Author Jinali Pabasara
Welcome to this article series, where we’ll embark on an exciting journey through fundamental networking concepts in AWS. Our exploration will cover topics like VPCs, subnets, API Gateways, and how resources within our AWS account can communicate with the outside world. We’ll dive into these concepts while engaging in hands-on practices to reinforce our understanding.
To facilitate our learning, we’ll analyze the architecture diagram provided below. We’ll spend time building this architecture diagram step-by-step in our AWS account during both the first and second parts of this series.
Let’s take a closer look at this diagram depicting a VPC (Virtual Private Cloud) with two unique subnets: one public and one private. Within the Public Subnet, there’s an EC2 instance with internet connectivity. Our goal is to gain a deeper understanding of each component and how they interact by replicating this setup in our own AWS account.
The first part of this series will focus on understanding VPCs, including how to create one and the fundamentals of Subnets.
Virtual Private Cloud
In this diagram, we have something called VPC, which stands for Virtual Private Cloud. It’s like having our own private space within the vast AWS cloud. Imagine it as a secluded area where we can keep our resources, like EC2 instances and databases, safe and separate from everything else in AWS.
So, with VPC, we get our own safe and private corner in the cloud, and we can have multiple such corners, each with its own resources, all working independently.
Now, let’s proceed with creating a VPC. To begin, go to the AWS Management Console and locate the search bar. Type “VPC” into the search bar and select “VPC” from the suggested results. This will take you to the Amazon VPC dashboard.
Once you access the Amazon VPC dashboard, you will see various options and information related to networking within AWS. To view all the VPCs available in the region you are currently in, select “VPC” from the left pane menu. This will display a list of existing VPCs in the region.
To create a new VPC click on the Create VPC button on the top.
Once you click on the button it will take you to the below page.
As you can see it’s first asking how we want to create our VPC resources. For this demo tutorial let's select VPC only.
However, if you select VPC and more you can see that AWS is gonna create all the associated resources for you as described in the diagram. This is a really good solution as we don't need to create each resource we need separately.
For now, will stick to VPC only so we can add resources while understanding their use cases.
As the next step let's give a name to our VPC.
Next, we need to give a CIDR range for our VPC. CIDR is a flexible way of allocating IP addresses to our VPC. CIDR block has a collection of IP addresses and we can manage the no of IP addresses we need. As VPC is private it only allows the Private IPv4 ranges.
If you would like to learn more about CIDR please check out this article from AWS.
After giving a CIDR range let's click on Create VPC button to create the VPC.
The tenancy is where we can decide whether the resources we deployed within the VPC have their own dedicated hardware or shared hardware. Let's keep the Default option to go ahead with the shared hardware.
Once we initiate the creation of our VPC, it should only take a few moments to complete. Once the process is finished, we can simply check the VPC list below to confirm that our new VPC has been successfully created.
One crucial point to highlight is that AWS imposes a soft limit of 5 VPCs per region. In simpler terms, this means we can create a maximum of 5 VPCs within a single region.
Public and Private Subnets
Let’s take another look at the architecture diagram. Inside our VPC, we find two blocks called Subnets. Now, what are Subnets?
Imagine the VPC as a big neighborhood, and each Subnet is like a smaller street within that neighborhood. These Subnets are isolated networks where we can group our resources
Each Subnet comes with its own defined set of IP addresses, which are like unique house numbers on that street. These IP ranges help in identifying and communicating with the different resources residing in each Subnet.
So, Subnets are like smaller, well-defined networks within the VPC, each with its own set of IP addresses, making resource management and isolation more manageable.
In our diagram, there are two subnets within the VPC: the public subnet and the private subnet. Any application or resource that needs to be accessible to the public can be located in the public subnet. On the other hand, any resource or application that should remain private should be placed in the private subnet. This way, we can control the accessibility of our resources based on their placement within the subnets.
Alright, let’s proceed to create both a public and a private subnet.
To get started, select “Subnets” from the left-hand menu in the AWS Management Console.
Once you’re on the Subnets page, you’ll notice a “Create Subnet” button at the top of the page. Go ahead and click on it to begin the process.
Once you click on the “Create Subnet” option, you’ll be directed to a page where we can define our subnets.
To proceed, simply choose the VPC we created earlier from the drop-down menu, and assign it as the VPC ID for our new subnet
In the subnet settings section, we have the option to provide a name for our subnet. Let’s call our subnet “PrivateSubnet” since it will serve as the private portion of our network.
In regards to Availability Zones, we have the option to either manually select a specific zone from the provided choices or allow AWS to automatically assign one for us.
However, to ensure a high level of availability, it is a common practice to create two subnets, each residing in a different Availability Zone. For instance, we can set up two Private subnets, with each subnet located in separate AZs. This setup serves as a safeguard; if one Availability Zone experiences an issue or outage, the resources within the other zone remain operational, ensuring continuous service availability.
In this demonstration, we’ll keep things straightforward by having only one private subnet within the VPC. You can choose any Availability Zone (AZ) from the drop-down menu or leave it as “No preference.”
Next, we need to select a CIDR block for our subnet. If you scroll back to the top reviewing the information provided under Associated VPC CIDRs, you can find the specified range for the CIDR block of our subnets. Each subnet is associated with a specific CIDR block (a range of IP addresses) from the VPC’s address space.
Next click on Add New Subnet button to add another subnet. This time we want to create our Public Subnet.
Just like we did for the private subnet, let’s proceed by assigning a name and an Availability Zone (AZ) for the public subnet. Additionally, we need to select a CIDR block for the public subnet, ensuring that it falls within the specified range for associated subnets.
After that click on the Create Subnet button to create our 2 subnets.
It’s essential to understand that VPCs are region-specific virtual networks in AWS, whereas Subnets are associated with specific Availability Zones within those regions. When dealing with AWS networking and setting up resources within a Virtual Private Cloud (VPC), it’s crucial to recognize the significance of subnets as a foundational component. Simply creating a VPC without setting up subnets would not allow us to place any resources, such as EC2 instances or other AWS services, within that VPC.
Wrapping Up
Let’s take a moment to review what we’ve accomplished thus far. In our AWS account’s region, we successfully created a VPC as the first step. Inside this VPC, we set up two distinct subnets — one for private resources and the other for public resources. Up to this point, we have reached the stage represented by the diagram below.
In the next article, we’ll explore the process of integrating an Internet Gateway and route tables into our system. Additionally, we’ll deploy an EC2 instance into the public subnet. This exciting step will enable internet connectivity for specific resources, making them accessible from the outside world while maintaining the privacy and security of resources in the private subnet.
Stay tuned as we delve deeper into these crucial networking configurations in our AWS environment!
About the Author: Jinali Pabasara is a Software Engineer who has a strong passion for cloud computing. Sge finds great satisfaction in sharing the programming and cloud computing concepts knowledge that she has gained during her learning journey.
Comments