⚠️ Before You Dive In...
This post is a continuation of my AWS networking journey. If you're new to VPCs, subnets, and internet gateways, I highly recommend checking out my previous post — “Mastering AWS Networking: Building My First VPC!”
In that post, I walked through the foundational steps of creating a Virtual Private Cloud (VPC), setting up subnets, and attaching an internet gateway.
This current guide builds on those concepts and focuses on configuring route tables, security groups, and network ACLs to secure and control traffic flow within your network.
So if you're just starting out, go through that first — it’ll make this guide much easier to follow and more meaningful!
🧭 1. Create and Associate a Route Table
What is a route table : A route table acts like a traffic controller for your network. It is a set of rules, or routes, that determine where network traffic from a subnet or gateway is directed. It lists the routes to specific network destinations and contains information about the network topology immediately around it.
✅ Step 1: Navigate to Route Tables
In the VPC Dashboard, select “Route Tables” from the left-hand menu.
--Click “Create route table.”
✅ Step 2: Set Route Table Details
--Name your route table (e.g., PublicRouteTable).
--Select the VPC you previously created.
--Click “Create route table.”
✅ Step 3: Edit Routes to Add Internet Gateway
--Select your newly created route table.
--Go to the “Routes” tab and click “Edit routes.”
--Click “Add route.”
--Destination: 0.0.0.0/0
--Target: Select your Internet Gateway (e.g., igw-xxxxxxxx)
--Click “Save changes.”
✅ Step 4: Associate with Subnet
--Go to the “Subnet associations” tab.
--Click “Edit subnet associations.”
--Select the subnet you want to make public.
--Click “Save associations.”
✅ Your subnet is now public and can access the internet!
🔐 2. Configure a Security Group
A security group acts as a virtual firewall for your Amazon EC2 instances, controlling inbound and outbound traffic. Its main advantage is that it provides a powerful and easy-to-manage layer of security, allowing you to define granular rules to filter traffic at the instance level.
✅ Step 1: Navigate to Security Groups
--Still in the VPC Dashboard, click “Security Groups.”
--Click “Create security group.”
✅ Step 3: Configure Inbound Rules
--Click “Add Rule.”
--Type: HTTP
--Protocol: TCP
--Port: 80
--Source: Anywhere (0.0.0.0/0)
--(Optional) Add another rule for SSH (port 22) if you want SSH access.
--Then click on create
🔒 3. Set Up a Network ACL (Optional Advanced Step)
A Network Access Control List (Network ACL) is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets. Its advantage is that it provides an additional, stateless layer of security at the subnet level, allowing you to define a broader set of rules for traffic entering or leaving a subnet, which complements the instance-level security provided by security groups.
✅ Step 1: Navigate to Network ACLs
--On the VPC dashboard, click “Network ACLs.”
--Click “Create network ACL.”
✅ Step 2: Configure the ACL
--Name your ACL (e.g., PublicSubnetACL).
--Select your VPC.
--Click “Create.”
✅ Step 3: Add Inbound Rules
--Select your ACL and go to “Inbound rules.”
--Click “Edit inbound rules.”
--Add rule:
--Rule #: 100
--Type: HTTP
--Protocol: TCP
--Port Range: 80
--Source: 0.0.0.0/0
--Allow/Deny: Allow
--Repeat as needed (e.g., SSH on port 22).
"I challenge you to edit your inbound rule "
✅ Step 5: Associate with Subnet
--Go to “Subnet associations”.
--Click “Edit subnet associations.”
--Select your subnet.
--Save.
✅ Now your subnet is protected by both a security group and a network ACL.
✅ Wrapping Up
And that’s it! You've now taken your VPC setup to the next level by configuring route tables, security groups, and network ACLs — key tools for managing and securing traffic in your AWS network.
These components may seem small on their own, but together, they play a critical role in keeping your infrastructure functional and secure.
🔒 Up next in the series: Creating a Private Subnet — where we’ll explore how to isolate resources, use NAT gateways, and build a more production-ready network.
Stay tuned, and thanks for following along on this journey through AWS networking!
Top comments (0)