How to Create VPC with Public and Private Subnet

2020/02/126 min read
bookmark this
Responsive image

Table of Contents

  1. Introduction
  2. Create a VPC
  3. Create 2 Subnets
  4. Create an Internet Gateway
  5. Create NAT Gateway
  6. Create and Update Route Tables
  7. Create Public and Private EC2 Instances
  8. SSH to Public EC2
  9. SSH to Private EC2
  10. Conclusion

Introduction

This blog shows how to create a VPC from scratch:

  1. Create VPC
  2. Create 2 Subnets — one for the public subnet and another for the private subnet
  3. Create Internet Gateway
  4. Create a Route Table
  5. Create 2 EC2 Instances — one public instance and one private instance
  6. Set up NAT Gateway for the private EC2 instance

Create a VPC

Go to VPC and click create VPC, then enter the information to create the VPC.

  • Enter any name for the name field

  • IPv4 CIDR, enter IPv4 range as 10.0.0.0/16

  • Choose Amazon provided IPv6 CIDR block

  • Tenancy, choose Default if you wish to use the default tenancy

After creating the VPC, AWS will generate the following default services:

  • Default route table

  • Network ACL

  • Default Security Group

Create 2 Subnets

Create a public subnet. Click the Subnets link, and click Create subnet.

  • Name, enter any meaningful name.

  • VPC, choose the VPC just created

  • Availability Zone, choose the AZ for this subnet

  • IPv4 CIDR block, enter 10.0.1.0/24 as IPv4 CIDR block

  • Modify auto-assign IP settings, enable auto-assign IP address for the public subnet

Create a private subnet by clicking the Create subnet button.

  • Name, enter any meaningful name.

  • VPC, choose the VPC just created

  • Availability Zone, choose the AZ for this subnet

  • IPv4 CIDR block, enter 10.0.2.0/24 as IPv4 CIDR block

  • Modify auto-assign IP settings, the private subnet doesn't need to enable a public IP address

Create an Internet Gateway

Create an Internet gateway so the public subnet is able to access the Internet. Click Internet Gateways and click the Create Internet gateway button.

  • Name, enter any value for this Internet gateway.

  • Attach this Internet gateway to the VPC just created

Create NAT Gateway

Create a NAT Gateway so the private EC2 will be able to connect to the Internet and download software if needed. Click the Create NAT Gateway button.

  • Click Create NAT Gateway button

  • Subnet, choose the public subnet

  • Click allocate the IP address

  • Click Edit route table

  • Click Add route

  • Destination, enter 0.0.0.0/0

  • Target, choose the NAT Gateway just created

Create and Update Route Tables

Use the default route table as the main route table, and associate it with the private subnet.

  • Choose the main route table and click Subnet Associations

  • Choose the private subnet

Create a route table to use as a public route.

  • Name, enter any name for this new route table

  • Choose the VPC created earlier

  • Click subnet associations and choose the public subnet

  • Click Edit routes and click Add route

  • Destination, enter 0.0.0.0/0 for IPv4 address

  • Target, choose the Internet gateway created earlier

That's all for setting up public and private subnets for the VPC. Now we'll need to create EC2 instances and attach them to this VPC.

Create Public and Private EC2 Instances

Let's create the public EC2 instance first. Go to EC2 and click instance to create a new EC2 instance.

  • Enter configure instance details

  • Network, choose the custom VPC just created

  • Subnet, choose the public subnet created earlier

  • Leave the rest as default settings and create a new instance

Let's create the private EC2 instance. Go to EC2 and click instance to create a new EC2 instance.

  • Enter configure instance details

  • Network, choose the custom VPC just created

  • Subnet, choose the private subnet created earlier

  • Leave the rest as default settings and create a new instance

SSH to Public EC2

Test the EC2 by SSHing into the public EC2 instance and downloading software from the Internet. The following are examples of how to SSH into EC2 from macOS.

  • cd to the location that has the private key, something that looks like mykey.pem.

  • chmod 400 {your_private_key.pem}

  • SSH into EC2 by ssh ec2-user@{ec2 public IP address} -i {your_private_key.pem}

  • Run sudo yum update to download software

  • If you are able to download the software, then this EC2 can connect to the Internet

SSH to Private EC2

Test the EC2 by SSHing into the private EC2 instance and downloading software from the Internet. The following is an example of how to SSH into EC2 from macOS.

  • SSH into the public EC2 instance

  • Download the private key

  • SSH into the private EC2 by using the private IP

  • chmod 400 {your_private_key.pem}

Conclusion

In this blog, we walked through how to create an AWS VPC from scratch with public and private subnets. We set up an Internet gateway for public access, a NAT gateway for private subnet Internet access, configured route tables, and created EC2 instances in both subnets. With this setup, you have a secure network architecture where public-facing resources are in the public subnet and internal resources are isolated in the private subnet.

EC2 AWS VPC

More Blogs Like This