Rupak's blog

Building a Secure and Efficient AWS Virtual Private Cloud (VPC)

Rupak Shrestha's photo
Rupak Shrestha
·

3 min read

Table of contents

In the ever-evolving landscape of cloud computing, having a well-structured and secure Virtual Private Cloud (VPC) is paramount. AWS provides a robust platform to create and manage your VPC effortlessly. In this guide, we'll walk through the step-by-step process of setting up a VPC with public and private subnets, internet and NAT gateways, and route tables to ensure a secure and efficient network architecture.

1. Creating a VPC

Begin by navigating to VPC > Your VPCs > Create VPC. Select "VPC only," assign a name, and manually input the IPv4 CIDR according to your network requirements. Click on "Create VPC" to establish the foundation of your cloud infrastructure.

2. Creating Subnets

Next, go to VPC > Subnets > Create subnet.

Choose the VPC you've just created, provide a subnet name, select the availability zone, and assign an IPv4 CIDR block. Instead of creating one subnet at a time, click on "Add new subnet" to efficiently generate multiple subnets.
For example, create two public and two private subnets, each in different availability zones.

Ensure public subnets have auto-assign public IPv4 addresses for internet accessibility. To do this, select the public subnet, go to Actions > Edit subnet settings, and enable the auto-assign public IPv4 address.

3. Creating Internet Gateway

For internet access, create an Internet Gateway by going to VPC > Internet gateways > Create internet gateway.

Attach the internet gateway to your VPC either from the pop-up or by going to Actions > Attach to VPC.

This step is crucial for making resources within the VPC accessible from the internet.

4. Creating NAT Gateway

Private subnets inherently lack direct internet accessibility. However, there are scenarios where a private subnet necessitates internet access. To enable secure internet connectivity for a private subnet, a NAT gateway is employed. It's important to note that the NAT gateway, despite facilitating internet access for the private subnet, is strategically positioned and created within a public subnet.
Go to VPC > NAT gateways > Create NAT gateway.

Provide a name, select one of your public subnets, and allocate an Elastic IP. This NAT Gateway will allow private subnets to securely access the internet.

5. Creating Route Tables

Navigate to VPC > Route tables > Create route table.

Go to Actions > Edit subnet associations and choose public subnets, saving the associations.

Edit routes by adding a route (0.0.0.0/0) pointing to your Internet Gateway and save changes.

Repeat the process for private subnets, creating a new route table with a route pointing to your NAT Gateway.

Edit subnet association> choose all subnet and save associations.

Edit routes> Add route

Choose 0.0.0.0/0 and your NAT gateway and click save changes.

This is the final resource map.

This comprehensive setup ensures that traffic is directed appropriately, making your VPC an efficient and secure network.

6. Creating Everything Automatically

For a more streamlined approach, AWS provides an option to create all the necessary components automatically.

Go to VPC > Your VPCs > Create VPC. Choose "VPC and more," assign a name, and CIDR block.

We've established two public and two private subnets, spanning across two Availability Zones (AZs) to ensure high availability. Additionally, the NAT Gateway is situated in one AZ.

Create VPC resources:

Resource Map:

With these steps, you've successfully built a secure and efficient AWS Virtual Private Cloud, ready to host your applications and services in the cloud.
Don't forget to delete your resources. AWS billed me for retaining an unused NAT Gateway.
Happy Learning!

AWSvpcnetworkingCloud