Skip to main content
Version: Next

AWS: Creating a VPC

A Virtual Private Cloud (VPC) allows you to launch AWS resources in a logically isolated network. We'll create a VPC with both public and private subnets across multiple Availability Zones (AZs) to ensure high availability.

Steps

1. Access the VPC Console:

2. Create the VPC:

  • Click on "Create VPC."
  • Choose "VPC and more" to create the VPC along with subnets and other related resources.
  • Provide a name for your VPC.
  • Specify an IPv4 CIDR block (e.g., 10.0.0.0/16).
  • Leave other settings as default or adjust as needed.
  • Click "Create VPC."

Add Subnets

1. Add Subnets:

  • In the VPC Dashboard, navigate to "Subnets."

  • Click on "Create subnet."

  • Select the VPC you just created.

  • For each Availability Zone (AZ) you want to use (e.g., 3 AZs), create:

    • One public subnet (e.g., 10.0.1.0/24 in AZ A).
    • One private subnet (e.g., 10.0.2.0/24 in AZ A).

  • Repeat the process for the remaining AZs, ensuring that each subnet has a unique CIDR block.

2. Configure the Public Subnets:

  • Attach an Internet Gateway to your VPC:

    • Navigate to "Internet Gateways" in the VPC Dashboard.
    • Click "Create internet gateway," provide a name, and create it.
    • Attach the Internet Gateway to your VPC.

  • Update Route Tables:

    • Create a new "route table" for public subnets.
    • Add a route with destination 0.0.0.0/0 pointing to the Internet Gateway.
    • Associate this route table with all public subnets.

3. Configure the Private Subnets:

  • Create a NAT Gateway:

    • Allocate an "Elastic IP address".
    • Navigate to "NAT Gateways" and create a new NAT Gateway in one of the public subnets using the allocated Elastic IP.

  • Update Route Tables:

    • Create a new "route table for private subnets.
    • Add a route with destination 0.0.0.0/0 pointing to the NAT Gateway.
    • Associate this route table with all private subnets.

Create Security Groups

1. Create Security Groups

A Security Group is like a virtual firewall that controls the traffic going to your VPC's resources.

  • If you need to access your resources (like web servers) from outside, you'll want to open ports (like HTTP/HTTPS).
  • Name the security group (e.g. bastion-sg) —> Replace with your desired SG name

Inbound Rules (Ingress)

  • Allow HTTP (port 80) from your IP
  • Allow HTTPS (port 443) from your IP
  • Allow SSH (port 22) from your IP

Outbound Rules (Egress)

  • Allow 0.0.0.0/0

Verify Your VPC

  • Once created, go back to the VPC Dashboard and check that your VPC appears in the list.
  • You should also see the Internet and NAT Gateways, Route Tables, and Subnets listed.