Amit singh deora's Blog
AWS how to setup VPC, Public and Private Subnet, Internet Gateway, Route Table

AWS how to setup VPC, Public and Private Subnet, Internet Gateway, Route Table

Amit singh deora's photo
Amit singh deora
·

6 min read

These are some essential networking concept in AWS. About the VPC public subnet / private subnet, how to create your internet gateway, how to create your route table, and how to provision your resources for example ec2 or any other resource inside your public as well as into your private subnet.

Let’s understand VPC “virtual private cloud”

Consider the VPC as data center inside AWS account. It acts as a “Virtual Private Cloud” or “Virtual Data Center” and will use this VPC to create all the resources in our AWS cloud.

We need to create more networking inside our ‘virtual data center’ such as

  • Public subnet: here we put our resources which are accessible via Internet

  • Private subnet: here we put our resources which are accessible only locally, not exposed via Internet

Why do we need Private Subnet?

Suppose we have a Web application, the frontend part or the UI will reside on public subnet which is EC2 instance.

Anything we put on private subnet is not accessible via internet or to client. We will put the database/backend in private subnet doesn’t require to expose to client and only it is accessible by web application. So this brings some security to our application as our confidential information we had in our private subnet.

Lets Understand IP ranges

We assign IP Ranges in VPC, and within VPC we take the IP range from our VPC and then we assign “IP ranges” to our Private and Public Subnet. These are also called the CIDR IP Ranges.

Let’s understand Internet Gateway

Internet gateway: as the name suggests, it's a gateway for accessing the internet. So any resource which is present onto your public subnet will have an access to internet. Although you can configure like which resource you want to provide an internet access or not. But in general, any resource which is present on to public subnet should have an access to internet gateway.

We just need to create an internet gateway into your AWS account, which needs to be associated with your public subnet. For example, the resource we are creating is EC2 instance in our public subnet, see below

Now anything reside in Public subnet will have internet access, such as our EC2 instance.

Route Table in VPC

Route tables, it's not common, but we need to create a route table for our public subnet as well as our private subnet. So these route table will be able to route the traffic or route the request between our internet gateway and into our public subnet as well as into our private subnet.

Lets do Practical

Setup VPC

  1. Click on “create VPC”

  1. Fill the required fields, as shown below

IP range which I'm just gonna assign, which we also call it as a CIDR

  1. Our VPC has been created

Setup Internet Gateway and Integrate IGW+VPC

We will setup internet gateway, so that we can associate with public and private subnet.

  1. To setup Internet Gateway go back to your VPC Console → Internet Gateway

  1. Click on “Create Internet Gateway”

  1. Fill the simple details below.

.Click on “Create IGW” → Successfully created Internet Gateway.

Now below we can see that yet, our internet gateway, “IGW-test” isn’t associated with our VPC yet. You can see the state as “detached”.

  1. Attach “IGW-test” with our “test-VPC”

Select the “IGW-test” → click “Actions” → “Attach to a VPC”

We have successfully attached both.

Create Public and Private Subnet

  1. Go to your “VPC Dashboard” section → Click on “Subnets”

  1. Create “Subnet”

  1. Select your “test-vpc” in “Subnet”

Continue setup → Same screen

Creating “Public Subnet”

We have select a particular region availability zone. And in that region, you will find a multiple availability region. And why we need to choose this availability region is because of high availability. so that you will not have many downtime and you will have a maximum availability of resources from AWS side.

Adding “Private Subnet”

Click “Create subnet”

Note: We can create a multiple subnet over here. Example: we can create a public and private subnet in EU central 1A and then we can create another public and another private subnet inside EU central 1B so total 4 subnets (2public, 2 private). To achieve maximum availability but for the demo purpose we are just going to create a one subnet one which is public and one is private subnet

Setup “Route Table”

Let’s setup route table, one for public subnet and another for private subnet

  1. Go to your “VPC dashboard” → Create route table

  1. Setting up “Public Route Table”

  1. Attach with Internet Gateway → Click “edit routes”

Since we are setting up the route table for public subnet, it’s essential to attach route with “internet gateway” to make “Public Subnet” accessible to Internet.

  1. Add Route and select target as “IGW-test”

Now our public subnet - Route table is attached with the “Internet Gateway”, and publicly accessible.
By default, Subnet is attached via local network only.

Now our RT-test-public have access to internet as well as internal access.

Till now we have create a route table public and associated with Internet gateway, but need to configure our public route table with “public subnet”

  1. Attaching “Public Route Table” + “Public Subnet”

Click on “edit subnet association”

Select “test-public-subnet-2a”

  1. Setting up “Private Route Table”

  1. Attach private RT with private subnet association

Our major work is done now we just need to setup the EC2 instances inside our Subnets

Setup EC2 Instance for Public Subnet

The setup is simple, just create a normal instance but only need to configure the “network setting” → Edit

Edit → “Network Settings”

  • Add VPC → “test-vpc”

  • Select subnet → “test-public-subnet-2a”

  • Auto assign public IP → Enable, Auto assign the public IP since this EC2 instance is going to be available publicly. So that we can access or we can SSH it into this particular instance. So we need to assign a public IP. Enable this option so that we get a public IP.

Edit → “Security Group”

We need to keep put more attention on to the SSH part because we want to SSH into this EC2 instance using the public IP. Type SSH port 22, And source type can be accessed from anywhere. Just keeping it anywhere so that I can access or anyone with the IP and the private key can access this particular EC2 instance.

After this much config → Launch Instance

Shh into Instance

As you can see we can ssh to our instance also see the CIDR Range we specified in our public subnet.

TIP: DON’T Forget to clean up the resources.

Hope you have learned something out of it. Thanks

vpcInternet Gatewayvpc internet gatewaysubnetAWSAWS Certified Solutions Architect Associateroute tablevirtual private cloud