In today’s cloud computing environment, it is crucial to understand how to efficiently set up a Virtual Private Cloud (VPC) in AWS. This guide will walk you through creating a VPC with public and private subnets and configuring a NAT Gateway to enable secure internet access for private instances.

Understanding Virtual Private Cloud (VPC) and Its Components

A Virtual Private Cloud (VPC) is an isolated network environment within AWS that allows you to launch resources like EC2 instances in a logically separated section of the AWS cloud. The VPC controls your networking environment, including IP address ranges, subnets, route tables, and gateways.

Critical components of a VPC include:

  • Subnets: Segments of the VPC that divide it into smaller networks, which can be either public or private.
  • Internet Gateway: A gateway that connects your VPC to the internet, enabling communication between your instances and the outside world.
  • NAT Gateway: This allows instances in private subnets to access the Internet while keeping them inaccessible from the public Internet.

Importance of Public and Private Subnets in VPC

Public and private subnets allow you to separate resources based on their internet access needs. Public subnets contain resources that need direct access to the internet, such as web servers. Private subnets, on the other hand, house resources like databases that should remain isolated from direct internet access.

Prerequisites for Creating VPC, Subnets, and NAT Gateway

Before starting, ensure you have:

  • An AWS account with administrative access.
  • Basic knowledge of AWS networking concepts.
  • AWS CLI installed on your local machine (optional for those who prefer command-line operations).

Step-by-Step Guide for Creating VPC, Subnets, and NAT Gateway

1. Create VPC with Name and CIDR Block
  1. Log in to the AWS Management Console.
  2. Navigate to the VPC Dashboard.
  3. Click Create VPC.
  4. Provide a name for your VPC and specify a CIDR block (e.g., 10.0.0.0/16).
  5. Click Create.
2. Create Public and Private Subnets
  1. On the VPC Dashboard, select Subnets and click Create Subnet.
  2. Choose the VPC you just created.
  3. For the public subnet, assign a CIDR block like 10.0.1.0/24.
  4. Name it “Public Subnet” and click Create.
  5. Repeat the process for the private subnet using a CIDR block like 10.0.2.0/24 and name it “Private Subnet.”
3. Create an Internet Gateway and Attach it to VPC
  1. In the VPC Dashboard, select Internet Gateways.
  2. Click Create Internet Gateway and provide a name.
  3. Click Create, select your Internet Gateway, and choose Actions > Attach to VPC.
  4. Select your VPC and click Attach Internet Gateway.
4. Create NAT Gateway in a Private Subnet
  1. In the VPC Dashboard, select NAT Gateways and click Create NAT Gateway.
  2. Choose your public subnet (this is where the NAT Gateway will reside).
  3. Assign an Elastic IP address to your NAT Gateway.
  4. Click Create NAT Gateway.
5. Create Route Tables for Public and Private Subnets
  1. Go to Route Tables in the VPC Dashboard.
  2. Create a new route table for the public subnet.
  3. In the Routes section, add a route with the destination 0.0.0.0/0 and target as the Internet Gateway.
  4. Associate this route table with the public subnet.
  5. Create another route table for the private subnet.
  6. Add a route with the destination 0.0.0.0/0 and target as the NAT Gateway.
  7. Associate this route table with the private subnet.
6. Associate Subnets with Route Tables

Ensure that the public subnet is associated with the public route table and the private subnet with the private route table.

7. Create Public and Private EC2 Instances
  1. Launch an EC2 instance in the public subnet and ensure it has a public IP address.
  2. Launch another EC2 instance in the private subnet without a public IP address.
8. Connect to a Public Instance and Install the Nginx Web Server
  1. Connect to the public EC2 instance via SSH.
  2. Install Nginx with the following commands:
    sudo apt update

sudo apt install nginx -y

  1. Verify that Nginx is running by visiting the public IP of the instance in your web browser.
9. Connect to Private Instance via Public Instance
  1. SSH into the public instance.
  2. From the public instance, SSH into the private instance using its private IP address.

Conclusion: Securing Private Instance and Enabling Internet Access through NAT Gateway

Following this guide, you’ve created a VPC with public and private subnets. This allows your private instances to remain secure while still being able to access the Internet through the NAT Gateway. This setup is fundamental for building safe and scalable applications in AWS.

References

Configure a VPC with Private Subnets and a NAT Gateway

VPC with servers in private subnets and NAT