AWS Networking basics
What is AWS VPC?
VPC (Virtual Private Cloud) is an isolated network in the AWS cloud, it enables users to launch AWS resources in a isolated network. it provides customizable IP address range, Subnets for resource segmentation, internet access control using Internet Gateways and NAT, security using Security Groups and Network ACLs.
Key Components
Subnets
Networking inside the VPC is divided into subnets there are 2 types of subnets: Public and private subnets. the difference between the 2 is that public subnets has additional route to access internet.
Route Tables
Route tables are rules that define how network traffic flows within the VPC and outside it, Each subnet must be associated with a route table.
Internet Gateway (IGW)
If we need to provide internet access to resources in public subnets we need to create an Internet Gateway and attached to the VPC then we add a routing rule from that subnet to IGW resource.
NAT Gateway/Instance
For private subnets that need internet access, we use a NAT Gateway or NAT Instance, enabling outbound connections while blocking inbound connections initiated from the internet.
Private IP
A private IP address are IPv4 address that it is attached to an instance and not reachable over the internet, it has the IP address within the range of the private subnet used.
Elastic IPs
When we need a static, public IP address that doesn’t change, we can use an Elastic IP Address (EIP). This is useful for resources like NAT Gateways or EC2 instances that require consistent external visibility.
Security
To control the flow of traffic, AWS VPC includes Security Groups and Network Access Control Lists (NACLs).
Security Groups
Security Groups act as virtual firewalls at the instance level (EC2 instances), allowing or blocking specific types of traffic.
Network ACLs
NACLs operate at the subnet level and offer an additional layer of security by defining inbound and outbound traffic rules.
Networking Hands-on
Install and Configure AWS CLI
Before proceeding, ensure you have AWS CLI installed and configured on your local machine.
- Download and install the (Install AWS CLI).
- Configure the CLI with your credentials:
aws configure
Enter your access key, secret key, default region, and preferred output format (e.g., JSON).
Step 1: Create a VPC
A VPC is the foundation of the network. let’s Start by creating a new VPC and defining its IP range.
aws ec2 create-vpc --cidr-block 10.0.0.0/16
The --cidr-block
specifies the IP range for our VPC (10.0.0.0/16
allows up to 65,536 addresses). The command returns the vpc-id
, which we will use in next steps.
Step 2: Create Subnets
Divide our VPC into smaller sections (subnets) for better organization. Create a public subnet and a private subnet.
- Public Subnet:
Terminal window aws ec2 create-subnet --vpc-id <vpc-id> --cidr-block 10.0.1.0/24 - Private Subnet:
Terminal window aws ec2 create-subnet --vpc-id <vpc-id> --cidr-block 10.0.2.0/24
Each subnet gets its own IP range, defined by the --cidr-block
.
Step 3: Attach an Internet Gateway
To allow internet access for resources in the public subnet, we need to attach an Internet Gateway to our VPC.
aws ec2 create-internet-gatewayaws ec2 attach-internet-gateway --internet-gateway-id <igw-id> --vpc-id <vpc-id>
Step 4: Create a Route Table and Add Routes
A route table directs network traffic. let’s create one for our public subnet and configure it to allow internet access.
- Create the route table:
Terminal window aws ec2 create-route-table --vpc-id <vpc-id> - Add a route to the Internet Gateway:
Terminal window aws ec2 create-route --route-table-id <route-table-id> --destination-cidr-block 0.0.0.0/0 --gateway-id <igw-id>
Step 5: Associate the Route Table with the Public Subnet
We need to link the route table to the public subnet so it can direct traffic through the Internet Gateway.
aws ec2 associate-route-table --route-table-id <route-table-id> --subnet-id <public-subnet-id>
Step 7: Create a NAT Gateway for Private Subnets
If private subnet resources need internet access (e.g., for updates), set up a NAT Gateway.
- Create a NAT Gateway:
Terminal window aws ec2 create-nat-gateway --subnet-id <public-subnet-id> --allocation-id <eip-allocation-id> - Add a route in the private subnet’s route table to direct internet-bound traffic through the NAT Gateway.
Verify the Setup
To check resources we have just created we can use the AWS Management Console or CLI commands, such as:
aws ec2 describe-vpcsaws ec2 describe-subnetsaws ec2 describe-route-tables
Conclusion
In this tutorial, we Discoverd basic components of AWS networking. We created a VPC, set up public and private subnets, added an Internet Gateway for internet access, configured route tables. This setup forms the foundational knowledge to start working with AWS networking.