Introducing Today's Project!
What is Amazon VPC?
Amazon VPC (Virtual Private Cloud) lets you create a private network in AWS where you control IP ranges, subnets, and traffic. It's useful for securely launching and managing cloud resources at scale.
How I used Amazon VPC in this project
I used Amazon VPC in today's project to build a secure cloud network. I created a VPC with public and private subnets, added an internet gateway, route tables, security group, network ACL and launched EC2 instances.
One thing I didn't expect in this project
One thing I didn't expect in this project was how fast the Amazon VPC wizard set things up. I assumed I'd manually configure each element, but the wizard created the VPC, subnets, and offered NAT gateways in seconds.
The project was estimated to take 60 minutes, but I actually completed it in just about 20 minutes. Thanks to the Amazon VPC wizard, most tasks like setting up subnets, route tables, and gateways were quick and smooth.
Setting Up Direct VM Access
Directly accessing a virtual machine means connecting to your EC2 instance over the internet via its public IP address using SSH, enabling you to manage it remotely from your device.
SSH is a key method for directly accessing a VM
SSH traffic means securely accessing remote systems, like EC2 instances, over port 22. In your AWS setup, it's what lets you connect to a public instance from your computer using a private key.
To enable direct access, I set up key pairs
Key pairs are cryptographic tools consisting of a public key and a private key, used to encrypt, decrypt, and authenticate data securely in systems like SSH, SSL, and blockchain.
A private key's file format means the type of file used to store the key for SSH access. My private key's file format was .pem, used to authenticate securely when logging into EC2.
Launching a public server
I had to change my EC2 instance's networking settings by first changing the VPC it is placed in to my VPC, then the subnet, then enabling auto-assign public IP and choosing the already created Security Group.
Launching a private server
My private server has its own dedicated security group because it's in a private subnet and needs tighter access rules. It restricts external traffic and allows only trusted internal communication.
My private server's security group's source is the public serverʼs security group, which means it only allows traffic coming from the public server, ensuring controlled and secure communication.
Speeding up VPC creation
I used an alternative way to set up an Amazon VPC! This time, I used the wizard to create a VPC with public and private subnets, an internet gateway, and route tables.
A VPC resource map is a diagram showing your VPC setup subnets, route tables, internet gateway, EC2 instances, security groups, and ACLs to help visualize traffic flow and security in AWS.
My new VPC has a CIDR block of 10.0.0.0/16. It is possible for my new VPC to have the same IPv4 CIDR block as my existing VPC because each VPC is isolated, so IP ranges can overlap without conflict.
Tips for using the VPC resource map
When determining the number of public subnets in my VPC, I only had two options: one per Availability Zone. This was because subnets are AZ-specific, and using multiple zones improves high availability.
The setup page also offered to create NAT gateways, which are used to let private subnet resources access the internet securely. They send outbound traffic through an elastic IP, blocking unsolicited inbound traffic.
🤝Next in the series builds on this, which is "Testing VPC Connectivity"
Top comments (0)