-
Notifications
You must be signed in to change notification settings - Fork 0
Create a VPC with public and private subnets
On AWS, a VPC is a virtual private cloud. Creating a VPC means creating a set of available IPs that will be further organized in subnets. AWS has some pre-configured VPCs. Choose the "VPC with Public and Private Subnets" to be able to set up a simple and secure configuration.
- VPC IPv4 CIDR block : 192.168.0.0/16 (which makes 65 531 available IPs for the VPC)
- No IPv6
- Public Subnet IPv4 CIDR block : 192.168.1.0/24 (which makes 251 available IPs for the VPC)
- Private Subnet IPv4 CIDR block : 192.168.2.0/24
- AZ : no preference (as long as I am in France)
- Use a NAT instance: t2.nano with a key pair (just in case you need to connect to it)
- Enable DNS hostnames
- Default hardware tenancy
- -> VPC Dashboard (home page)
- -> Launch VPC Wizard
- -> Choose VPC with public and private subnet
- -> (enter parameters)
- -> Create VPC
Tip : make sure that your VPCs IP ranges don't overlap in case you want to peer them.
NAT instance will be started at once (btw, give it a name at once) therefore charges will start running too:
- charges for running EC2 instance : stops when stopping (shutting down) instance
- charges for hard disk (Elastic Block Store EBS) usage : stops when terminating (deleting) instance
- charges for elastic IP reservation : free if in usage, expensive once corresponding instance is deleted. Don't forget to delete it when you don't need it anymore.
Once this is done, the route table of the public subnet has an internet getaway (igw) entry. The private subnet has an elastic network interface (eni) entry. It shows that one is open to the world, not the other.
BUT, if you check your NAT's security group (go to EC2 Dashboard->Instances->click on the NAT), notice that inbound traffic is open only for this same security group as a source. Obviously, we would like to access the network from outside. Therefore Edit it and change the source to "Anywhere".