2 instance over here and on the right hand side you will find another subnet which is our private subnet where we will be putting more resources but these resources are a little bit specific which we don't want to expose to the Internet so that's why we call it as a private subnet and we want to create those resources inside that private subnet and so what's the example of a private subnet and why do we need it so for example if you're having an web application so any web application the web pages or the web part of that application will reide onto your public subnet on our ec2 install this is just an example I'm taking over here so anything which is accessible to a public will be putting will be put onto our public subnet and anything which is not accessible to public or a client then we will put on to private subnet so I'm taking again the same example of our web application so any web application if you just trying to create then it will have a database so we are just going to create our database into the private sub net because database doesn't need to be accessed to by another person so this database will only be accessible by our web application so the web application frontend part will reside onto our public subnet but the database side will always reside onto private subnet because we don't want to expose our database to uh uh internet or to the other person so that's why uh we need to keep our database inside our private subnet so that's the basic difference between our public and the private subnet AP apart from that you might see over here there are IP ranges which I have created so here at the bottom you will see that 12.0.1 /16 so that's the IP range I'm just going to assign for my VPC and once I assigned that IP range then all the public subnet and the private subnet which I'm just going to create should fall under that particular range so here I'm just going to then again assign the range 12. 1.024 for my public subnet and then 12.02 SL 24 will be my private subnet IP so these are the CER uh IP ranges so just read about the CER so these are the CER range we will assign inside my VPC so those are necessary because uh any instance which you will uh create inside those public subnet and private subnet will fall under those IP ranges so that's a key uh thing which you need to keep in mind when you are working with this a VPC and when you're trying to set up the public and the private subnet now talking about the next concept which is internet gateway which you can see over here so internet gateway as the name suggests it's a Gateway for accessing the internet so any resource which is present onto your public subnet will have an access to Internet although you can configure like which resource you want to provide an internet access or not but in general any resource which is present onto public subnet should have an access to Internet gway and for that purpose we just need to create an internet gway into your AWS account which needs to be associated with your public subnet so that this any resource which will be created inside this public subnet so here an example which I'm taking is ec2 but if you create another EC to instance then that will also have an access to the internet so that's the main reason which we need for which we need to create an internet gway and we need to associate that internet gateway with our public subnet all right the next important thing which we need to know before we begin onto the demo s side of this particular chapter which is a route table so route table is and these route tables it's not common but we need to create a route table for our public subnet as well as our private subnet so these route table will be able to Route the traffic or route the request between our internet gateway in and into our public subnet as well as into our private subnet so these are the key component which we need to set up for setting up our VPC or our virtual data center so that we can place our resources inside those public as well as private subnet all right so now we know what we need to do so let's first start with our first block which is our AWS account so this is our AWS boundary and if I go back to my AWS console over here then you can see this is my AWS account so that's our first building block you need to have an AWS account secondly we need to create a VPC so this is our VPC boundary so how to create a VPC so go back to your AWS console over here and in the search box just type VPC click on this VPC link and here you will find quite a lot of option but don't don't just get confused over here so here you will find a create VPC button and if you don't find that create VPC button then here is a link for creating the VPC so click on this VPC and here you will find there is one VPC which is already existing so this vpcs are created by default when you create your AWS account but for this chapter we are just not going to use this default VPC but we are just going to create our own VPC so here onto this uh AWS console or AWS UA you will find this orange color or yellow color button for create VPC so click on it and here we need to enter the details about our VPC so here I'm just going to enter the details so first thing which I'm just going to put over here is test uh let's set test VPC here we need to specify the IP range for uh my VPC so for that I'm just going to copy my IP range from my notepad and put it over here so this is the IP range which I'm just going to assigned so which we also call it as a cider and here we need to choose other options so for tency I'm just going to keep it default I just don't want to use the tency and after that the tag we can check over here so the tag name is this and we are just going to use the value which is test VPC so that's the minimum thing which you need to provide for creating the VPC once you fill in those details then just go here and click on create VPC and here you can see our VPC has been created and you can check uh Again by going clicking over here here and now you should see there are two vpcs so click on this VPC and here you can see this is the default VPC which has been provided and this is the test VPC which we have just created moving further the next resource which we need to create is the internet gateway so that we can associate that internet gateway with the public subnet and private subnet but first of all let's go to our AWS console and create our internet gway so go back to your uh VPC or the AWS console and here on the left hand side you will find an option to create an internet gateway which is just below the route table so click on this internet gateway over here and here you will see that there is a one Gateway which has already been created so you don't need to use that internet gateway or maybe I have just created in past so that's why it is there but I'm not just not going to use that internet gway but instead I'm just going to create a new one so here click on this internet gway button and here you can just type uh I am just going to put internet gateway this is a short abbreviation for test uh yeah that should be quite Okay Internet gway test just click on create internet gateway and just go onto internet gateway and verify that you have created so here you can see internet test has been created internet gateway test has been created after creating the internet gateway the key thing which you need to look over here is this internet gateway is not associated with your VPC and how will you know so here this is the internet test Gateway which you can see but here in the the straight uh column you will find an option which is detached that means this is an internet gway which we have created but it has not been attached with any VPC so for that we need to attach this particular internet gateway so for that what I'm just going to do I'm just going to click on this internet gateway ID which is present over here so click on here go to actions and here you will find uh attached to VPC option at top so click on it and here you need to select the VPC so as you know we have just just created our test VPC so just click on this test VPC and click attach internet gateway and here you can see our internet gateway is now attached with our VPC which we have just created and which you can verify again just click on internet gateway and here you can see this test internet gateway has been now attached now moving back to the slide the next resources which we need to create after creating the internet gateway is the public subnet and the private subnet so now we have the VPC we have the internet get way and internet gway is now attached with our VPC but now we need to create our public subnet and the private subnet so again I'll go back to my AWS console and I will just uh go into my VPC section and here you just need to click on the VPC dashboard and here we will find an option for subnet so either you can click on click over here in this particular tiles or you can on the left navigation you can also click on the submit so I'm just going to click on submit and here you will find the three subnet which already exist so I'm just not going to use those three subnet those are the default subnet which which has been assigned to you from AWS when you have signed up for AWS account so here we just need to create our own subnet so click on this uh create subnet button over here and here you just need to select the VPC now you might get the feel of VPC here so here if I go back to the slide then here you will see now we are working inside the boundary of VPC so any resource which we are going to create we need to attach or we need to create within that particular VPC and which is going to be our virtual data center so here I'm again just going to create this select the same VPC which we which I have created earlier so here I'm just going to go over here and I'm just going to select test VPC and here we just need to enter the private subnet or public and private subnet detail so first of all let's create uh the test uh public subnet and I'm just going to put 1 a I'm just going to show you why I'm putting it 1 a so we need to put the availability Zone since I'm in Europe so that's why I have choose like a Europe central region but in case if you are present in any other uh part of the world then just select the uh that particular reason and in that region you will find a multiple availability reason and why we need to choose this availability reason is because of high availability so that you you will not have many downtime and you will have a maximum availability of resources from AWS site so here I'm just going to choose EUR Central 1 a here we need to specify the IP range and again remember we need to specify the IP range of our VPC which we have created so we have created 12.0.1 do0 for our VPC so we will we will work on that same IP range so we are just going to assign 12.0 1.024 so I'm just going to copy this uh particular IP range go back to my console and past it over here so this is going to be the public uh subnet IP range or the CER block all right so we have the text and the tag name is test public subnet 1 that's fine so now this is the first public subnet we have created let's add one more subnet and now we are just going to create a private subnet so here I'm just going to copy the name as it is and I'm just going to rename it and make it as a public instead of instead of public I'm just going to put it as a private availability zone I'm just going to choose 1 a again because we can create a multiple subnet over here we can create a public and private Subnet in one EU Central 1A and then we can create another public and another private subnet inside EU Central 1B which you can see over here which which is present over here you can see 1 b or 1 C so with that what you will have you will have a maximum availability but for the demo purpose I'm just going to create a one subnet one which is public and one is private subnet okay so now we have a specified our private subnet also just I'm just going to specify the private subnet range so I'm just going to put uh let's say uh 3.0 over here all right so now in the tag section you can see uh it has already created the tax for me and after that you can just verify all these detail for VPC public subnet private subnet and once you are satisfied with these details just click on create subnet and here you can see uh these are the subnets which has been created right now so we will go again to the dashboard over here and here uh if you are like confused like how to navigate between these options so what you can do the good option would be on the left hand side you will find an option for a VPC so here just select the test VPC and all the resources which are present into this VPC will be visible ible over here so just go to subnet and here you can see the subnet which are created only into this test VPC so now we have created the subnets now after creating our internet gateway public subnet private subnet the next thing which we need to create is the route table so here you can see this is the route table which we need to create and we are just going to create a route table for our public subnet as well as for our private subnet so let's go back to our AWS console and here just click on this VPC dashboard because all options are available here into our VPC dashboard so here on the left hand side you can click on this route table and here just here you will find a one default route table but we are not going to use that default route table but instead we are just going to create a new one so click on this create route table and here I'm just going to uh put the name so first of all I'm just going to choose a abbreviation RT for root table and here I'm just going to put test public for our public subnet here again we need to choose the VPC so the VPC is our test VPC because all the resources we want to create inside the test VPC so that's the reason okay so here again just verify the tax the key is name and the value is RT test public so just click on create route table over here all right so now our uh route table uh public route table has been created which we will be used for our public subnet but creating a route table is not sufficient enough we need to provide a route so that it can access the internet for that what we need to do we just need to click on edit route so remember we are into this test public route which will be associated with our public subnet and public subnet needs an internet access so for that we need to create a route and for that you just need to click on this edit route option over here and here you will see this is the IP which is our internal IP so right now this route table doesn't have a internet access for that we need to create a route so click on this a route and just enter the IP which is 0.0.0 which means it can it can be accessed over internet and it has an access to Internet all right the next thing which we need to put is Target so Target is like from where it's it's going to get the internet so for that we are just going to choose the internet gateway which we have just created so just click on internet gateway over here and here you will find the internet gateway test which we have just created which will be responsible for providing providing all the internet access so I'm just going to click on this one so now you can see uh we have created a route table and this was our default route which was internal but now we have created a internet route with this IP address all right so now that's been done just click on Save changes and here you can verify the routes once again so this is our public route for internet access and this is our private route so this route table has an access to Internet as well as internal access let's take a look onto the diagram once again again and try to see what pieces are missing so now we have the VPC we have the internet gateway and that internet gateway is now assigned to our route table over here but one thing which you see over here our route table is not associated with our public subnet yet so we need to associate our route table with our public subnet we have just created a route table and we have just associated with our internet gateway with routes so what we need to do just go back over here and into our public route table go to your subnet Association into the uh subnet Association you will find an option for edit subnet Association so click on edit subnet Association and here you will find the subnets so we have created one public subnet and one private subnet but since we just want this route table to be associated with our public subnet so that it has an internet access so I'm just going to select only one subnet over here which is our public subnet click on Save Association and now you can see see uh we have our public subnet which is associated with this particular route table now we have just finish our public route table the next route table which we need to create is for our private subnet so here in the diagram uh so here you will see although I have just uh mentioned the route table I have not specified whether it's a public or private but we need to have a two route table so one route table for public subnet which we have already created now we just going to create for private subnet right so go back to your AWS console click on this route table and here you can see we have already have a public uh route table just click on create route table for creating our private so I'm just going to paste the name and change the name to the private again we need to select the VPC under which VPC we want to create so here I'm just going to select test VPC and then I'm just going to click on create route table and here you can see our route table has been created the next thing which we need to do we we need to create a subnet Association remember this is our private subnet this is our private route table which will be associated with our private subnet so we don't need to provide an internet route which we have done previously for our public route table but this is going to be a private route table with private subnet and it doesn't need an internet access so we are just not going to create any routes over here we will directly jump to the subnet Association click on subnet click on edit subnet Association and here I'm just going to choose only the private subnet this time click on Save Association and here you can see our subnet is associated our private subnet is associated with our route table test private so that's how you're just going to create a route table and then you're just going to associate the private subnet with our route table okay so now our basic skeleton networking setup is ready and the next thing what we need to do over here we just need to create a resource inside our public subnet so here you can see we are just going to create an ec2 instance into our public subnet and we are just going to SSH into from my local machine into my ec2 instance so that's going to be the next step which we are going to perform and for that what we need to do we just need to go back to our AWS console over here uh go to AWS homepage because we are done with our VPC setup and all the networking setup which is needed so here we need to click on the ec2 or you can just go to search box and type ec2 over here click on ec2 and here you can see uh this is our ec2 dashboard and here you can see no instances are running so click on this uh uh instances and here you can see nothing is running so either you can create a instance or easy to instance from here or either you can go back and click on launch instance so I'm just going to go over here and click on launch instance over here so here you first of all need to put the name or assign the name for your ec2 instance so I'm just going to put test ec2 uh public subnet instance so that's just a name I'm just going to put for this particular demo I'm just going to choose Ubuntu I'm just going to stick with my free tier because this is I'm doing it for the demo purpose so I'm just not going to use some higher or more powerful CPU okay so I'm just going to keep the things default over here 64bit that's okay t2. micro because yeah I'm just going to stick with a lower bare minimum CPU the key pair so here uh I have already created the public key and the private key and if you don't know like how to create a public key and the private key then just check my previous chapter where I have explained like how to create your public key and the private key which will be used for your uh ec2 instance so that's a key thing which you need to keep in mind and in case if you you haven't created uh the public key and private key then you can just simply click on this create create a new key pair and that will create a public key as well as the private key so I'm just going to show you briefly over here so if you click on create new pair so here you will put for example test uh key pairer and then just click create key pairer and once you click on this then it will just download you the private key that test key pair. Pam this is the private key which will be downloaded onto your local system so that you need to keep it with you and the public key is already being associate created over here so here you can see test key pair so this public uh this public key has already been created and that is present onto your AWS console so that's how you're just going to create the public key and private key so since I have already created and I already have a copy of that key with me so I'm just going to use this AWS ec2 uh terraform Pub this is the public key which I generally use but in case if you're creating a new key then just select that one that's absolutely okay so just in case that's the only change uh you will see over here so here I'm using my own key but in case you are creating a first time then just use that particular key which is test key pair and which might be different for you so I'm just going to select this one go further and here you will find the network settings so here you need to pay careful attention because all the setup networking setup which we need which we have done previously we need to use it over here so click on edit over here so here you need to choose the VPC so this is not the VPC we have created we have created a test VPC I'm just going to select that one here we need to choose the subnet so I'm just going to choose the public subnet because here if you take a look onto the slide so we are just creating E2 into our public subnet so I'm just going to select public subnet over here go again further and then Auto assign the public IP since this ec2 instance is going to be available publicly so that we can access or we can SSH into this particular instance so we need to assign a public IP so we need to enable this option so that we get a public IP all right so here uh the next thing is the create Security Group that's a one more important thing so I'm just going to name the security group test EC I'm just going to put test ec2 Security Group and in this Security Group which we I'm just going to keep the same into description that's should be okay so here we need to keep put more attention onto the SSH part because we want to SSH into this ec2 instance using the public IP so for that we need to enable the type SSH Port 22 and Source type can be accessed from anywhere so I'm just keeping it anywhere so that I can access or anyone with the IP and the private key can access this particular ec2 instance all right so now we have done the Security Group also then next we are just going to check I'm just not going to check any advanced networking uh configuration we are just going to skip that part which is not needed at this point configuration storage so I'm just going to go with the 8 GB of uh memory uh sorry 8 m uh GB of our uh disk space over here after that into advanced detail I'm just not going to choose anything over here we don't want spot instances right now and once we are done with these many uh like options which we have fill in already then we can just go ahead and click on launch instance so I'm just going to click on launch instances and I'm just going to click on this I uh this is the uh instance ID which generally generated from the AWS so click on it and here you can see the state is in pending so you just need to refresh it and it will be in a running State and here you can see the instance is now into our running State all right so now we have created our whole VPC with our public subnet private subnet internet gateway route table and also we have uh started an ec2 instance onto our public subnet the next thing which we need to do is we need to SSH into our ec2 instance so this is the ec2 instance which is running so just click on this instance ID so that we can see the details so here we need to pay careful attention onto some of the IP addresses so we will be mostly interested into this public IP which is generated by AWS so I'm just going to copy this public IP address and here you will find all other detail like the host name the private IP the public IP for DNS uh elastic IP if you have created an elastic IP the instance type so all those details are available over here so in the networking also you can see the details uh associated with our ec2 instance which is a subnet uh and your VPC so all those details you can see over here but let's copy the public IP address from here and we just wanted to SSH from my local laptop so in in case if you're are using Windows then you can use puty and since I'm using Mac so I have a terminal over here so which is just similar to the puty so here I need to first of all check onto my private key so I'm just going to run the ls and L commands to see my private key so the my private key is AWS ec2 terraform this is the private key which I have already created and while I was creating an ec2 instant I showed you that there is a test key pair which I have created created so in case you are creating the keys for the first time then this is the key which you need to use test key.pem so that will be your private key for this SSH uh utility all right now uh we have copied the public IP address we have uh our terminal ready we already have our private key which is present over here onto the same directory so I'm just going to clear this terminal but how to SSH into this ec2 instance so what you need to do you just just need to go to connect over here go to SSH client and here you will find the instructions so locate your private key uh which is this one uh which we have already located in this case this name Will differ because you might have created some different uh key with different name then we need to change the permission of that particular key which is 400 because whenever you create a key then you will have a very big bigger permission or very broad permission so what you need to do you just need to run the command I'm just going to copy this command CH mode 400 and the key name which is this one this is my private key but in case you will have a Pam also that's absolutely fine that's not a problem so just hit enter after that you just need to follow the next instruction to SSH into your uh Ubuntu or your Linux machine so here this is the command just copy paste it over here but you need to modify this particular command so here I'm just going to change I'm I'm not using the PM file but I'm just using a simple private file without any extension and then you need to remove all this part so in case if you're are having a Pam file then just put Pam extension at the end otherwise it's just okay so here this is the command which you need to create to SSH into your ec2 instance and once you have created this command just simply hit enter uh are you sure you want to connect type yes and here you can see now we have entered into our Linux machine and here you can see this is the IP address which is 12.0.1 27 so that's the IP which we have got and this IP belongs to our public subnet and which I can show you from our slide here you can see 12.1.0 24 so this is the IP range we have assigned and what we have got the IP address that is 1.27 so that's belong to our public subnet and also uh you can verify the details so that's the usage uh like the disk and this is our uban 2 which is running on a 22.4 so that's how you are just going to create an ec2 instance and you're just going to set up your whole VPC with public subnet private subnet and then you can access that ec2 instance from your local machine so that was uh the session which I have planned for today and once you done with this whole setup and if you're doing it for the demo purpose then what I would recommend is just to clean up all these resources otherwise it might incur some cost to you so for that what you need to do is you just need to exit from here uh go back to your ec2 click onto the instances select the instance go to AC uh instance State then click on terminate instance if you're just using it for learning purpose then I would recommend you to terminate the instance once you have done the setup because uh it will start cost in a little bit of money if you don't stop or don't terminate your ec2 instance so I'll be back shortly once this uh instance is uh completely terminated all right so here you can see our instance has been terminated so now we need to clean up all the route table our public subnet private subnet and our internet gateway along with our VPC so go over here into AWS click on VPC over here select VPC then what we need to do over here we just need to go to the route tables first uh select our private route table go to action select delete and you will find an error message over here route table is still Associated and cannot be deleted so what you need to do you just need to cancel this one click on this subnet uh edit subnet Association dis select this one save Association so now we have dis uh like we have unregistered our private subnet with this particular uh route table and now again go back to actions click on delete and now you can delete this route table click on delete so now we have deleted our uh private route table just refresh it once again and this that is gone then go to public uh go to subnet Association edit Association uncheck that one save Association go to action go to delete and type delete over here refresh it and your route table is gone so now we have deleted our route table the next thing which we need to delete is public subnet and the private subnet so click on this subnets uh go to private subnet click on action click on delete and here you can just type delete refresh it and your private subnet is gone just click on public subnet uh click on action click on delete type delete over here all right refresh the page and now our subnet has been deleted the next thing which we need to delete after that is internet gateway so go on internet gateway uh click on this internet gateway and this internet gateway is still attached with our VPC so let's check that one so internet gateway is there go to action detach from VPC because that's necessary before you delete your internet gateway so I'm just click on detach detach go to action click on delete type delete over here and now we have deleted our internet gway refresh this one and you can see this is our default uh gway which we have got when we signed up for AWS so now our internet gway has been deleted now we finally need to delete our VPC so click on this your VPC this is our test VPC select this test VPC go to action and delete VPC type delete over here and that has been deleted so that's how we have uh set up our whole networking we have tested our ec2 instance and finally we have cleaned up our whole demo so in case if you face any error while cleaning up then check the association between the uh route table subnets your internet gateway your VPC there might be some kind of Association so you need to detach those Association so with that I hope you like the today's session on how to set up your VPC and networking and how to create your ec2 instances onto your public subnet into the next session we'll be taking a look onto the basan host and that is a really important concept when it come to security so stay tuned for this series and in the next chapter we'll take a look onto the basan concept into much more details so till then take care and bye-bye

Info

Channel: Rahul Wagh

Views: 14,601

Rating: undefined out of 5

Keywords: aws, vpc, public subnet, private subnet, route table, internet gateway, nat gateway

Id: 43tIX7901Gs

Channel Id: undefined

Length: 35min 41sec (2141 seconds)

Published: Tue Oct 10 2023