DEV Community: ODINKEMELU INNOCENT

Building Security by Design: My AWS Project Showcasing VPC, NAT Gateway, and Private Networking Mastery

ODINKEMELU INNOCENT — Sat, 08 Nov 2025 04:57:58 +0000

INTRODUCTION
This project reflects how I combine cloud architecture principles with practical implementation to build secure, scalable environments.
In today’s cloud-driven world, security and design are not optional — they are essential. As part of my hands-on learning and practical implementation of AWS architecture, I completed a project titled “Building a Secure Web Architecture on AWS.” The aim was to design a secure, professional-grade cloud network that demonstrates how public and private resources can coexist in the same environment, safely and efficiently.

This project combines concepts of network isolation, controlled routing, and secure connectivity — principles that are fundamental to cloud security and modern infrastructure management. Every step was documented with annotated screenshots, from setup to validation.

PROJECT OVERVIEW

Objective:
To build a secure network architecture on AWS consisting of a public and a private section. The web server in the public section is accessible from the internet, while the database server in the private section remains hidden from external access but can still reach the internet securely through a NAT Gateway

Final Architecture

Phase 1: Foundation Setup - Building Your Private Network (VPC)

Create a VPC (Your Private Cloud Network) Go to: AWS Console -> VPC service -> "Your VPCs" -> "Create VPC".

Settings:
▪ Name tag: My-Secure-VPC
IPv4 CIDR block: 10.0.0.0/16(This creates 65,536 private IP address for your use).

Click Create.

Create Subnets (Your Designated Areas) Go to: Subnets -> Create subnet.

VPC ID: Select My-Secure-VPC.

Create Public Subnet:
▪ Subnet name: public-subnet-1
▪ Availability Zone: Pick the first one (e.g., us-east-1a).
▪ IPv4 CIDR block: 10.0.1.0/24 (This gives us 256 addresses in this
zone).

Create Private Subnet:
▪ Click "Create subnet" again.

▪ Subnet name: private-subnet-1
▪ Availability Zone: Pick the same zone (e.g., us-east-1a).
▪ IPv4 CIDR block: 10.0.2.0/24

▪ Click Create subnet.

Create an Internet Gateway (Your Front Door to the Internet)

Go to: Internet Gateways -> Create internet gateway.

Name tag: My-IGW
Click Create.

Now, ATTACH it to your VPC: Select the My-IGW gateway, click Actions -

Attach to VPC. Select My-Secure-VPC and click Attach.

Phase 2: Routing & Security - Controlling Traffic

Create a Route Table for the Public Subnet Go to: Route Tables -> Create route table.

Name: Public-Route-Table
VPC: Select My-Secure-VPC

Click Create.

Edit Routes: Select the new table, click the Routes tab -> Edit routes -> Add
route.

▪ Destination: 0.0.0.0/0 (This means "all internet traffic").
▪ Target: Select Internet Gateway and choose My-IGW.
▪ Click Save changes.

Associate with Public Subnet: Click the Subnet associations tab -> Edit

subnet associations. Check the box for public-subnet-1 and click Save
associations.

Create a Security Group for the Web Server (The Firewall) Go to: Security Groups -> Create security group.

Name: Web-Server-SG
Description: Allow HTTP and SSH
VPC: Select My-Secure-VPC

Inbound Rules:
▪ Add rule: Type: HTTP, Source: Anywhere-IPv4 (0.0.0.0/0).
▪ Add rule: Type: SSH, Source: My IP (This automatically adds your
computer's IP for security).

Click Create security group.

Phase 3: NAT Gateway - Allowing Private Servers Outbound Internet

Allocate an Elastic IP (A Static Public IP Address)
Go to: Elastic IPs -> Allocate Elastic IP address.

Just click Allocate. AWS will give you a fixed public IP.
Create the NAT Gateway
Go to: NAT Gateways -> Create NAT Gateway.

Name: My-NAT-Gateway
Subnet: Choose public-subnet-1

Elastic IP allocation ID: Click the dropdown and select the Elastic IP you
just created.
Click Create NAT Gateway. Wait for the status to change
from Pending to Available. This takes a few minutes.

Create a Route Table for the Private Subnet Go to: Route Tables -> Create route table. Name: Private-Route-Table VPC: Select My-Secure-VPC

Click Create.

Edit Routes: Select this new private route table, click Edit routes -> Add
route.

▪ Destination: 0.0.0.0/0 (Send all internet-bound traffic...)
▪ Target: Select NAT Gateway and choose My-NAT-Gateway (...to our
NAT Gateway).

▪ Click Save changes.

Associate with Private Subnet: Click Subnet associations -> Edit subnet
associations. Check the box for private-subnet-1 and click Save
associations.

Phase 4: Resource Deployment - Launching Your Servers

Launch the Web Server (in the Public Subnet) Go to: EC2 -> Launch Instances.

Name: Web-Server

AMI: Amazon linux

Instance type: t2.micro (Free Tier)

Key pair: Create a new key pair or choose an existing one. DOWNLOAD
THE .pem KEY IF NEW

Network Settings:

▪ VPC: My-Secure-VPC
▪ Subnet: public-subnet-1
▪ Auto-assign Public IP: Enable
▪ Firewall (Security Groups): Select existing security group WebServer-SG

Advanced details -> User data: Paste this script to install a web server on

boot:
bash

!/bin/bash

sudo dnf update -y
sudo dnf install -y httpd
sudo systemctl start httpd
sudo systemctl enable httpd
echo "

Hello World from my $(hostname -f)

" > /var/www/html/index.html

Click Launch Instance.

Launch the Database Server (in the Private Subnet) Go to: EC2 -> Launch Instances

Name: DB-Server

AMI: Amazon Linux 2023 AMI

Instance type: t2.micro (Free Tier)

Key pair: Choose the same key pair you used for the Web Server.

Network Settings:
▪ VPC: My-Secure-VPC
▪ Subnet: private-subnet-1
▪ Auto-assign Public IP: Disable (This is key! It gets no public IP.)

Click Launch Instance.

Web-Server EC2-Instance Running and DB-Server EC2-Instance Running

Phase 5: Validation - Testing Your Setup

Test Web Access
In the EC2 console, find your Web-Server instance.
Copy its Public IPv4 address.
Open a browser and paste the IP address. You should see "Hello World
from my ...".
OR, use the terminal: curl http://
Test Private Instance Internet Access (Via NAT)
SSH into your Web Server first (it's public):
bash
ssh -i "your-key.pem" ec2-user@

From inside your Web Server, try to SSH into the private Database Server:
▪ In the EC2 console, find your DB-Server and copy its Private IPv4
address (e.g., 10.0.2.50).

▪ Run:
bash
ssh -i "your-key.pem" ec2-user@
Once logged into the private DB-Server, test if it can reach the internet:
bash
curl https://checkip.amazonaws.com
This should RETURN THE ELASTIC IP OF YOUR NAT GATEWAY. This proves
your private server is using the NAT Gateway to access the internet!

Conclusion :
You have successfully built a secure, professional-grade network
architecture on AWS. Your web server is publicly accessible, but your database is securely
hidden in a private network, yet can still download updates.

Deploying My First NGINX Web Server on AWS EC2: A Beginner-Friendly Walkthrough

ODINKEMELU INNOCENT — Fri, 03 Oct 2025 07:13:11 +0000

INTRODUCTION
Cloud computing is about using powerful computers hosted online instead of relying on your personal device. Think of it like renting a house: you can use it when you need it, without worrying about building or maintaining it.

Amazon Web Services (AWS) is one of the most popular platforms for cloud computing. One of its key services is EC2 (Elastic Compute Cloud), which lets you rent virtual computers called instances. These instances allow you to run applications, websites, or other services directly from the cloud.

Launching an EC2 Instance

Here are the steps I followed to launch my virtual server:

1.Logged into the AWS Management Console.

2.Navigated to Services > EC2 > Launch Instance.

3.Named the instance: my-nginx33.

4.Selected Ubuntu Server 22.04 LTS as the operating system.

.Ubuntu is a version of Linux widely used for cloud servers.

5.Chose instance type: t2.micro (eligible for the AWS Free Tier).

6.Created a new key pair called " my-2P-key " and i downloaded the .pem file. Then after downloading the ".pem " file , it will appear/ becomes " my-2P-key.pem "

This file acts as a secure key for connecting to the server.

7.Configured security group rules to allow:

SSH on port 22 for remote access.

HTTP on port 80 for web access.

8.Clicked Launch Instance.

Analogy: The EC2 instance is like renting a small apartment in the cloud, and the security group is like deciding which doors and windows are unlocked for visitors.

3. Connecting to EC2 Using GitBash

Once my instance was running, I connected to it from my computer:

1.Retrieved the public IPv4 address from the AWS console.
IPv address-18.207.154.160

2.Opened GitBash (Command Prompt/PowerShell also works).
Type : cd downloads

Type : chmod 400 my-2P-key.pem

3.Entered the SSH command:

ssh -i "C:\Users\Downloads\my-2P-key.pem" ubuntu@

Example:
ssh -i my-2P-key.pem" ubuntu@18.207.154.160

4.Accepted the connection when prompted.

When the connection is been prompted, Type : yes

SSH is like a secure remote key that unlocks your apartment in the cloud and lets you control it.

4. Updating Ubuntu Server

Once inside the server, I updated its package list to ensure the latest software versions and security patches were available:

sudo apt update

This is like refreshing the app store on your phone before downloading or upgrading apps.

5. Installing and Configuring NGINX Web Server

With the server ready, I installed and configured NGINX:

Install NGINX:
sudo apt install nginx -y

Start the NGINX service:
sudo systemctl start nginx

Check if it is running:
sudo systemctl status nginx

Enable NGINX to start automatically on reboot:
sudo systemctl enable nginx

NGINX is now running and able to serve webpages from the server.

6. Testing and Customizing the Web Page

To test the installation, I opened my browser and typed:

http://

http://18.207.154.160

This showed the default NGINX welcome page, confirming the web server was active.

Next, I customized the page:

1.Opened the default web file:
sudo nano /var/www/html/index.nginx-debian.html

2.Deleted the existing content using Ctrl + K.

3.Added my own message:

4.Saved and exited by pressing Ctrl + X, then Y, then Enter.

Refreshing the browser displayed my new page. Editing this file was like changing the welcome sign on the front of a Pharmacy premise to make it personal.

Full Quick Command Summary

Below are the main commands I used in this project:

sudo apt update
sudo apt install nginx -y
sudo systemctl start nginx
sudo systemctl enable nginx
sudo nano /var/www/html/index.nginx-debian.html

GitBash SSH example:
ssh -i "C:\Users\John\Downloads\nginx-key.pem" ubuntu@18.207.154.160

Conclusion

This project gave me hands-on experience with launching and managing a cloud server. I learned how to:

Launch an EC2 instance on AWS.

Connect to it securely using SSH.

Install and configure NGINX on Ubuntu.

Edit and customize a web page.

It was more than just a technical exercise — it gave me a deeper understanding of how cloud infrastructure, Linux commands, and web servers work together in real-world scenarios.

Completing this project boosted my confidence in working with AWS, Linux, and NGINX, and it opened the door for me to build more advanced cloud-based projects in the future.

UNDERSTANDING SERVERS AND CLOUD COMPUTING.

ODINKEMELU INNOCENT — Sun, 01 Jun 2025 23:33:10 +0000

         Difference between hardware and software.

      Hardware is  part of  a server characteristics, that is              a physical machines with powerful components. Such as

*High-performance capabilities : Servers often have powerful processors, ample RAM, and Large storage Capacities.

*Reliability and redundancy : Server may include redundant components like power supplies, hard drives, and cooling system to minimize downtime.
*Scalability : Servers can be easily upgraded or expanded to meet growing demands
Software is a part of Server characteristics which are applications that perform specific tasks like serving web pages over the networking system.
*Operating system : Servers run specialized operating system, such as windows server, Linux, or mac OS server.
*Service-Oriented : Servers provide specific services, like web hosting, file sharing, or database management.
Name and give example of 3 types of server ?

      Here are some common types below

*Web Server :

Hosts websites, web applications, and serves web pages to clients. Examples are Apache, Nginx, IIS.
File Server : -Stores and manages

This is how cloud computing resources are provisioned, managed, and deployed. such as follows :

Cloud services are provided over the internet, which is /will be available to anyone /everyone that requested. Examples are Amazon web services(AWS),Microsoft AZure ,Google cloud platform. *Public Cloud :
Cloud infrastructure is provisioned and managed within a single organization.
It can also be hosted on-premise or off-premises.
Hybrid Cloud
Combines public and private cloud models, allowing for data and applications to be shared between them. -It can also enables Flexibility, Scalability, and cost-effectiveness. *Community Cloud
Cloud Infrastructure is shared among several organizations with similar interest or goals.
It can be also be managed internally or by a third party provider. Compare Iaas, Paas, Saas with examples.

1) Iaas, which is Infrastructure as a service which provides

Provide Virtualized computing resources, such as servers, storage and networking.
In this case the Users manage the infrastructure, while the Provider manages the underling hardware such as : Amazon web services (AWS),Microsoft AZure, Google cloud platform. The User manage App and OS.
2) Paas, Which is Platform as a service.
-Provides a Complete platform for developing, running, and managing applications you don't need to be maintaining or building an infrastructure Example are Heroku, Google App Engine, Microsoft AZure Application service. The User manage code.
3) Saas, which is Software as a Service. It is a provides and also manage software application that are accessible over the internet, eliminating the need for local installation and maintenance.
-Users access the application through a web browser or mobile app. Example Salesforce, microsoft office 365,Google workspace. The User need to use it.

Comparison of Iaas, Paas, Saas, each of them can offer different levels of control , management, and flexibility that best fit the need of an organization.
```
            TRUE OR FALSE 
```
1) False
2) False
3) False
4) True
```
            SCENERO - BASE
```
You are starting a business. Which model do you use and why ? Choose AWS services for storage, backend, and database.

Model to use is Hybrid Cloud. Then why is : Security of internal data information, cost effectiveness, Scalability, Elasticity, High-availability and Agility.
I am choosing Iaas , User to manage storage through Amazon web services (AWS-S3) Using it was object storage for files, images, and videos.
AWS Backend : AWS IAM - Which allows for security, Identity and access management services for controlling access to AWS resources.
AWS data base :
-cost effectiveness - Amazon Aurora database
-Scalability - Amazon DynamoDB database
-Elasticity - Amazon Elastic ache database
-High-availability - Amazon Aurora with plus Amazon Neptune.
-Agility - Amazon Redshift.