Lab Overview and Goals
Welcome to this lab, where you will have the opportunity to utilize Amazon Virtual Private Cloud (VPC) to establish your very own customized network. By adding various components and creating a security group, you’ll gain hands-on experience tailoring your VPC to meet your specific requirements. Additionally, you’ll configure and customize an EC2 instance to serve as a web server and launch it within a VPC subnet.
Amazon Virtual Private Cloud (Amazon VPC) empowers you to deploy Amazon Web Services (AWS) resources within a virtual network of your own design. This virtual network closely resembles a conventional network that would typically be managed within your own physical data center, while leveraging the flexible and scalable infrastructure of AWS. It’s even possible to create a VPC that spans across multiple Availability Zones.
By the end of this lab, you will have accomplished the following key tasks:
Creating a VPC from scratch.
Establishing subnets within the VPC.
Configuring a security group to enforce desired security policies.
Launching an EC2 instance within your VPC.
Scenario
In this lab, you build the following infrastructure:
What is a VPC?
A Virtual Private Cloud (VPC) is a virtual network dedicated to your AWS account. It provides a logically isolated section of the AWS Cloud where you can launch resources such as Amazon EC2 instances, databases, and load balancers. By creating a VPC, you have full control over your network environment, including IP address range selection, subnets, route tables, and network gateways.
Creating the lab-vpc
Step 1: Navigate to the VPC Dashboard
To begin creating the lab-vpc, log in to your AWS Management Console and navigate to the VPC Dashboard. The VPC Dashboard provides a central location for managing all your VPC-related resources.
Step 2: Click on “Create VPC”
In the VPC Dashboard, locate the “Create VPC” button and click on it to start the VPC creation process.
Step 3: Configure VPC Settings
In the VPC creation wizard, you’ll be prompted to enter the necessary details for your lab-vpc. Enter the following configuration:
- VPC Name: lab-vpc
- IPv4 CIDR Block: 10.0.0.0/16
Step 4: Add Tags (Optional)
You can optionally add tags to your VPC for better organization and management. Tags are key-value pairs that allow you to categorize and identify your resources. Add relevant tags based on your requirements.
Step 5: Create the VPC
Review the configuration details, make any necessary adjustments, and click on the “Create VPC” button to create the lab-vpc. The VPC creation process may take a few moments to complete.
Creating a Subnet on Availability Zone A
Step 1: Navigate to the Subnet from Left Navigation
Now that the lab-vpc is created, we’ll proceed to create the subnets within Availability Zone A. Start by creating a public subnet:
- Subnet Name: lab-subnet-public1
- VPC: lab-vpc
- Availability Zone: A
- IPv4 CIDR Block: 10.0.0.0/24
Step 2: Create a Private Subnet
Next, let’s create a private subnet within Availability Zone A:
- Subnet Name: lab-subnet-private1
- VPC: lab-vpc
- Availability Zone: A
- IPv4 CIDR Block: 10.0.1.0/24
Creating a Subnet on Availability Zone B
Step 1: Create a Public Subnet
Moving on to Availability Zone B, let’s create a public subnet:
- Subnet Name: lab-subnet-public2
- VPC: lab-vpc
- Availability Zone: B
- IPv4 CIDR Block: 10.0.2.0/24
Step 2: Create a Private Subnet
Finally, let’s create a private subnet within Availability Zone B:
- Subnet Name: lab-subnet-private2
- VPC: lab-vpc
- Availability Zone: B
- IPv4 CIDR Block: 10.0.3.0/24
Configure Network Address Translation (NAT) Gateway and Internet Gate
To enable internet access for resources in the private subnet, we’ll configure a NAT Gateway. This will allow outbound traffic from the private subnet to the internet while keeping the instances within the subnet secure:
1. Navigate to the NAT Gateways section in the VPC Dashboard.
2. Click on “Create NAT Gateway.”
3. Select the public subnet created in Step 1 (lab-subnet-public1) as the subnet for the NAT Gateway.
4. Confirm the configuration and create the NAT Gateway.
The NAT Gateway creation process may take a few minutes. Once created, associate the private subnet (lab-subnet-private1) with the NAT Gateway to enable internet connectivity.
To enable internet access for resources in the VPC, we’ll configure an Internet Gateway.
1. Navigate to the Internet Gateways section in the VPC Dashboard.
2. Click on “Create Internet Gateway.”
3. Click on “Attach to VPC” and attach to the lab VPC.
Create Route Tables
To enable communication between subnets and the internet, create the necessary route tables.
Step 1: Create Public Route Table with Internet Gateway:
Route Table Name: Public Route Table
VPC: lab-vpc
Add a route to the route table with the destination CIDR block 0.0.0.0/0 and associate it with the internet gateway to enable internet access for the public subnets.
Step 2: Create Private Route Table with NAT Gateway:
Route Table Name: Private Route Table
VPC: lab-vpc
Add a route to the route table with the destination CIDR block 0.0.0.0/0 and associate it with the NAT gateway to allow private subnets to access the internet via the NAT gateway.
Step 3: Associate Subnets with Route Tables
Associate the subnets with the appropriate route tables to control the traffic flow.
Associate lab-subnet-public1 with the PublicRouteTable.
Associate lab-subnet-public2 with the PublicRouteTable.
Associate lab-subnet-private1 with the PrivateRouteTable.
Associate lab-subnet-private2 with the PrivateRouteTable.
Launch EC2 Instance
In Availability Zone B, launch an EC2 instance within the lab-subnet-public2 to run applications or services requiring internet connectivity.
Navigate to the EC2 Dashboard.
Click on “Launch Instances” to start the instance creation wizard.
Select an appropriate Amazon Machine Image (AMI).
Choose an instance type based on your requirements.
Configure the instance details, including network settings.
In the “Subnet” section, select lab-subnet-public2.
Configure any additional settings as needed and launch the EC2 instance.
Install Apache Web Server & Host a static website
sudo apt install apache2
Sudo systemctl start apache2
cd /var/www/html/
Go to the ec2 and copy the public-ip address and paste to the browser