AWS CSA
  • Introduction
  • 1. AWS Overview
    • 1.1 AWS global Infrastructure
    • 1.2 Networking and Content Delivery
    • 1.3 Computing
    • 1.4 Storage
    • 1.5 Databases
    • 1.6 Migration Services
    • 1.7 Analytics
    • 1.8 Security and Identity
    • 1.9 Management Tools
    • 1.10 Application Services
    • 1.11 Developer Tools
    • 1.12 Mobile Services
    • 1.13 Desktop and App Streaming
    • 1.14 Artificial Intelligence
    • 1.15 Messaging
  • 2. IAM - Identity Access Management
    • 2.1 IAM Introduction
    • 2.2 IAM Labs
    • 2.3 Create a billing alart
    • 2.4 IAM Conclusion
  • 3. S3 - Simple Storage Service
    • 3.1 S3 Introduction
    • 3.2 S3 Labs
    • 3.3 Version Control Labs
    • 3.4 Cross Region Replication
    • 3.5 Life Cycle Management
    • 3.6 CloudFront
    • 3.7 CloudFront Labs
    • 3.8 S3 Security and Encryption
    • 3.9 Storage Gateway
    • 3.10 Snowball
    • 3.11 Snowball Labs
    • 3.12 S3 Transfer Acceleration
    • 3.13 Create a static web page using S3
    • 3.14 Storage Summary
  • 4. EC2 - Elastic Compute Cloud
    • 4.1 EC2 Introduction I
    • 4.2 EC2 Introduction II
    • 4.3 EC2 Lab 1
    • 4.4 EC2 Lab 2
    • 4.5 Security Groups Lab
    • 4.6 Upgrade EBS Volume Types - Lab1
    • 4.7 Upgrade EBS Volume Types - Lab2
    • 4.8 RAID, Volumes & Snapshots
    • 4.9 Create An AMI - Lab
    • 4.10 AMI's EBS Root Volumes vs. Instance Store
    • 4.11 Elastic Load Balancer & Health Check - Lab
    • 4.12 CloudWatch EC2 - Lab
    • 4.13 The AWS Command Line & EC2
    • 4.14 Using IAM Roles with EC2
    • 4.15 S3 CLI & Regions
    • 4.16 Using Bootstrap Scripts
    • 4.17 EC2 Instance Metadata
    • 4.18 Launch Configurations & Auto Scaling Groups
    • 4.19 EC2 Placement Groups - Exam Must Know
    • 4.20 Elastic File System (EFS) Lab
    • 4.21 Lambda Concepts
    • 4.22 Build A Serverless Webpage Using API Gateway & Lambda
    • 4.23 Use Polly to Pass Your Exam - Lab of a Serverless Application
    • 4.24 Use Polly to Pass Your Exam - Lab of a Serverless Application
    • 4.25 EC2 - Summary & Exam Tips
  • 5. Route53
    • 5.1 DNS 101
    • 5.2 Route53 - Register A Domain Name - Lab
    • 5.3 Setup Our EC2 Instances - Lab
    • 5.4 Routing Policies - Lab
  • 6. Databases on AWS
    • 6.1 Databases 101
    • 6.2 Launching an RDS Instance - Lab
    • 6.3 RDS - Backups, Multi-AZ & Read Replicas
    • 6.4 DynamoDB
    • 6.5 Redshift
    • 6.6 ElastiCache
    • 6.7 Aurora
    • 6.8 Database Summary
  • 7. VPC
    • 7.1 VPC Overview
    • 7.2 VPC Lab - Part 1
    • 7.3 VPC Lab - Part 2
    • 7.4 NAT Instances & NAT Gateways
    • 7.5 Network Access Control Lists vs. Security Groups
    • 7.6 Load Balancers & Custom VPCs
    • 7.7 VPC Flow Logs
    • 7.8 NATs vs. Bastions
    • 7.9 VPC End Points
    • 7.10 VPC Clean Up
    • 7.11 VPC Summary
  • 8. Application Services
    • 8.1 SQS - Simple Queue Service
    • 8.2 SWF - Simple Workflow Service
    • 8.3 SNS - Simple Notification Service
    • 8.4 Elastic Transcoder
    • 8.5 API Gateway
    • 8.6 Kinesis 101
    • 8.7 Kinesis Streams Lab
    • 8.8 Application Services Summary
  • 9. White Paper Reviews
    • 9.1 Overview of AWS
    • 9.2 Overview of Security Processes - Part 1
    • 9.3 Overview of Security Processes - Part 2
    • 9.4 Risk & Compliance Whitepaper
    • 9.5 Storage Options in the Cloud Whitepaper
    • 9.6 Architecting For The Cloud Best Practices Whitepaper
  • 10. Well Architected Framework
    • 10.1 Introduction of Well Architected Framework
    • 10.2 Pillar One - Security
    • 10.3 Pillar Two - Reliability
    • 10.4 Pillar Three - Performance
    • 10.5 Pillar Four - Cost Optimization
    • 10.6 Pillar Five - Operational Excellence
    • 10.7 Well Architected Framework - Summary
  • 11. Additional Exam Tips
    • 11.1 Exam Tips Based On Student Feedback
    • 11.2 Consolidated Billing
    • 11.3 AWS Organizations - Lab
    • 11.4 Cross Accounts Access
    • 11.5 Resource Groups & Tagging
    • 11.6 VPC Peering & ClassicLink
    • 11.7 Direct Connect
    • 11.8 Security Token Service
    • 11.9 Active Directory Integration
    • 11.10 Workspaces
    • 11.11 ECS - Part 1 - What is Docker
    • 11.12 ECS - Part 2 - What is ECS
    • 11.13 CloudFormation - A Brief Introduction
    • 11.14 Step Functions - A Brief Introduction
  • 12. Practice Tests Questions Summary
    • 12.1 Whizlabs - Free Test
    • 12.2 Whizlabs - Diagnosis Test
    • 12.3 Whizlabs - Practice Test I
    • 12.4 Whizlabs - Practice Test II
    • 12.5 Whizlabs - Practice Test III
    • 12.6 Whizlabs - Practice Test IV
    • 12.7 Whizlabs - Practice Test V
    • 12.8 Whizlabs - Practice Test VI
    • 12.9 Whizlabs - Practice Test VII
    • 12.10 Whizlabs - Section Tests - Part 1
    • 12.11 Whizlabs - Section Tests - Part 2
    • 12.12 Udemy - Final Quiz
  • 13. The Real World - Creating a fault tolerant Word Press Site
    • 13.1 Getting Setup
Powered by GitBook
On this page

Was this helpful?

  1. 7. VPC

7.2 VPC Lab - Part 1

Previous7.1 VPC OverviewNext7.3 VPC Lab - Part 2

Last updated 5 years ago

Was this helpful?

Create your own VPC.

Steps:

  • Go to Networking & Content Delivery part, and select VPC. You can see there are lots of default things AWS has created for you when you create your AWS account.

  • Don't use VPC Wizard, you need to create VPC by your own manually.

  • Select Your VPC tab, and click Create VPC.

  • You need to give it a name tag: acloudguruVPC, and give it a IPv4 CIDR block: 10.0.0.0/16 which will give you the biggest address range possible for a VPC. Enable IPv6 CIDR block (to learn more). For the Tenancy, you can select Default. Another option is dedicated, it means you will be dedicated hardware and no other AWS customers would be sharing the hardware with you, but this is expensive.

  • Click Yes, Create. During this process, the following things will be created: route tables, network ACL, security group. It won't create any subnet, you have to create subnets by yourself. Everything else is still empty. What we have for now is:

  • Go to create subnets. Click Create Subnet. You need to give it a name tag using this convention: [subnet IPv4 block address]-[AZ name], for example, 10.0.1.0-us-east-1a. For VPC, select the VPC you created just now. For AZ, select a AZ you like. A interesting thing is that for different AWS accounts, same AZ name may randomly refer to different actual AZ data center, because Amazon need to solve the problem that almost all of people will select US-EAST-1a as their first choice for convenience. For the IPv4 CIDR block, you can type in 10.0.1.0/24 which gives you 256 IP addresses but you can only use 251 of them, because the first 4 IP address and the last address in each subnet CIDR block are not available for you to use, and cannot be assigned to an instance. The first one is network address, the second one is reserved for VPC router, the third one is reserved for DNS, the fourth one is reserved for future use, the last one is broadcast address (AWS do not support broadcast so they reserve this address). Don't need to assign an IPv6 CIDR. Click Yes Create, which will create a subnet inside your VPC.

  • For highly available, go to create your second subnet. Name tag: 10.0.2.0-us-east-1b. VPC: the VPC you created in this lab. AZ: us-east-1b. IPv4 CIDR block: 10.0.2.0/24.

  • Click Yes, Create. For now, what we have is:

  • Next step is to add Internet Gateway so that we get Internet connectivity. Go to Internet Gateways and click Create Internet Gateway. Give it a name tag, for example, MyIGW. Click create.

  • By default, your Internet Gateway now is detached. So select the Internet Gateway you created just now, click Attach to VPC. Attach to the VPC you created in this lab.

  • You cannot attach multiple Internet Gateways to one VPC.

  • Go to Route table. You can see AWS provides you a default route table when you create your VPC, and it is Main route table. Every single time we create a new subnet, it is going to associated by default to our main route table. We don't want our main route table to have a way out to the Internet, because if so, every single time we provision a subnet, it will be Internet accessible. So what we really want to do is to create a new route table.

  • Click create route table. Name tag: MyInternetRouteOut. VPC: the VPC you created in this lab. Click Create. Next step is to add Internet access for this new route table. Select the route table you newly created, and go to Routes tab of it, and click Edit. Add a new entry to rules. Destination: 0.0.0.0/0. Target: the ID of your Internet Gateway. This will allow all of the traffic. Everything that sits within this route or every subnet that is associated to this route will now be a public subnet. Save. For consistency, we add a IPv6 to the rules as well. Destination: ::/0. Target: the ID of your Internet Gateway. Save.

  • Go to subnet associations tab of the newly created route table. Click Edit. Select 10.0.1.0/24 and click Save. This will make this subnet to be our public subnet and the other subnet will be our private subnet.

  • Go to Subnets tab, you will notice that the Auto-assign-Public IP of both of our public subnet and our private subnet are No. For our public subnet, we want to auto assign a public IP address to EC2 instance when we create it, otherwise we won't be able to access the EC2 instances sit in this subnet through the Internet. So select the public subnet, and go to Subnet Actions -> Modify auto-assign IP settings to change it.

  • Go to provision some EC2 instances in public subnet and some in private subnet to prove the the subnet is public or private.

  • Configure your EC2 instances in public subnet. Network: the VPC you created in this lab. Subnet: 10.0.1.0/24, the public one. The security group: you have to create a new security group. The security group will only exist within the VPC that you create. So create a new security group and call it Web-DMZ. DMZ here means demilitarized zone -- lay down your arms :). Add rules: SSH, HTTP, HTTPS. Select a key pair and launch the instance.

  • Create another instance in your private subnet. Network: the VPC you created in this lab. Subnet: 10.0.2.0/24, the private one. The security group: select the default security group instead of the one that you created when you create the public EC2 instance. Because we don't want it to be open to the world. Select a key pair and launch the instance.

  • Go to your EC2 console, you can see that your public instance has a IPv4 public IP address, and your private instance doesn't. Also, for the AZ, the public instance is in us-east-1a, and the private instance is in us-east-1b, because the public subnet is in us-east-1a and the private subnet is in us-east-1b.

  • You can use SSH to go into the public instance. If you are using MAC laptop: ssh ec2-user@[public-ip-address] -i [key-pair-name].pem

  • What we have now:

  • For now, the two instances in two subnets cannot communicate with each other. Because they are behind two different separate security groups in two different availability zones that we haven't allowed permissions for them to talk to each other. This is what we are going to do in the next lecture.