In this project, I built a real-world AWS VPC architecture from scratch using public and private subnets. I hosted a live website on a public Ubuntu EC2 instance and securely accessed a private EC2 instance using a bastion host. The private instance had outbound internet access via a NAT Gateway while remaining inaccessible from the internet.
This project helped me deeply understand VPC networking, route tables, security groups, Internet Gateways, and NAT Gateways in a practical way.
This repository documents a complete, hands-on AWS VPC project built from scratch and tested end-to-end. The project demonstrates real-world networking, security best practices, and production-style architecture using Ubuntu EC2 instances.
π Project Overview
In this project, we:
Created a custom VPC
Designed public and private subnets
Configured Internet Gateway & NAT Gateway
Launched two Ubuntu EC2 instances
Public EC2 β Website + Bastion Host
Private EC2 β Secure backend server
Hosted a live website on the public EC2
Verified private EC2 internet access via NAT Gateway
ποΈ Architecture Diagram (Logical)
Internet
|
Internet Gateway
|
Public Subnet (10.0.1.0/24)
|-- Ubuntu EC2 (Web Server + Bastion)
|
NAT Gateway
|
Private Subnet (10.0.2.0/24)
|-- Ubuntu EC2 (Backend Server)
π οΈ AWS Services Used
Amazon VPC
EC2 (Ubuntu 22.04 LTS)
Internet Gateway (IGW)
NAT Gateway
Route Tables
Security Groups
Elastic IP
𧱠STEP-BY-STEP IMPLEMENTATION
β
Step 1: Create Custom VPC
Name: Demo-custom-vpc
CIDR Block: 10.0.0.0/16
β
Step 2: Create Subnets
Public Subnet
Name: Public-subnet
CIDR: 10.0.1.0/24
AZ: us-east-1a
Private Subnet
Name: Private-subnet
CIDR: 10.0.2.0/24
AZ: us-east-1b
β Step 3: Create and Attach Internet Gateway
Name: Demo-igw
Attach to Demo-custom-vpc
β Step 4: Create NAT Gateway
Subnet: Public-subnet
Allocate Elastic IP
Name: Demo-nat
β
Step 5: Configure Route Tables
Public Route Table (Public-RT)
Routes:
10.0.0.0/16 β local
0.0.0.0/0 β Internet Gateway
Associate with:
Public-subnet
Private Route Table (Private-RT)
Routes:
10.0.0.0/16 β local
0.0.0.0/0 β NAT Gateway
Associate with:
Private-subnet
β
Step 6: Configure Security Groups
Web-SG (Public EC2)
SSH (22) β My IP
HTTP (80) β 0.0.0.0/0
Private-SG (Private EC2)
SSH (22) β Source: Web-SG
π Step 7: Launch EC2 Instances
Public EC2 (Web Server)
AMI: Ubuntu 22.04 LTS
Subnet: Public-subnet
Auto-assign Public IP: Enabled
Security Group: Web-SG
Private EC2 (Backend Server)
AMI: Ubuntu 22.04 LTS
Subnet: Private-subnet
Auto-assign Public IP: Disabled
Security Group: Private-SG
π Step 8: Host Website on Public EC2
sudo apt update -y
sudo apt install apache2 -y
sudo systemctl start apache2
sudo systemctl enable apache2
Create a simple webpage:
cd /var/www/html
sudo nano index.html
AWS VPC Project
Website hosted on Ubuntu EC2 in a Public Subnet
Access in browser:
http://
π Step 9: Bastion Host Access (Best Practice)
Copy key from local β Public EC2 using scp
SSH into Public EC2
From Public EC2, SSH into Private EC2 using private IP
ssh -i demo-key.pem ubuntu@10.0.2.128
π Step 10: Verify NAT Gateway
From Private EC2:
ping google.com
β Confirms outbound internet access via NAT Gateway
π― Final Outcome
Public website accessible from internet
Private EC2 fully isolated
Secure access using Bastion Host
Enterprise-grade AWS VPC architecture
Github--https://github.com/IrfanPasha05/aws-vpc-public-private-ec2/blob/main/README.md
Top comments (0)