AWS VPC Setup: Public & Private Subnets with IGW, NAT, and EC2

Setting up a Virtual Private Cloud (VPC) is foundational when deploying resources in AWS securely. This guide walks you through creating:

1. A VPC
2. Public & Private Subnets
3. Internet Gateway
4. NAT Gateway
5. Route Tables
6. Optional EC2 Instances

---

✅ 1. Create a VPC

1. Go to VPC Dashboard > Your VPCs > Create VPC
2. Choose VPC only
3. Name: MyVPC
4. IPv4 CIDR block: 10.0.0.0/16
5. Leave other fields as default
6. Click Create VPC

---

✅ 2. Create Subnets

Navigate to Subnets > Create Subnet

➤ Public Subnet:

• Name: PublicSubnet
• VPC: MyVPC
• AZ: ap-south-1a
• CIDR block: 10.0.1.0/24

➤ Private Subnet:

• Name: PrivateSubnet
• VPC: MyVPC
• AZ: ap-south-1b
• CIDR block: 10.0.2.0/24

---

✅ 3. Create and Attach Internet Gateway

1. Go to Internet Gateways > Create Internet Gateway
   • Name: MyIGW
2. Click Attach to VPC and select MyVPC

---

✅ 4. Create a Public Route Table

1. Go to Route Tables > Create Route Table

   • Name: PublicRT
   • VPC: MyVPC

2. Select PublicRT > Routes > Edit Routes

   • Add route:
     • Destination: 0.0.0.0/0
     • Target: Internet Gateway → MyIGW

1. Go to Subnet Associations > Edit Subnet Associations
   • Select: PublicSubnet

---

✅ 5. Allocate Elastic IP (EIP)

1. Go to Elastic IPs > Allocate Elastic IP
2. Note the allocation ID

---

✅ 6. Create NAT Gateway

1. Go to NAT Gateways > Create NAT Gateway
   • Name: MyNATGW
   • Subnet: PublicSubnet
   • Elastic IP: select the one you just allocated

⏳ Wait a few minutes for the NAT Gateway to become active.

---

✅ 7. Create a Private Route Table

1. Go to Route Tables > Create Route Table

   • Name: PrivateRT
   • VPC: MyVPC

2. Select PrivateRT > Routes > Edit Routes

   • Add route:
     • Destination: 0.0.0.0/0
     • Target: NAT Gateway → MyNATGW

1. Go to Subnet Associations
   • Attach PrivateSubnet

---

✅ 8. Launch EC2 Instances (Optional)

➤ Public EC2:

• AMI: Amazon Linux 2
• Network: MyVPC, Subnet: PublicSubnet
• Auto-assign Public IP: Enabled
• Security Group: Allow SSH (port 22) from your IP

➤ Private EC2:

• Same AMI
• Subnet: PrivateSubnet
• Auto-assign Public IP: Disabled

---

✅ SSH Connection Established

Use your terminal to SSH into the public instance, and from there connect to the private one using its private IP.

---

⚠️ Troubleshooting Tip

If you're unable to connect:

• Check your Security Group's inbound rules:
  • Type: SSH
  • Protocol: TCP
  • Port: 22
  • Source: My IP or 0.0.0.0/0 (for open access - use carefully!)

---

🧹 Clean Up Resources

To avoid unnecessary charges, clean up:

---

📌 Summary Diagram

VPC: 10.0.0.0/16
├── PublicSubnet (10.0.1.0/24)
│   ├── Internet Gateway → Public RT → 0.0.0.0/0
│   └── NAT Gateway (for private subnet)
├── PrivateSubnet (10.0.2.0/24)
    └── NAT Gateway → Private RT → 0.0.0.0/0

✨ Happy Cloud Building!