Amazon Virtual Private Cloud (Amazon VPC) enables you to launch resources into a virtual network that you defined. You can create a VPC that extends multiple Availability Zones. A security group which acts as a virtual firewall controls the traffic for the instances. When you launch an instance, you should associate one or more security groups with the instance and you can also add rules to each security group that allow traffic to or from its associated instances.
Before creating a VPC, create a key pair. For that you need to login toconsole.aws.amazon.com and go to left navigation pane, where you can see EC2 Dashboard under that go to Network & Security and click key pairs. Now click create key pair and name your key pair (e.g. My First Key Pair). Download it and save it in your preferred location.
HOW TO CREATE YOUR VPC
Create a VPC with two subnets in one Availability Zone.
- In the AWS Management Console, on the Services menu, click VPC.
- Click Launch VPC Wizard.
- In the left navigation pane, click VPC with Public and Private Subnets and click Select.
- Configure the following settings: 4a. IPv4 CIDR block: Type 10.0.0.0/16. 4b. VPC name: type My First VPC. 4c. Public subnet’s IPv4 CIDR: Type 10.0.1.0/24 (You can ignore the error: “Public and private subnet CIDR blocks overlap”. 4d. Availability Zone: Click the first Availability Zone. 4e. Public subnet name: type Public Subnet 1. 4f. Private subnet’s IPv4 CIDR: Type 10.0.3.0/24. 4g. Availability Zone: Click the first Availability Zone. The same as used for Public Subnet 1. 4h. Private subnet name: type Private Subnet 1. 4i. Specify the details of your NAT gateway: Click Use a NAT instance instead. On the far right of the screen you may need to scroll. 4j. Key pair name: Click the My First key pair.
- Click Create VPC and click OK.
HOW TO CREATE ADDITIONAL SUBNETS
Here you create two additional subnets in another Availability Zone and associate the subnets with existing route tables.
In the navigation pane, click Subnets and click Create Subnet.
- In the Create Subnet dialog box, configure the following settings: 1a. Name tag: type Public Subnet 2. 1b. VPC: Click My First VPC. 1c. Availability Zone: Click the second Availability Zone 1d. IPv4 CIDR block: Type 10.0.2.0/24 Click Yes, Create and click Create Subnet.
- In the Create Subnet dialog box, configure the following settings: 2a. Name tag: type Private Subnet 2. 2b. VPC: Click My First VPC. 2c. Availability Zone: Select the second Availability Zone. The same as used for Public Subnet 2. 2d. CIDR block: Type 10.0.4.0/24 Click Yes, Create.
- In the left navigation pane, click Route Tables and select the route table with the VPC My First VPC and Yes under Main and double-click the empty Name for this route table, type Private Route Table, and click the checkmark to save.
- In the lower pane, click Routes and note that Destination 0.0.0.0/0 is set to Target eni-xxxxxxxx / i-xxxxxxxx. This route table is used to route traffic from private subnets to the NAT instance, as identified by an Elastic Network Interface (ENI) and Instance ID.
- Now click Subnet Associations, and then click Edit. Now select Private Subnet 1 and Private Subnet 2 and click Save.
- Select the route table with the VPC My First VPC and No under Main and double-click the empty Name for this route table, type Public Route Table, and click the checkmark to save.
- In the lower navigation pane, click Routes and note that Destination 0.0.0.0/0 is set to Target igw-xxxxxxxx. This route table is used by public subnets for communication. Now click Subnet Associations, and then click Edit and Select Public Subnet 1 and Public Subnet 2 and click Save.
HOW TO CREATE VPC SECURITY GROUP
create a VPC security group that grants permission for web traffic.
- In the navigation pane, click Security Groups and click Create Security Group. In the Create Security Group dialog box, configure the following settings: 1a. Name tag: type MyFirstSecurityGroup. 1b. Group name: Click MyFirstSecurityGroup. 1c. Description: type Enable HTTP access 1d. VPC: Click My First VPC. This is the VPC you created in the beginning.
- Then click Yes, Create and select MyFirstSecurityGroup. Now click the Inbound Rules tab below and click Edit, for Type, click HTTP (80). Click in the Source box and type 0.0.0.0/0 and click Save.
Now you have created your own VPC.
HOW TO LAUNCH YOUR FIRST WEB SERVER EC2 INSTANCE IN YOUR VPC
- On the Services menu, click EC2 and click Launch Instance.
- In the top Select Amazon Linux 2, and click and again click Continue.
- Choose an Instance Type page and confirm that t2.micro is selected and then click Next: Configure Instance Details.
- Configure Instance Details page, configure the following settings: 4a. Network: Click My First VPC. This is the VPC you created in the beginning. 4b. Subnet: Click the Public Subnet 2 (10.0.2.0/24). 4c. Auto-assign Public IP: Click Enable. Kindly ignore if any error message appears.
- Expand the Advanced Details section and copy the Code Block below, and paste it into the User data box.
yum -y install httpd php mysql php-mysql
chkconfig httpd on
service httpd start
if [ ! -f /var/www/html/lab-app.tgz ]; then
tar xvfz lab-app.tgz chown apache:root /var/www/html/rds.conf.php
6. The above code transforms the Linux instance into a PHP web application.
7. Click Next: Add Storage and click Next: Add Tags and click Add Tag, and configure the following settings: 7a. Key: type Name. 7b. Value: type My First Web Server and click Next: Configure Security Group.
8. In the Configure Security Group page, click Select an existing security group, and then select the security group you created (MyFirstSecurityGroup).
9. Click Review and Launch. When it shows a message with a warning that you will not be able to connect to the instance through port 22, just ignore it and click Continue.
10. Review the instance and click Launch. Ignore any warning messages. Click Choose an existing key pair, click the My First key pair which you created at the beginning, select the acknowledgment check box, and then click Launch Instances. Scroll down and click View Instances. You will see two instances My First Web Server and the NAT instance launched by the VPC.
11. Wait until My First Web Server shows 2/2 checks passed in the Status Checks column. This will take 4 to 6 minutes. Click the refresh icon in the upper right pane to check for updates.
12. Select My First Web Server and copy the Public DNS value on the Description tab below and Paste the Public DNS value in a new web browser window and press ENTER. You will see a web page displaying the AWS logo and some instance data values.
Now you have launched an EC2 instance into your own VPC.