In this series of articles, I will show you how to build your own private cloud on AWS. Here, in Appus studio we always put the security of applications of our clients first, so we recommend them getting their own VPC with public, private, and full isolated subnets.
So let’s get started. Open your AWS console and search for VPC. In the left menu bar, you can find “Your VPCs”, left button click on it and all VPCs you have should be visible to you. If you haven't configured your custom one, there is always one default VPC provided by Amazon. Click on “Create VPC” and enter the name of your VPC, CIDR block (range of IP addresses that work in this VPC). In my case, I use this 10.0.0/16 it is 65,536 IP addresses minus 5 reserved by AWS. I will keep all other configurations default because I do not need them.
Now our VPC is created. The next step is to configure Internet Gateway and attach it to our private cloud to have Internet access. On the left menu bar find the “Internet Gateways” tab and by default, there is just one provided by Amazon. Click on “Create internet gateway”, name it, and hit “Create”. Now it has a detached state, to attach it all we need to do is click on “Actions” -> “Attach to VPC” -> and select your VPC.
So we have created our VPC and attached Internet Gateway to it. The next step is to create our subnets. Left click on “Subnets”. By default, it has as many subnets as your region has availability zones. We will create our subnets in two different availability zones. Hit “Create subnet” and fill out the “Name tag” box, choose your VPC, choose one of the availability zones that Amazon provides in your region and enter the CIDR block for this subnet.
Let’s configure the same public subnet but in another availability zone.
Now we need to tick auto-assign public IPv4. Choose your subnet and hit “Actions” -> “Modify auto-assign IP settings” -> “Enable auto-assign public IPv4 addresses”-> “Save”. These steps are for public subnets.
Now we will modify our route table for our subnets to be able to access the Internet. Now go to “Route tables” -> choose your route table -> “Actions” -> “Edit routes” -> “Add route” -> Destination(0.0.0.0/0) and Target Internet Gateway and choose yours -> “Save routes”.
The next step will be to create a private subnet in different availability zones.
And another one:
When a private subnet is created we need to configure the route table for it. On the left menu bar click on “Route tables” -> “Create route table” and create new route tables for first and second private subnets.
Then we need to attach this route table to our private subnet. Click on your private subnet, then “Subnet Associations” -> “Edit subnet associations” then choose private subnet –> “Save”:
So let’s configure isolated subnets in two availability zones.
And another one:
And now we will create a new route table for our isolated subnet:
Now attach it to our isolated subnets:
We have come a long way. Now we will configure NAT for our access to the Internet from private subnet. Click on “NAT Gateways” -> “Create NAT Gateway”. NAT will be attached to public subnets and it needs an Elastic IP address. If you do not have one, just click on “Allocate Elastic IP” -> “Create NAT gateway”
We need 2 Elastic IP addresses for subnets A and B. So I will create another one but with another public subnet. It will take some time for NATs to switch to the available state. If you did everything correctly you will see this:
Now we will attach those NATs to our route tables. We will attach NAT-A to private subnet A and NAT-B to private subnet B:
And for another one:
Finally, we are done and here is the result of our work:
In the next part we will test our environment. See you soon!