Skip to content

AWS Networking basics

What is AWS VPC?

VPC (Virtual Private Cloud) is an isolated network in the AWS cloud, it enables users to launch AWS resources in a isolated network. it provides customizable IP address range, Subnets for resource segmentation, internet access control using Internet Gateways and NAT, security using Security Groups and Network ACLs.

Key Components

Subnets

Networking inside the VPC is divided into subnets there are 2 types of subnets: Public and private subnets. the difference between the 2 is that public subnets has additional route to access internet.

Route Tables

Route tables are rules that define how network traffic flows within the VPC and outside it, Each subnet must be associated with a route table.

Internet Gateway (IGW)

If we need to provide internet access to resources in public subnets we need to create an Internet Gateway and attached to the VPC then we add a routing rule from that subnet to IGW resource.

NAT Gateway/Instance

For private subnets that need internet access, we use a NAT Gateway or NAT Instance, enabling outbound connections while blocking inbound connections initiated from the internet.

Private IP

A private IP address are IPv4 address that it is attached to an instance and not reachable over the internet, it has the IP address within the range of the private subnet used.

Elastic IPs

When we need a static, public IP address that doesn’t change, we can use an Elastic IP Address (EIP). This is useful for resources like NAT Gateways or EC2 instances that require consistent external visibility.

Security

To control the flow of traffic, AWS VPC includes Security Groups and Network Access Control Lists (NACLs).

Security Groups

Security Groups act as virtual firewalls at the instance level (EC2 instances), allowing or blocking specific types of traffic.

Network ACLs

NACLs operate at the subnet level and offer an additional layer of security by defining inbound and outbound traffic rules.

Networking Hands-on

Install and Configure AWS CLI

Before proceeding, ensure you have AWS CLI installed and configured on your local machine.

  1. Download and install the (Install AWS CLI).
  2. Configure the CLI with your credentials:
Terminal window
aws configure

Enter your access key, secret key, default region, and preferred output format (e.g., JSON).

Step 1: Create a VPC

A VPC is the foundation of the network. let’s Start by creating a new VPC and defining its IP range.

Terminal window
aws ec2 create-vpc --cidr-block 10.0.0.0/16

The --cidr-block specifies the IP range for our VPC (10.0.0.0/16 allows up to 65,536 addresses). The command returns the vpc-id, which we will use in next steps.

Step 2: Create Subnets

Divide our VPC into smaller sections (subnets) for better organization. Create a public subnet and a private subnet.

  • Public Subnet:
    Terminal window
    aws ec2 create-subnet --vpc-id <vpc-id> --cidr-block 10.0.1.0/24
  • Private Subnet:
    Terminal window
    aws ec2 create-subnet --vpc-id <vpc-id> --cidr-block 10.0.2.0/24

Each subnet gets its own IP range, defined by the --cidr-block.

Step 3: Attach an Internet Gateway

To allow internet access for resources in the public subnet, we need to attach an Internet Gateway to our VPC.

Terminal window
aws ec2 create-internet-gateway
aws ec2 attach-internet-gateway --internet-gateway-id <igw-id> --vpc-id <vpc-id>

Step 4: Create a Route Table and Add Routes

A route table directs network traffic. let’s create one for our public subnet and configure it to allow internet access.

  • Create the route table:
    Terminal window
    aws ec2 create-route-table --vpc-id <vpc-id>
  • Add a route to the Internet Gateway:
    Terminal window
    aws ec2 create-route --route-table-id <route-table-id> --destination-cidr-block 0.0.0.0/0 --gateway-id <igw-id>

Step 5: Associate the Route Table with the Public Subnet

We need to link the route table to the public subnet so it can direct traffic through the Internet Gateway.

Terminal window
aws ec2 associate-route-table --route-table-id <route-table-id> --subnet-id <public-subnet-id>

Step 7: Create a NAT Gateway for Private Subnets

If private subnet resources need internet access (e.g., for updates), set up a NAT Gateway.

  • Create a NAT Gateway:
    Terminal window
    aws ec2 create-nat-gateway --subnet-id <public-subnet-id> --allocation-id <eip-allocation-id>
  • Add a route in the private subnet’s route table to direct internet-bound traffic through the NAT Gateway.

Verify the Setup

To check resources we have just created we can use the AWS Management Console or CLI commands, such as:

Terminal window
aws ec2 describe-vpcs
aws ec2 describe-subnets
aws ec2 describe-route-tables

Conclusion

In this tutorial, we Discoverd basic components of AWS networking. We created a VPC, set up public and private subnets, added an Internet Gateway for internet access, configured route tables. This setup forms the foundational knowledge to start working with AWS networking.