AWS Networking basics
What is AWS VPC?
Section titled “What is AWS VPC?”VPC (Virtual Private Cloud) is an isolated network in the AWS cloud, it enables users to launch AWS resources in a isolated network. it provides customizable IP address range, Subnets for resource segmentation, internet access control using Internet Gateways and NAT, security using Security Groups and Network ACLs.
Key Components
Section titled “Key Components”Subnets
Section titled “Subnets”Networking inside the VPC is divided into subnets there are 2 types of subnets: Public and private subnets. the difference between the 2 is that public subnets has additional route to access internet.
Route Tables
Section titled “Route Tables”Route tables are rules that define how network traffic flows within the VPC and outside it, Each subnet must be associated with a route table.
Internet Gateway (IGW)
Section titled “Internet Gateway (IGW)”If we need to provide internet access to resources in public subnets we need to create an Internet Gateway and attached to the VPC then we add a routing rule from that subnet to IGW resource.
NAT Gateway/Instance
Section titled “NAT Gateway/Instance”For private subnets that need internet access, we use a NAT Gateway or NAT Instance, enabling outbound connections while blocking inbound connections initiated from the internet.
Private IP
Section titled “Private IP”A private IP address are IPv4 address that it is attached to an instance and not reachable over the internet, it has the IP address within the range of the private subnet used.
Elastic IPs
Section titled “Elastic IPs”When we need a static, public IP address that doesn’t change, we can use an Elastic IP Address (EIP). This is useful for resources like NAT Gateways or EC2 instances that require consistent external visibility.
Security
Section titled “Security”To control the flow of traffic, AWS VPC includes Security Groups and Network Access Control Lists (NACLs).
Security Groups
Section titled “Security Groups”Security Groups act as virtual firewalls at the instance level (EC2 instances), allowing or blocking specific types of traffic.
Network ACLs
Section titled “Network ACLs”NACLs operate at the subnet level and offer an additional layer of security by defining inbound and outbound traffic rules.
Networking Hands-on
Section titled “Networking Hands-on”Install and Configure AWS CLI
Section titled “Install and Configure AWS CLI”Before proceeding, ensure you have AWS CLI installed and configured on your local machine.
- Download and install the (Install AWS CLI).
- Configure the CLI with your credentials:
aws configureEnter your access key, secret key, default region, and preferred output format (e.g., JSON).
Step 1: Create a VPC
Section titled “Step 1: Create a VPC”A VPC is the foundation of the network. let’s Start by creating a new VPC and defining its IP range.
aws ec2 create-vpc --cidr-block 10.0.0.0/16The --cidr-block specifies the IP range for our VPC (10.0.0.0/16 allows up to 65,536 addresses). The command returns the vpc-id, which we will use in next steps.
Step 2: Create Subnets
Section titled “Step 2: Create Subnets”Divide our VPC into smaller sections (subnets) for better organization. Create a public subnet and a private subnet.
- Public Subnet:
Terminal window aws ec2 create-subnet --vpc-id <vpc-id> --cidr-block 10.0.1.0/24 - Private Subnet:
Terminal window aws ec2 create-subnet --vpc-id <vpc-id> --cidr-block 10.0.2.0/24
Each subnet gets its own IP range, defined by the --cidr-block.
Step 3: Attach an Internet Gateway
Section titled “Step 3: Attach an Internet Gateway”To allow internet access for resources in the public subnet, we need to attach an Internet Gateway to our VPC.
aws ec2 create-internet-gatewayaws ec2 attach-internet-gateway --internet-gateway-id <igw-id> --vpc-id <vpc-id>Step 4: Create a Route Table and Add Routes
Section titled “Step 4: Create a Route Table and Add Routes”A route table directs network traffic. let’s create one for our public subnet and configure it to allow internet access.
- Create the route table:
Terminal window aws ec2 create-route-table --vpc-id <vpc-id> - Add a route to the Internet Gateway:
Terminal window aws ec2 create-route --route-table-id <route-table-id> --destination-cidr-block 0.0.0.0/0 --gateway-id <igw-id>
Step 5: Associate the Route Table with the Public Subnet
Section titled “Step 5: Associate the Route Table with the Public Subnet”We need to link the route table to the public subnet so it can direct traffic through the Internet Gateway.
aws ec2 associate-route-table --route-table-id <route-table-id> --subnet-id <public-subnet-id>Step 7: Create a NAT Gateway for Private Subnets
Section titled “Step 7: Create a NAT Gateway for Private Subnets”If private subnet resources need internet access (e.g., for updates), set up a NAT Gateway.
- Create a NAT Gateway:
Terminal window aws ec2 create-nat-gateway --subnet-id <public-subnet-id> --allocation-id <eip-allocation-id> - Add a route in the private subnet’s route table to direct internet-bound traffic through the NAT Gateway.
Verify the Setup
Section titled “Verify the Setup”To check resources we have just created we can use the AWS Management Console or CLI commands, such as:
aws ec2 describe-vpcsaws ec2 describe-subnetsaws ec2 describe-route-tablesConclusion
Section titled “Conclusion”In this tutorial, we Discoverd basic components of AWS networking. We created a VPC, set up public and private subnets, added an Internet Gateway for internet access, configured route tables. This setup forms the foundational knowledge to start working with AWS networking.