Amazon IaaS (aws) it is called VPC.

by Posted on

What is a Virtual Private Cloud?

If you host it in amazon IaaS (aws) it is called VPC.

  • Logically isolated network
  • Existing within a single AWS region
  • User-defined IP address range
  • Can contain public or private subnets
  • Can be securely connected to on-premises data center
  • Virtual Private Cloud
  • Internet gateway
  • Router/route tables
  • NAT gateway
  1. Create a VPC with a 10.0.0.0/16 CIDR block.

aws ec2 create-vpc –cidr-block 172.20.0.0/16

aws ec2 describe-vpcsvpc-id vpc-2f09a348  

  1. Using the VPC ID from the previous step, create a subnet with a 10.0.1.0/24 CIDR block.

aws ec2 create-subnet –vpc-id vpc-2f09a348 –cidr-block 172.20.1.0/24 

  1. Create a second subnet in your VPC with a 10.0.0.0/24 CIDR block.

 aws ec2 create-subnet –vpc-id vpc-2f09a348 –cidr-block 172.20.2.0/24

  1. Create a third subnet in your VPC with a 10.0.0.0/24 CIDR block.

aws ec2 create-subnet –vpc-id vpc-2f09a348 –cidr-block 172.20.3.0/24

Make Your Subnet Public

After you’ve created the VPC and subnets, you can make one of the subnets a public subnet by attaching an Internet gateway to your VPC, creating a custom route table, and cconfigurerouting for the subnet to the Internet gateway.

  1. Create an Internet gateway.

aws ec2 create-internet-gateway

NOTE: In the output that’s returned, take note of the Internet gateway ID.

  1. Using the ID from the previous step, attach the Internet gateway to your VPC.

aws ec2 attach-internet-gateway –vpc-id vpc-2f09a348 –internet-gatewayid igw-1ff7a07b

  1. Create a custom route table for your VPC.

aws ec2 create-route-table –vpc-id vpc-2f09a348

In the output that’s returned, take note of the route table ID.

  1. Create a route in the route table that points all traffic (0.0.0.0/0) to the Internet gateway.

aws ec2 create-route –route-table-id rtb-c1c8faa6 –destination-cidr-block 0.0.0.0/0

–gateway-id igw-1ff7a07b 

  1. To confirm that your route has been created and is active, you can describe the route table and view the results.

aws ec2 describe-route-tables –route-table-id rtb-c1c8faa6

  1. The route table is currently not associated with any subnet. You need to associate it with a subnet in your VPC so that traffic from that subnet is routed to the Internet gateway. First, use the describe-subnets command to get your subnet IDs. You can use the –filter option to return the subnets for your new VPC only, and the –query option to return only the subnet IDs and their CIDR blocks.

aws ec2 describe-subnets –filters “Name=vpc-id,Values=vpc-2f09a348” –query

‘Subnets[*].{ID:SubnetId,CIDR:CidrBlock}’

You can choose which subnet to associate with the custom route table, for example, subnetb46032ec.

This subnet will be your public subnet

aws ec2 associate-route-table –subnet-id subnet-b46032ec –route-table-id rtbc1c8faa6

You can optionally modify the public IP addressing the behavior of your subnet so that an instance launched into the subnet automatically receives a public IP address.

Otherwise, you should associate an Elastic IP address with your instance after launch so that it’s reachable from the Internet.

aws ec2 modify-subnet-attribute –subnet-id subnet-b46032ec –map-public-ip-on-launch

  1. You can choose which subnet to associate with the custom route table, for example, subnetb46032ec. This subnet will be your public subnet.

aws ec2 associate-route-table –subnet-id subnet-b46032ec –route-table-id rtbc1c8faa6

  1. You can optionally modify the public IP addressing behavior of your subnet so that an instance launched into the subnet automatically receives a public IP address.

Otherwise, you should associate an Elastic IP address with your instance after launch so that it’s reachable from the Internet.

aws ec2 modify-subnet-attribute –subnet-id subnet-b46032ec –map-public-ip-on-launch

  1. Create a key pair and use the –query option and the –output text option to pipe your private key directly into a file with the .pem extension.

aws ec2 create-key-pair –key-name MyKeyPair –query ‘KeyMaterial’ –output text

> MyKeyPair.pem

  1. Create a security group in your VPC, and add a rule that allows SSH access from anywhere.

aws ec2 create-security-group –group-name SSHAccess –description “Security group for SSH access” –vpc-id vpc-2f09a348

aws ec2 authorize-security-group-ingress –group-id sg-e1fb8c9a –protocol tcp port 22 –cidr 0.0.0.0/0

Note

If you use 0.0.0.0/0, you enable all IPv4 addresses to access your instance using SSH. This is acceptable for this short exercise, but in production, authorize only a specific IP address or range of addresses.

Launch an instance into your public subnet, using the security group and key pair you’ve created. In the output, take note of the instance ID for your instance.

aws ec2 run-instances –image-id ami-a4827dc9 –count 1 –instance-type t2.micro –keyname MyKeyPair –security-group-ids sg-e1fb8c9a –subnet-id subnet-b46032ec

In this example, the AMI is an Amazon Linux AMI in the US East (N. Virginia) region. If you’re in a different region, you’ll need the AMI ID for a suitable AMI in your region. For more information, see Finding a Linux AMI in the Amazon EC2 User Guide for Linux Instances

Your instance must be in the running state in order to connect to it. Describe your instance and confirm its state, and take note of its public IP address.

aws ec2 describe-instances –instance-id i-0146854b7443af453

When your instance is in the running state, you can connect to it using an SSH client on a Linux or Mac OS X computer by using the following command:

ssh -i “MyKeyPair.pemec2-user@54.84.168.235

Configure an Egress-Only Private Subnet

You can configure the second subnet in your VPC to be an IPv6 egress-only private subnet. Instances that are launched in this subnet are able to access the Internet over IPv6 (for example, to get software updates) through an egress-only Internet gateway, but hosts on the Internet cannot reach your instances.

Create an egress-only Internet gateway for your VPC. In the output that’s returned, take note of the gateway ID.

aws ec2 create-egress-only-internet-gateway –vpc-id vpc-2f09a348

Create a custom route table for your VPC. In the output that’s returned, take note of the route table ID.

aws ec2 associate-route-table –subnet-id subnet-a46032fc –route-table-id rtb-abc123ab 

From your private instance, a test that you can connect to the Internet by running the ping

the command for a website that has ICMP enabled, for example:

ping -n ietf.org 

Cleanup

After you’ve verified that you can connect to your instance, you can terminate it if you no longer need it. To do this, use the terminate-instances command. To delete the other resources you’ve created in this example, use the following commands in their listed order:

  1. Delete your security group:

aws ec2 delete-security-group –group-id sg-e1fb8c9a

  1. Delete your subnets:

 aws ec2 delete-subnet –subnet-id subnet-b46032ec

aws ec2 delete-subnet –subnet-id subnet-a46032fc

  1. Delete your custom route table:

 aws ec2 delete-route-table –route-table-id rtb-c1c8faa6

  1. Detach your Internet gateway from your VPC:

aws ec2 detach-internet-gateway –internet-gateway-id igw-1ff7a07b –vpc-id vpc-2f09a348

  1. Delete your Internet gateway:

aws ec2 delete-internet-gateway –internet-gateway-id igw-1ff7a07b

  1. Delete your VPC:

aws ec2 delete-vpc –vpc-id vpc-2f09a348

Published by Upen Patel