How to Create VPC with Public and Private Subnet

2/12/2020·4 min read

This blog shows how to create VPC in scratch

  1. Create VPC
  2. Create 2 Subnets
    • one for public Subnet and another for a private Subnet
  3. Create Internet Gateway
  4. Create a Route Table
  5. Create 2 EC2 Instances
    • one public instance and another one is a private instance
  6. Setup NAT Gateway for private EC2 instance

Create a VPC

Go to VPC and click create VPC, start to enter information to create VPC.

  • Enter any name for the name field
  • IPv4 CIDR, enter IPv4 range as 10.0.0.0/16
  • Choose Amazon provided IPv6 CIDR block
  • Tenancy, choose Default if wish to use as Tenancy

after creating VPC, AWS will generate following AWS default services.

  • Default route table
  • Network ACL
  • Default Security Group

Create 2 Subnets

Create a public subnet, click the Subnets link, and click Create subnet.

  • Name, enter any meaningful name.
  • VPC, choose the VPC just created
  • Availability Zone, choose the AZ for this subnet
  • IPv4 CIDR block, enter 10.0.1.0/24 as IPv4 CIDR block
  • Modify auto-assign IP settings, enable auto-assign IP address for the public subnet

Create a private subnet, by click the Create subnet button.

  • Name, enter any meaningful name.
  • VPC, choose the VPC just created
  • Availability Zone, choose the AZ for this subnet
  • IPv4 CIDR block, enter 10.0.2.0/24 as IPv4 CIDR block
  • Modify auto-assign IP settings, private subnet doesn't need to enable public IP address

Create an Internet gateway

Create Internet gateway so public subnet is able to access to the Internet. Click the Internet Gateways and click the Create Internet gateway button.

  • Name, enter any value for this internet gateway.
  • Attach this internet gateway to the VPC just created

Create NAT Gateway

Create NAT Gateway so private EC2 will be able to connect to the Internet and download software if need. Click Create NAT Gateway button

  • Click Create NAT Gateway button
  • Subnet, choose the public subnet
  • click allocate the IP address
  • Click Edit route table
  • Click Add route
  • Destination, enter 0.0.0.0/0
  • Target, choose NAT Gateway just create

Create and Update Route Tables

Use default route table as default main route table, and associate to the private subnet.

  • Choose the main route table and click the Subnet Associations
  • Choose the private subnet

Create a route table to use as a public route.

  • Name, enter any name for this new route table
  • Choose the VPC just created earlier
  • Click subnet associations and choose the public subnet
  • Click Edit routes and click Add route
  • Destination, enter 0.0.0.0/0 for IPv4 address
  • Target, choose the Internet gateway created earlier

That's all for set up public and a private subnet for VPC, now we'll need to create EC2 and attach to use this VPC

Create public and private EC2 Instance

Let's create public EC2 instance first, go to EC2, and click instance to create a new EC2 instance.

  • Enter configure instance details
  • Network, choose the custom VPC just created
  • Subnet, choose the public subnet created earlier
  • The rest just using the default settings and create a new instance

Let's create private EC2 instance, go to EC2, and click instance to create a new EC2 instance.

  • Enter configure instance details
  • Network, choose the custom VPC just created
  • Subnet, choose the private subnet created earlier
  • The rest just using the default settings and create a new instance

SSH to public EC2

Testing the EC2 by SSH into Public EC2 instance and download software from the internet. The following are examples of how to SSH into EC2 from Mac OS.

  • cd to the location has the private key, something looks like mykey.pem.
  • <
  • chmod 400 {your_private_key.pem}
  • SSH into EC2 by ssh ec2-user@{ec2 public IP address} -i {your_private_key.pem}
  • run sudo yum update to download software
  • if able to download the software then this EC2 is able to connect to the Internet

SSH to private EC2

Testing the EC2 by SSH into private EC2 instance and download software from the internet. Following is an example of how to SSH into EC2 from Mac OS.

  • ssh into the public EC2 instance
  • download the private key
  • ssh into the private EC2 by using the private IP
  • chmod 400 {your_private_key.pem}
  • SSH into EC2 by ssh ec2-user@{ec2 private IP address} -i {your_private_key.pem}
  • run sudo yum update to download software
  • if able to download the software then this EC2 is able to connect to the Internet