loading...

How to build your own private cloud on AWS part 1

antonnguyen97 profile image AntonNguyen97 ・4 min read

In this series of articles, I will show you how to build your own private cloud on AWS. Here, in Appus studio we always put the security of applications of our clients first, so we recommend them getting their own VPC with public, private, and full isolated subnets.
So let’s get started. Open your AWS console and search for VPC. In the left menu bar, you can find “Your VPCs”, left button click on it and all VPCs you have should be visible to you. If you haven't configured your custom one, there is always one default VPC provided by Amazon. Click on “Create VPC” and enter the name of your VPC, CIDR block (range of IP addresses that work in this VPC). In my case, I use this 10.0.0/16 it is 65,536 IP addresses minus 5 reserved by AWS. I will keep all other configurations default because I do not need them.

Alt Text

Now our VPC is created. The next step is to configure Internet Gateway and attach it to our private cloud to have Internet access. On the left menu bar find the “Internet Gateways” tab and by default, there is just one provided by Amazon. Click on “Create internet gateway”, name it, and hit “Create”. Now it has a detached state, to attach it all we need to do is click on “Actions” -> “Attach to VPC” -> and select your VPC.
So we have created our VPC and attached Internet Gateway to it. The next step is to create our subnets. Left click on “Subnets”. By default, it has as many subnets as your region has availability zones. We will create our subnets in two different availability zones. Hit “Create subnet” and fill out the “Name tag” box, choose your VPC, choose one of the availability zones that Amazon provides in your region and enter the CIDR block for this subnet.

Alt Text

Let’s configure the same public subnet but in another availability zone.

Alt Text

Now we need to tick auto-assign public IPv4. Choose your subnet and hit “Actions” -> “Modify auto-assign IP settings” -> “Enable auto-assign public IPv4 addresses”-> “Save”. These steps are for public subnets.
Now we will modify our route table for our subnets to be able to access the Internet. Now go to “Route tables” -> choose your route table -> “Actions” -> “Edit routes” -> “Add route” -> Destination(0.0.0.0/0) and Target Internet Gateway and choose yours -> “Save routes”.
The next step will be to create a private subnet in different availability zones.

Alt Text

And another one:

Alt Text

When a private subnet is created we need to configure the route table for it. On the left menu bar click on “Route tables” -> “Create route table” and create new route tables for first and second private subnets.

Alt Text

Then we need to attach this route table to our private subnet. Click on your private subnet, then “Subnet Associations” -> “Edit subnet associations” then choose private subnet –> “Save”:

Alt Text

Alt Text

So let’s configure isolated subnets in two availability zones.

Alt Text

And another one:

Alt Text

And now we will create a new route table for our isolated subnet:

Alt Text

Now attach it to our isolated subnets:

Alt Text

We have come a long way. Now we will configure NAT for our access to the Internet from private subnet. Click on “NAT Gateways” -> “Create NAT Gateway”. NAT will be attached to public subnets and it needs an Elastic IP address. If you do not have one, just click on “Allocate Elastic IP” -> “Create NAT gateway”

Alt Text

We need 2 Elastic IP addresses for subnets A and B. So I will create another one but with another public subnet. It will take some time for NATs to switch to the available state. If you did everything correctly you will see this:

Alt Text

Now we will attach those NATs to our route tables. We will attach NAT-A to private subnet A and NAT-B to private subnet B:

Alt Text

And for another one:

Alt Text

Finally, we are done and here is the result of our work:

Alt Text

In the next part we will test our environment. See you soon!

Discussion

pic
Editor guide