...
Followings are overall steps associated with VPC
STEP 1. Create two Elastic IP addresses for connection
https://ap-northeast-2.console.aws.amazon.com/ec2/v2/home?region=ap-northeast-2#Addresses:
- Allocate Elastic IP address and name it
STEP 2. Create VPC
1) AWS Management Console → Services from Top menu → type "vpc" → select VPC (isolated service) → Create VPC
. You can directly connect to that menu at https://ap-northeast-2.console.aws.amazon.com/vpc/home?region=ap-northeast-2#2
2) Set IPv4 CIDR block*: 10.0.0.0/16
3) check at No IPv6 CIDR Block
4) Set Tenancy = default
Launch VPC wizard: https://ap-northeast-2.console.aws.amazon.com/vpc/home?region=ap-northeast-2#wizardSelector:
- Select VPC with Public and Private Subnets
- Put proper name to VPC Name, Public subnet, Private subnet associated with Availability Zone1.
- Assign Elastic IP designed at STEP 1
- Leave other values as default like IPv4 CIDR block, Hardware tenancy, and etc.
STEP 3
...
. Create internet gateway
1) Create internet gateway: initial state will be "detached"
2) Attach to VPC
STEP 3. Create "Public Subnet"
1) Select VPC: it will automatically set set VPC CIDRs
2) Set Availability Zone
3) Set IPv4 CIDR block*: 10.0.1.0/24
STEP 4. Create "Private Subnet"
1) Select VPC: it will automatically set set VPC CIDRs
2) Set Availability Zone
- Your gateway would be automatically created. Just name it.
STEP 4. Create Subnets
https://ap-northeast-2.console.aws.amazon.com/vpc/home?region=ap-northeast-2#subnets:sort=SubnetId
...
Name | IPv4 CIDR | Availability Zone |
---|---|---|
PublicSubnet-az1 | 10.0.0.0/24 | az1 |
PrivateSubnet-app-az1 | 10.0.1.0/24 | az1 |
PrivateSubnet-db-az1 |
10.0.2.0/24 |
STEP 5. Set Public Route Tables
1) Usually automatically generated, and requires renaming like "Public RT" for you
2) Select your route table → move tap to "Routes" → add route → add "0.0.0.0/0" and set target to internet gateway defined at STEP 2
3) move tap to "Subnet Associations" → Edit subnet associations -> Select only "public subnets" -> Save
STEP 6. Set Private Route Tables
1) Create Private Route Table and name it like "Private RT" for you
2) move tap to "Subnet Associations" → Edit subnet associations → Select only "private subnets" defined at STEP 4 → Save
az1 | ||
PublicSubnet-az2 | 10.0.3.0/24 | az3 |
PrivateSubnet-app-az2 | 10.0.4.0/24 | az3 |
PrivateSubnet-db-az2 | 10.0.5.0/24 | az3 |
STEP 5. Set Route Tables
Name Route Table ID by "Elplicit subnet association" and "Main" like below:
Name | Explicit subnet association | Main |
---|---|---|
PublicRT | subnet-**** | No |
PrivateRT | Yes |
STEP 8
...
. Create security group
1) One default inbound rule will be listed
2) Add one more a rule : set Type to "SSH" → set Protocol to "TCP" → set Port Range to 22 → set Source to "My IP" → Your IP will be automatically assigned or your can simply assign 0.0.0.0/0
STEP
...
9. Create network ACL
1) One default ACL will be listed, and just rename it in your own way
2) Set Inbound Rules
STEP 9. Creating instances
STEP 11. Create Load Balancer
Required for scalable service design. You will need to assign VPC Availability Zone that you created at STEP 2 like below:
STEP 10. Creating instances
https://ap-northeast-2.console.aws.amazon.com/ec2/v2/home?region=ap-northeast-2#Instances:
1) Launching Instances → Choose an AMI (Amazon Machine Image) → Free Tier only (if you are new)
2) Select Network by VPC designed at STEP 12
3) Select Subnet designed at STEP 3 and STEP 45
4) Enable "Auto Assign Public IP"
5) Configure Security Group based on you created at STEP 78
6) Download key Pair for secure connection → Launch Instances
...