How to Create Amazon Virtual Private Cloud (VPC)

We can create Amazon VPC by using the following steps:

1. Create a VPC
2. Create an Internet Gateway (IGW)
3. Attach IGW to VPC
4. Create Two Subnets:
   Public Subnet (Subnet-1) and Private Subnet (Subnet-2)
5. Enable Auto-assign IP settings for Public Subnet
6. Create a Route Table and associate to subnet-1
7. Create Tow Instances:
   Web Server (First instance for public subnet) and DB Server (Second instance for private subnet)
8. Verify internet access on web server
9. Create a NAT Gateway
10. Create a Route table for NAT Gateway and associate to Subnet-2
11. Verify internet access on DB server. 

AWS VPC Struct

Step 1: Create a VPC:

As VPC is a region-specific service, first we need to make sure in which region we are creating VPC. In this practical, we are creating a VPC in North Virginia Region for a web solution company, named 'websol'. One default VPC is also running there. So, I suggest, do not delete or change inside default VPC. Create your own VPC named 'websol-vpc'.

AWS ➔ Services➔ VPC ➔ Your VPCs ➔ Create VPC ➔ Name tag: websol-vpc ➔ IPv4 CIDR block: 10.0.0.0/16 ➔ [*] No IPv6 CIDR Block ➔ Tenancy: default ➔ Create ➔ Close.

This will create a new VPC named 'websol-vpc' in North Virginia region.

Step 2: Create an Internet Gateway (IGW):

AWS ➔ Services ➔ VPC ➔ Internet Gateways ➔ Create Internet Gateway ➔ Name tag: websol-igw ➔ Create ➔ Close.

Step 3: Attach IGW to VPC:

AWS ➔ Services ➔ VPC ➔ Internet Gateways ➔ Select 'websol-igw' gateway ➔ Actions ➔ Attach to VPC ➔ VPC: Select 'websol-vpc' ➔ Attach.

In the state section, we can verify that Internet Gateway 'websol-igw' is attached to 'websol-vpc' VPC.

Step 4: Create Two Subnets:

• Create the first Subnet for Web Server:

AWS ➔ Services ➔ VPC ➔ Subnets ➔ Create subnet ➔ Name tag: websol-sub1-pub ➔ VPC: websol-vpc ➔ Availability Zone: us-east-1a ➔ IPv4 CIDR block: 10.0.1.0/24 ➔ Create ➔ Close.

• Create the second Subnet for Database Server:

AWS ➔ Services ➔ VPC ➔ Subnets ➔ Create subnet ➔ Name tag: websol-sub2-pvt ➔ VPC: websol-vpc ➔ Availability Zone: us-east-1b ➔ IPv4 CIDR block: 10.0.2.0/24 ➔ Create ➔ Close.

Step 5: Enable Auto-Assign IP settings for public subnet:

AWS ➔ Services ➔ VPC ➔ Subnets ➔ Select Subnet 'websol-sub1-pub' ➔ Actions ➔ Modify auto-assign IP settings ➔ [*] Enable auto-assign public IPv4 address ➔ Save.

Step 6: Create a Route Table and associate to subnet-1:

• Create a route table to get attached IGW to subnet1, which belongs to Web Server:

AWS ➔ Services ➔ VPC ➔ Route Tables ➔ Create Route Table ➔ Name tag: websol-rt-pub ➔ VPC: websol-vpc ➔ Create ➔ Close.

• Make Route Entries:

AWS ➔ Services ➔ VPC ➔ Route Tables ➔ Select 'websol-rt-pub' Route Table ➔ Routes ➔ Edit routes ➔ Destination: 0.0.0.0/0 ➔ Target: 'websol-igw' ➔ Save routes ➔ Close.

• Associate Route Table to Subnet-1:

AWS ➔ Services ➔ VPC ➔ Route Tables ➔ Select 'websol-rt-pub' Route Table ➔ Subnet Associations ➔ Edit Subnet Associations ➔ Select 'websol-sub1-pub' subnet ➔ Save.

Step 7: Create Instances:

Create two instances; one for Web Server in Subnet-1 and another instance for Database Server in Subnet-2.

• Create first instance in Subnet-1 named 'win-web-srv':

AWS ➔ Services ➔ EC2 ➔ Instances ➔ Launch Instance ➔ [*] Free Tier only ➔ Select 'windows Server 2008' AMI ➔ Instance Type: t2.micro ➔ Next ➔ Number of instances: 1 ➔ Network: select own created 'websol-vpc' VPC ➔ Subnet: As we are creating this instance for subnet-1, which we are using for a web server, select us-east-1a ➔ Auto-assign Public IP: We have already enable auto-assign in subnet, so there is no need to change this ➔ Next ➔ Next: tags ➔ Name: win-web-srv ➔ Next: SG ➔ [*] Create a new Security Group ➔ Security group name: win-sg ➔ Description: win-sg is created to access windows instances ➔ Rule ➔ RDP: TCP: 3389: Anywhere ➔ Add Rule ➔ HTTP: TCP: 80: Anywhere ➔ Add Rule ➔ HTTPS: TCP: 443: Anywhere ➔ Review and Launch ➔ Launch ➔ Create a new key-pair OR select any existing key pair ➔ Launch Instances ➔ View Instances.

• Create second instance in Subnet-2 named 'win-db-srv':

AWS ➔ Services ➔ EC2 ➔ Instances ➔ Launch Instance ➔ [*] Free Tier only ➔ Select 'windows Server 2008' AMI ➔ Instance Type: t2.micro ➔ Next ➔ Number of instances: 1 ➔ Network: select own created 'websol-vpc' VPC ➔ Subnet: As we are creating this instance for subnet-2, which we are using for a Database Server, select us-east-1b ➔ no need for enabling Auto-assign Public IP as we are creating this instance for private subnet ➔ Next ➔ Next: tags ➔ Name: win-db-srv ➔ Next: SG ➔ [*] Create a new Security Group ➔ Security group name: win-db-sg ➔ Description: win-db-sg is created to access windows DB instances ➔ Rule ➔ RDP: TCP: 3389: Custom: 10.0.0.0/16 (here, we gave CIDR for security purposes) ➔ Review and Launch ➔ Launch ➔ Create a new key-pair OR select any existing key pair ➔ Launch Instances ➔ View Instances.

• Generate passwords of both instances and copy them in notepad:

For Web Server:

AWS ➔ Services ➔ Instances ➔ Select Instance 'win-web-srv' ➔ Actions ➔ Get Windows Password ➔ Browse ➔ (Provide Private IP) ➔ Decrypt Password ➔ Copy this password in notepad.

For DB Server:

AWS ➔ Services ➔ Instances ➔ Select Instance 'win-db-srv' ➔ Actions ➔ Get Windows Password ➔ Browse ➔ (Provide Private IP) ➔ Decrypt Password ➔ Copy this password in notepad.

Step 8: Verify internet access on Web Server:

Run ➔ type 'mstsc' ➔ Computer: paste public IP from EC2 Dashboard ➔ Connect ➔ Username: Administrator ➔ Password: Paste from notepad, where we saved it ➔ Connect ➔ (this will login us to our web-server instance) ➔ Run ➔ cmd ➔ type 'ping www.google.com' ➔ If we get a reply, means we got the connection.

Step 9: Create a NAT Gateway:

AWS ➔ Services ➔ VPC ➔ NAT Gateways ➔ Create NAT Gateway ➔ Subnet: Select public subnet 'websol-sub1-pub' ➔ Elastic IP Allocation ID: Click on Create New EIP (this will assign and allocate a Public Elastic IP to NAT Gateway) ➔ Create a NAT Gateway ➔ Close.

Allow some moments to get the status from pending to available, because NAT Gateway takes some time to create.

Step 10: Create Route Table for NAT Gateway and Associate to Subnet-2:

• Create a route table to get attached with NAT Gateway:

AWS ➔ Services ➔ VPC ➔ Route Tables ➔ Create Route Table ➔ Name tag: websol-rt-nat ➔ VPC: websol-vpc ➔ Create ➔ Close.

• Make Route Entries:

AWS ➔ Services ➔ VPC ➔ Route Tables ➔ Select 'websol-rt-nat' Route Table ➔ Routes ➔ Edit routes ➔ Destination: 0.0.0.0/0 ➔ Target: Select NAT Gateway ➔ Save routes ➔ Close.

• Associate Route Table to Subnet-2:

AWS ➔ Services ➔ VPC ➔ Route Tables ➔ Select 'websol-rt-nat' Route Table ➔ Subnet Associations ➔ Edit Subnet Associations ➔ Select 'websol-sub2-pvt' subnet ➔ Save.

Step 11: Verify internet access on DB server:

• First login to the web-server:

Run ➔ type 'mstsc' ➔ Computer: paste public IP of web-server from EC2 Dashboard ➔ Connect ➔ Username: Administrator ➔ Password: Paste from notepad, where we saved it ➔ Connect ➔ this will login us to our web-server instance.

• Open RDP from the web server and login to the DB-Server using private IP:

In Web-Server ➔ Run ➔ type 'mstsc' ➔ Computer: paste private IP of DB-server from EC2 Dashboard ➔ Connect ➔ Username: Administrator ➔ Password: Paste from notepad, where we saved it ➔ Connect ➔ this will login us to our DB-Server ➔ Open Run ➔ type command 'cmd' ➔ ping www.google.com.

ACCESS GRANTED…ENJOY!!!

CLEANUP:

1. Terminate both instances
2. Delete NAT Gateway
3. Release Elastic IP which we used in NAT gateway
4. Delete VPC

Step 1: Terminate both instances:

AWS ➔ Services ➔ EC2 ➔ Instances ➔ Select both instances ➔ Action ➔ Instance State ➔ Terminate.

Step 2: Delete NAT Gateway:

AWS ➔ Services ➔ VPC ➔ NAT Gateways ➔ Select NAT Gateway ➔ Actions ➔ Delete NAT Gateway ➔ Delete NAT Gateway.

Again this will take some time to be deleted as it took at the time of creation.

Step 3: Release Elastic IP which we used in NAT Gateway:

AWS ➔ Services ➔ VPC ➔ Elastic IPs ➔ Select Elastic IP ➔ Actions ➔ Release addresses ➔ Release.

Step 4: Delete VPC:

AWS ➔ Services ➔ VPC ➔ Your VPCs ➔ Select your own created VPC (not default) ➔ Actions ➔ Delete VPC ➔ Delete VPC ➔ Close.