Creating a Basic VPC and Associated Components

Hands-On Lab

 

Photo of Tia  Williams

Tia Williams

AWS Training Architect II in Content

Length

00:30:00

Difficulty

Beginner

AWS networking consists of multiple components, and understanding the relationship between the networking components is a key part of understanding the overall functionality and capabilities of AWS. In this hands-on lab, we will create a VPC with an internet gateway, as well as create subnets across multiple Availability Zones.

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

Creating a Basic VPC and Associated Components

Introduction

In this hands-on lab, we will create a VPC with an internet gateway, as well as create subnets across multiple Availability Zones.

Solution

Log in to the live AWS environment using the credentials provided. Make sure you're in the N. Virginia (us-east-1) region throughout the lab.

Note: The steps below follow a slightly different order than the steps in the lab videos, but it should not affect the successful outcome of the lab.

Create a VPC

  1. Navigate to the VPC dashboard.
  2. Click Your VPCs in the left-hand menu.
  3. Click Create VPC, and set the following values:
    • Name tag: VPC1
    • IPv4 CIDR block: 172.16.0.0/16
  4. Leave the IVv6 CIDR block and Tenancy fields as their default values.
  5. Click Create.

Create a Public and Private Subnet in Different Availability Zones

Create Public Subnet

  1. Click Subnets in the left-hand menu.
  2. Click Create subnet, and set the following values:
    • Name tag: Public1
    • VPC: VPC1
    • Availability Zone: us-east-1a
    • IPv4 CIDR block: 172.16.1.0/24
  3. Click Create.

Create Private Subnet

  1. Click Create subnet, and set the following values:
    • Name tag: Private1
    • VPC: VPC1
    • Availability Zone: us-east-1b
    • IPv4 CIDR block: 172.16.2.0/24
  2. Click Create.

Create Two Network Access Control Lists (NACLs), and Associate Each With the Proper Subnet

Create and Configure Public NACL

  1. Click Network ACLs in the left-hand menu.
  2. Click Create network ACL, and set the following values:
    • Name tag: Public_NACL
    • VPC: VPC1
  3. Click Create.
  4. With Public_NACL selected, click the Inbound Rules tab below.
  5. Click Edit inbound rules.
  6. Click Add Rule, and set the following values:
    • Rule #: 100
    • Type: HTTP (80)
    • Port Range: 80
    • Source: 0.0.0.0/0
    • Allow / Deny: ALLOW
  7. Click Add Rule, and set the following values:
    • Rule #: 110
    • Type: SSH (22)
    • Port Range: 22
    • Source: 0.0.0.0/0
    • Allow / Deny: ALLOW
  8. Click Save.
  9. Click the Outbound Rules tab.
  10. Click Edit outbound rules.
  11. Click Add Rule, and set the following values:
    • Rule #: 100
    • Type: Custom TCP Rule
    • Port Range: 1024-65535
    • Destination: 0.0.0.0/0
    • Allow / Deny: ALLOW
  12. Click Save.
  13. Click the Subnet associations tab.
  14. Click Edit subnet associations.
  15. Select the Public1 subnet, and click Edit.

Create and Configure Private NACL

  1. Click Create network ACL, and set the following values:
    • Name tag: Private_NACL
    • VPC: VPC1
  2. Click Create.
  3. With Private_NACL selected, click the Inbound Rules tab below.
  4. Click Edit inbound rules.
  5. Click Add Rule, and set the following values:
    • Rule #: 100
    • Type: SSH (22)
    • Port Range: 22
    • Source: 172.16.1.0/24
    • Allow / Deny: ALLOW
  6. Click Save.
  7. Click the Outbound Rules tab.
  8. Click Edit outbound rules.
  9. Click Add Rule, and set the following values:
    • Rule #: 100
    • Type: Custom TCP Rule
    • Port Range: 1024-65535
    • Destination: 0.0.0.0/0
    • Allow / Deny: ALLOW
  10. Click Save.
  11. Click the Subnet associations tab.
  12. Click Edit subnet associations.
  13. Select the Private1 subnet, and click Edit.

Create an Internet Gateway, and Connect It to the VPC

  1. Click Internet Gateways in the left-hand menu.
  2. Click Create internet gateway.
  3. Give it a Name tag of "IGW".
  4. Click Create.
  5. Once it's created, click Actions > Attach to VPC.
  6. In the dropdown, select our VPC1.
  7. Click Attach.

Create Two Route Tables, and Associate Them with the Correct Subnet

Create and Configure Public Route Table

  1. Click Route Tables in the left-hand menu.
  2. Click Create route table, and set the following values:
    • Name tag: PublicRT
    • VPC: VPC1
  3. Click Create.
  4. With PublicRT selected, click the Routes tab on the page.
  5. Click Edit routes.
  6. Click Add route, and set the following values:
    • Destination: 0.0.0.0/0
    • Target: Internet Gateway > IGW
  7. Click Save routes.
  8. Click the Subnet Associations tab.
  9. Click Edit subnet associations.
  10. Select our Public1 subnet.
  11. Click Save.

Create and Configure Private Route Table

  1. Click Route Tables in the left-hand menu.
  2. Click Create route table, and set the following values:
    • Name tag: PrivateRT
    • VPC: VPC1
  3. Click Create.
  4. With PrivateRT selected, click the Subnet Associations tab.
  5. Click Edit subnet associations.
  6. Select our Private1 subnet.
  7. Click Save.

Conclusion

Congratulations on completing this hands-on lab!