Building a secure and scalable network in the cloud is critical for any organization that leverages cloud services. AWS Virtual Private Cloud (VPC) and its associated subnets provide the foundational infrastructure to achieve these goals. This blog post will guide you through the process of architecting a secure and scalable network using AWS VPCs and subnets.
Project Prerequisites
An AWS account that is free-tier eligible because we don’t want to spend money on this project.
Basic knowledge of VPCs, subnets, Network ACLs, routing and security groups.
My Architecture Diagram
Creating a custom VPC and Subnets
I will launch all the resources I use in this project in the North Virginia region. If you want to follow along to the last detail, make sure you are also launching your resources in the North Virginia region.
Now let’s create our VPC. Creating a VPC has been made easier as you can create your VPC and subnets, and define route tables and other VPC resources in one go.
Here change the IPv4 CIDR block and the zones and subnets to 1 gateways and endpoints to None
Configuring Security Groups
To locate the security group console, we have to search and navigate to the EC2 management console window. Once in the EC2 dashboard navigate to the security groups tab and create a security group as shown in the image below.{https://whatismyipaddress.com/ip/110.224.90.87} to find the IP address
Here Allow SSH from local computer to bastion host launched in public subnet.
Setting up a Bastion Host
The next step in the project is to launch a bastion host in the public subnet via which we are going to connect to an EC2 instance launched in the private subnet. So let’s get that done. Within your management console, navigate to the EC2 window. To make sure we don’t accrue any cost, we are going to use an AMI that is free-tier eligible.
While launching the EC2 instance, be sure to select the security group we created earlier as its security group. After having filled in all the details, clicking on the Launch instance button launches our bastion host EC2 instance.
Launch Private EC2 Instance
We need another EC2 instance in our private subnet which we are going to access it using SSH via the bastion host. This instance is going to use the same key pair and security group as the bastion host in the public subnet.
SSH to Bastion Host
The time to start testing our work has come. We are going to access our bastion host from our computer. So open a terminal window and run the following commands.
chmod 400 /path/to/private/key.pem
This command will secure the key pair file that was downloaded when we created our key pair. After that, the next command to be run is:
ssh -i path/to/key.pem ec2-user@bastion-public-ip
Make sure you edit the command as needed before running it. With that, we will be connected to our bastion host and we can now connect to the private instance via SSH from the bastion host. To do that, run the following command:
ssh ec2-user@private-instance-private-ip
That’s all that there is to it. Now close the connection to your EC2 instances by running the edit command
**exit**
command.
Top comments (0)