Followers

AWS -VPC

VPC is Region-wise, by default you can create max 5 VPC Range of IP Address are defined for each VPC.   CIDR Range: Range of IP address in a...

VPC is Region-wise, by default you can create max 5 VPC

Range of IP Address are defined for each VPC.


 CIDR Range: Range of IP address in a network.

Example

CIDR:-   192.168.0.0/16

Because we are using /16 so 192.168 will be constant whereas other octates can be changed from 0-255 which means it has 256x256 = 65536 IP Addresses.

Valid IP Address in this Range

192.168.10.20, 192.168.200.10,192.168.2.0/24, 192.168.3.10/21

Invalid IP in the above CIDR

192.168.10.278, 192.169.0.0/24


Reserved IP Addresses in a network

These reserve IP addresses can not be used for EC2 instances.

1. Network IP

2. Broadcast IP

3. Future use IP


Lab

Create a VPC

1. Search for VPC service

2. Click on Your VPC Link

3. Click Create VPC button

4. On this Page define properties related to VPC

  •     Select Vpc only option
  •     Name: myvpc-1
  •     IPV4 CIDR: 10.10.0.0/16
  •     Teancy : Default

Click on Create Vpc button

Create Subnets (By Default no subnet get created in the VPC)

1. Click on Subnets link

2. Click on Create subnet

3. Set following properties for Public Subnet

  •    VPC ID: myvpc-1
  •    Subnet Name: Public Subnet 1-a
  •    Availbility Zone: 1-a
  •    CIDR: 10.10.1.0/24

Click on Create Subnet

4. Click on Create subnet

5. Set following properties for Private subnet

  •    VPC ID: myvpc-1
  •    Subnet Name: Private Subnet 1-b
  •    Availbility Zone: 1-b
  •    CIDR: 10.10.2.0/24

Click on Create Subnet

Create an Internet Gateway to provide Internet connectivity to Public subnet

1. Click on Internet Gateways

2. Name: IGW1

Click on Create Internet Gateway

3. Select Internet Gateway IGW1 and Action--->Attach to VPC and select myvpc-1

Now Internet connectivity is available to myvpc-1 VPC.

Create Route Tables ( A default Route table get created for VPC)

1. Click on Route Tables link

2. Click on Create Route table button

3. Set the properties

  •      Name: Public Route
  •       VPC: myvpc-1

and Click on Create Route Table

4. Click on Create Route table button

5. Set the properties

  •      Name: Private Route
  •       VPC: myvpc-1

and Click on Create Route Table

6. Attach subnets to Route tables

   Select Public Route

    select Subnet Associations

    Click on Edit subnet associations and select Public Subnet 1-a

     Click on Routes --> Edit Routes--> Add Route

     Destination: 0.0.0.0/0 

     Target: IGW1

   and click on Save Changes button.

    Select Private Route

    Select Subnet Associations

    Click on Edit subnet associations and select Private subnet 1-b


Create EC2 instance in myvpc-1

1. Create a Public EC2 instance Amazon Linux Image

2. Select VPC as myvpc-1

3. Select subnet as Public Subnet 1-a

4. Auto assign Public IP: Enable

5. Create new Security Groups for SSH let's call it sshSG.

1. Create a Private EC2 instance Amazon Linux Image

2. Select VPC as myvpc-1

3. Select subnet as Private Subnet 1-b

4. Auto assign Public IP: Disable

5. Select sshSG security group

Experiment

1. Private IP addresses are in the defined range of subnets or not.

2. Both instances can ping to each other with private ip address

3. Connect to Private VM through Public VM

4. Check internet connectivity is available for Private VM ( ping 8.8.8.8)

NAT Gateway 

To provide internet connection to private VM we need to create a NatGateway in the current VPC


1. Click on NAT (Network Address Translation) Gateway

2. Select Public Subnet 1-a

3. Connectivity type: Public

4. Click on Allocate Elastic IP button

5. Click on NatGateway

6. It takes some time to create, once it is created select it and Goto Action---> Attach to VPC---> myvpc-1

7. Click on Route Table and Select the private Route table

8. Select Routes-->Edit Route

9. Click on Add Route , Destination 0.0.0.0/0 and Target NAT Gateway and Click on save changes

10. Now the private VM should have internet connectivity.

Experiments

1.  Delete NAT Gateway, Check the EIP also get delete

2. Find the EIP address allocated to NAT Gateway.

3. How to delete a VPC.

Network ACL

A network access control list (ACL) is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets. You might set up network ACLs with rules similar to your security groups in order to add an additional layer of security to your VPC.

NACL Aws Doc

Note:

One Subnet can be associated with one and only one NACL

One NACL can have multiple subnet associated with it.

1. Select Security --->Network ACLs

2. You can see there is already a NACL defined for your subnets (Public and Private).

3. Click on create Network ACL button

4. Provide the following settings

    NACL Name: mynacl

    VPC: myvpc1

 Click on Create Network ACL

5. select mynacl and click on Subnet Association Tab and select public subnet.

6. Click on Inbound Rules and Click on Edit Inbound Rules and Allow access to port number 22.

7. Create an Ec2 instance in myvpc-1 and subnet public subnet and try to connect with port number 22.You will not able to connect because on NACL level we have opened port 22 for Inbound level not for Outbound level, so let's open port number 22 for the outbound level as well. I am opening ALL Traffic because we are not sure that outbound is port number 22 or something else port number.

8. Select mynacl and click on the outbound rules tab and Edit the Outbound rule by Allowing All Traffic.

Experiments

1. Host a website on EC2 instance on port number 80 and remove the outbound rule and check you are able to access it externally or not.

2. Try to access google.com on your Ec2 instance.











COMMENTS

Name

Ansible,6,AWS,1,Azure DevOps,1,Containerization with docker,2,DevOps,2,Docker Quiz,1,Docker Swarm,1,DockerCompose,1,ELK,2,git,2,Jira,1,Kubernetes,1,Kubernetes Quiz,5,SAST DAST Security Testing,1,SDLC Quiz,3,SonarQube,3,Splunk,2,vagrant kubernetes,1,YAML Basics,1,
ltr
item
DevOpsWorld: AWS -VPC
AWS -VPC
DevOpsWorld
https://www.devopsworld.co.in/2022/03/aws-vpc.html
https://www.devopsworld.co.in/
https://www.devopsworld.co.in/
https://www.devopsworld.co.in/2022/03/aws-vpc.html
true
5997357714110665304
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share to a social network STEP 2: Click the link on your social network Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy Table of Content