Introduction and Aim
This lab covers the basics of how an Amazon VPC works. The aim of this lab is to create a VPC, route it, deploy an EC2 instance into it, and add an internet gateway for traffic movement between the internet gateway and the routed subnet.
VPCs are partitions of a Cloud that are logically isolated. An AWS VPC provides the user the control over the networking environment, such as the IP address range, subnets, route tables, and network gateways. (QwikLabs, What is Amazon Virtual Private Cloud)
- Create an Amazon VPC
- Set up routing for the Amazon VPC
- Deploy an Amazon EC2 instance into the Amazon VPC
- Attach an internet gateway to the Amazon VPC
Creating an Amazon VPC
VPC is found in the AWS Management Console homepage. On the VPC dashboard is a ‘Start VPC Wizard’, which is clicked, and then the ‘VPC with a Single Public Subnet’ option is chosen.
After creating the VPC, the console should display the DNS settings in the details pane.
Each VPC has an internet gateway, this means that I have two; one for my default VPC, and one for the VPC I’ve just created.
In my created VPC, QL_VPC, there are two route tables; a default main route table, and the VPC Wizard custom route table. My subnet is associated with the custom route table, however, if I add a new subnet, it is preset to be associated with the default route table.
If I select the main route table, I can see that it has a local route, but no other routes. This implies that any subnet created in this route table will not be visible to the internet. Hence the main route table can be used to create private subnets.
To create a public subnet, I can either use the custom route table or I can change the routing in the main route table.
Setting up a security group
Security groups act as virtual firewalls that control the traffic inbound and outbound from the instance. As I’ve recently learned in class, security groups are stateful. This means that if something is allowed out, then the return traffic automatically becomes allowed also. In order to create a security group in AWS, QwikLab’s guide is to create a group, add the inbound and outbound rules that you want to use, and then associate your instances with the security group when you launch them’.
In the picture below of the security group and the designated inbound rules, the 0.0.0.0/0 in the source field is indicative of all IP addresses. Just as the lab script mentions, this practice is unsafe for professional environments where traffic flow should be more rigorously controlled.
Launching an Amazon EC2 instance
The next move is to create an Amazon EC2 instance, The instance that I’ll be launching is the Amazon Machine Image: Amazon Linux AMI.
The above slideshow shows the process in which to create the instance.
Attaching an Internet Gateway to your VPC
In order to attach an Internet Gateway to the VPC, I need to create an elastic IP address. QwikLabs describes an elastic IP address as ‘a public IP address that belongs to your AWS account’. The elastic IP then needs to be associated with the created instance.
Once the IP address is associated with the instance, the instance becomes accessible from the internet, or from using SSH or Remote Desktop.
Having completed this lab, I now the knowledge of how to create an Amazon VPC. One thing that needs to be taken into consideration with creating the VPCs is the charge costs associated with the elastic IP, and the instance. The elastic IP costs to hold if it is disassociated from an instance. During the running and association of the instance, it is free. The instance itself also contains a cost to maintain. From a business accounting perspective, this sort of knowledge is incredibly important for keeping complete control over the business expenses.