Today we’ll explore Amazon Virtual Private Cloud (VPC) a foundational service in AWS that enables you to launch AWS resources in a logically isolated virtual network. Amazon VPC gives you complete control over your virtual networking environment including resource placement, connectivity and security.
In this blog post we’ll cover the basics of Amazon VPC, walk through the steps to create a VPC with subnets and route tables and demonstrate how to manage VPC peering connections. By the end of this guide you’ll have a solid understanding of how to set up and manage your own VPCs.
What is Amazon VPC?
Amazon VPC allows you to provision a logically isolated section of the AWS cloud where you can launch AWS resources in a virtual network that you define. You have complete control over your virtual networking environment including the selection of your IP address range, creation of subnets and configuration of route tables and network gateways.
Key Features of Amazon VPC
Subnets :- Divide your VPC into smaller network segments.
Route Tables :- Control the routing of traffic within your VPC.
Network Gateways :- Connect your VPC to the internet, other VPCs or on-premises networks.
Security Groups and Network ACLs :- Control inbound and outbound traffic at the instance and subnet levels.
VPC Peering :- Connect two VPCs to route traffic between them privately.
Creating a VPC
Let’s start by creating a VPC with a couple of subnets, route tables and necessary configurations.
Step 1 :- Sign In to the AWS Management Console
Log in to the AWS Management Console.
Navigate to the VPC Dashboard :-
- Search for "VPC" in the AWS services search bar and select "VPC".
Step 2 :- Create a VPC
Launch the VPC Wizard :-
- Click the "Launch VPC Wizard" button.
Choose a VPC Configuration :-
- Select "VPC with a Single Public Subnet" for simplicity.
Configure the VPC :-
VPC name :- Enter a name for your VPC (e.g. MyVPC ).
IPv4 CIDR block :- Enter a CIDR block for your VPC (e.g. 10.0.0.0/16).
IPv6 CIDR block :- Leave as default (No IPv6 CIDR block).
Tenancy :- Choose "Default" for default tenancy.
Configure the Subnet :-
Subnet name :- Enter a name for your subnet (e.g. MyPublicSubnet ).
Availability Zone :- Select an availability zone.
IPv4 CIDR block :- Enter a CIDR block for your subnet (e.g. 10.0.1.0/24 ).
Configure the Internet Gateway :-
Attach an Internet Gateway :- Ensure "Create an Internet Gateway" is checked.
IGW name :- Enter a name for your Internet Gateway (e.g. MyIGW ).
Review and Create :-
- Review the configuration and click "Create VPC".
Step 3 :- Verify Your VPC Configuration
VPC :-
- Navigate to the "Your VPCs" section to see the VPC you created.
Subnets :-
- Navigate to the "Subnets" section to see the subnet you created.
Internet Gateway :-
- Navigate to the "Internet Gateways" section to see the Internet Gateway attached to your VPC.
Route Tables :-
- Navigate to the "Route Tables" section to see the route table associated with your subnet. It should have a route directing internet traffic (0.0.0.0/0) to the Internet Gateway.
Creating Additional Subnets and Route Tables
Step 4 :- Create a Private Subnet
Navigate to the Subnets Section :-
In the VPC dashboard click "Subnets".
Click "Create subnet".
Configure the Subnet :-
Name tag :- Enter a name for the subnet (e.g. MyPrivateSubnet).
VPC :- Select the VPC you created (MyVPC) .
Availability Zone :- Select the same availability zone or a different one.
IPv4 CIDR block :- Enter a CIDR block for the subnet (e.g. 10.0.2.0/24).
Create the Subnet :-
- Click "Create subnet".
Step 5 :- Create a Custom Route Table for the Private Subnet
Navigate to the Route Tables Section :-
In the VPC dashboard click "Route Tables".
Click "Create route table".
Configure the Route Table :-
Name tag :- Enter a name for the route table (e.g. MyPrivateRouteTable).
VPC :- Select the VPC you created (MyVPC) .
Create the Route Table :-
- Click "Create route table".
Associate the Route Table with the Private Subnet :-
Select the newly created route table (MyPrivateRoutetable) .
Click the "Subnet Associations" tab.
Click "Edit subnet associations".
Select the private subnet (MyPrivateSubnet) and click "Save".
Step 6 :- Modify the Route Table for Private Subnet
Select the Route Table :-
- In the "Route Tables" section select MyPrivateRouteTable.
Add Routes :-
Click the "Routes" tab.
Click "Edit routes".
Add a route for local traffic :-
Destination :- 10.0.0.0/16 (CIDR block of your VPC).
Target :- Local.
Click "Save routes".
Step 7 :- Modify the Route Table for Public Subnet
Select the Route Table :-
- In the "Route Tables" section select the main route table associated with your public subnet.
Add Routes :-
Ensure there is a route for internet traffic :-
Destination :- 0.0.0.0/0 .
Target :- The Internet Gateway (MyIGW) .
Managing VPC Peering Connections
VPC peering allows you to connect two VPCs so that they can communicate with each other. Let’s set up a peering connection between two VPCs.
Step 8 :- Create a VPC Peering Connection
Navigate to the VPC Peering Connections Section :-
In the VPC dashboard click "Peering Connections".
Click "Create Peering Connection".
Configure the Peering Connection :-
Peering connection name tag :- Enter a name for the peering connection (e.g. MyVPCPeering ).
VPC Requester :- Select the VPC you created (MyVPC) .
VPC Accepter :- Select another VPC to peer with or enter the VPC ID of a VPC in another AWS account.
Create the Peering Connection :-
- Click "Create peering connection".
Step 9 :- Accept the VPC Peering Connection
Navigate to the Peering Connections Section :-
In the VPC dashboard click "Peering Connections".
Select the peering connection you created (MyVPCPeering) .
Accept the Peering Connection :-
- Click "Actions" and select "Accept request".
Step 10 :- Update Route Tables for Peering
Requester VPC :-
Navigate to the "Route Tables" section.
Select the route table associated with your requester VPC (MyVPC) .
Click the "Routes" tab.
Click "Edit routes".
Add a route for the peer VPC's CIDR block :-
Destination :- Enter the CIDR block of the accepter VPC (e.g. 10.1.0.0/16).
Target :- Select the peering connection (MyVPCPeering) .
Click "Save routes".
Accepter VPC :-
- Repeat the steps to update the route table of the accepter VPC to route traffic to the requester VPC’s CIDR block.
Best Practices for Using Amazon VPC
Security
Use Security Groups and Network ACLs :-
Security groups control inbound and outbound traffic at the instance level.
Network ACLs provide an additional layer of security at the subnet level.
Enable Flow Logs :-
- Use VPC Flow Logs to capture and monitor the traffic flowing in and out of your VPC.
Isolate Environments :-
- Use separate VPCs or subnets to isolate different environments (e.g. development, staging, production).
Performance
Optimize Network Performance :-
Use placement groups for low-latency, high-throughput network performance.
Leverage AWS Direct Connect for dedicated network connections.
Use Private Subnets for Internal Resources :-
- Place internal resources such as databases and backend servers in private subnets to enhance security.
High Availability
Use Multiple Availability Zones :-
- Distribute resources across multiple Availability Zones to improve fault tolerance and availability.
Configure Load Balancers :-
- Use Elastic Load Balancers (ELB) to distribute traffic across multiple instances and Availability Zones.
Conclusion
Amazon VPC provides a robust and flexible way to create and manage virtual networks in the AWS cloud. By understanding the concepts of subnets, route tables and VPC peering you can design a secure and scalable network architecture that meets your application’s requirements. In this blog post we walked through the steps to create a VPC, set up subnets and route tables and manage VPC peering connections.
Stay tuned for more insights and best practices in our upcoming blog posts.