Configured VPC through AWS-CLI by creating a High Availability Architecture of Networking

→VPC | Subnet- Public and Private |Internet Gateway | NAT Gateway | Route Table | Linux | AWS | AWS-CLI←

Greetings Connections!😀

In this article, We will discuss about some core concept of networking i.e. VPC via AWS-CLI. Before going through the task , let’s discuss some basic terminologies 👩‍💻 used here:-

💠 VPC (Virtual Private Cloud)

A virtual private cloud (VPC) is an on-demand configurable pool of shared computing resources allocated within a public cloud environment, providing a certain level of isolation between the different organizations using the resources. The isolation between one VPC user and all other users of the same cloud (other VPC users as well as other public cloud users) is achieved normally through allocation of a private IP subnet and a virtual communication construct per user.

In AWS, Amazon Virtual Private Cloud (Amazon VPC) enables you to launch AWS resources into a virtual network. Amazon VPC is the networking layer for Amazon EC2 and a virtual network dedicated to your AWS account.

VPC provides a multi-tenancy service and NAAS(network as a service). AWS create a VPC for you ,when you create an account or in every cloud, we need to create a vpc or the cloud gives a default vpc(which aws automatically creates). They not only provides the NAAS service ,infact, they provide you the entire infrastructure.

💠 SUBNET

A subnet, or subnetwork, is a network inside a network. Subnets make networks more efficient. Through subnetting, network traffic can travel a shorter distance without passing through unnecessary routers to reach its destination. Subnet is basically a range of IP addresses in your VPC.

💠 SWITCH

Switch is a device that will connect the IPs having same network.

💠 ROUTER

Router is a device that will connect the IPs of different network to the internet. In this, if public IP comes to router ,it won’t allow that connects to internet.

💠 ROUTE TABLE

A set of rules, called routes, that are used to determine where network traffic is directed. It basically shows the IP range of your network with the netmask. You can easily identify by this that to how much ip you can connect and ping them.

💠 INTERNET GATEWAY

A gateway that you attach to your VPC to enable communication between resources in your VPC and the internet. In this, if anyone from outside (or from internet) from different network , wants to connect to the private ip of your own private subnet of vpc then, router collects all the data packets and change the destination IP address(private ip) with it’s own public ip. So, it is known as port address translation(or DNAT).

💠 NAT GATEWAY

Network Address Translation (NAT) gateway is used to enable instances in a private subnet to connect to the internet or other AWS services, but prevent the internet from initiating a connection with those instances. In this, there is a replacement of source IP, so it is known as SNAT.

To create a NAT gateway, you must specify the public subnet in which the NAT gateway should reside. You must also specify an Elastic IP address to associate with the NAT gateway when you create it. The Elastic IP address cannot be changed after you associate it with the NAT Gateway. After you’ve created a NAT gateway, you must update the route table associated with one or more of your private subnets to point internet-bound traffic to the NAT gateway. This enables instances in your private subnets to communicate with the internet.

💠 AWS Command Line Interface

The AWS Command Line Interface (CLI) is a unified tool to manage your AWS services. With just one tool to download and configure, you can control multiple AWS services from the command line and automate them through scripts.

Let’s discuss about the task….✨

TASK-DESCRIPTION📝:

🔅 Create your own customize VPC , inside this VPC, create two Subnets — public and private , then, from the private subnet ,ping to the outside world(public world-internet) by creating an Internet gateway and NAT gateway linked with the Route table and associate them with the suitable subnets.

🔅 Do the task by AWS-CLI.

PRE-REQUISITE💻:

◾Download the AWS CLI MSI installer for Windows (64-bit):

https://awscli.amazonaws.com/AWSCLIV2.msi

◾Configure aws by enter access key and secret access key id by using command: 🔸#aws configure

‼️NOTE: In my case, I am using N.Virginia region as us-east-1 to perform this task.‼️

Let’s begin…..✨

Step-1: Create a VPC

VPC — CLI

Add Tag to above created vpc:

add tag to vpc(lwvpc1)
WebUI — VPC (lwvpc1)

Step-2: Create a public subnet in our customize VPC(lwvpc1)

public subnet — CLI

Here, I have created this public subnet in availability zone ‘us-east-1a’.

Add tag to above created subnet:

public subnet(lwlab1)
WEBUI-public subnet(lwlab1)

Step-3: Create a private subnet in our customize VPC(lwvpc1)

private subnet-CLI

Here, I have created this private subnet in availability zone ‘us-east-1b’.

Add tag to above created subnet:

private subnet(lwlab2)
WEBUI-private subnet(lwlab2)

Step-4: Create Internet Gateway

IGW created -CLI

Add tag to above created igw:

Internet Gateway(lwigw)
WEBUI-lwigw

Step-5 Attach Internet Gateway to the VPC(lwvpc1)

lwigw attached to lwvpc1
WEBUI

Step-6: Create a Key-pair

key — newvpcclikey created using CLI
WEBUI

Step-7: Create a Security Group in lwvpc1

security group created using CLI

Add tag to above created security group:

SecurityGroupForvpc
WEBUI

Step-8: Enable Auto-assign Public IP on Public Subnet(lwlab1)

👉 # aws ec2 modify-subnet-attribute — subnet-id subnet-0692e7d81ea570011 — map-public-ip-on-launch — region us-east-1

Step-9: Launch an EC2 Instance in VPC(-lwvpc1) in Public Subnet(-lwlab1)

👉 # aws ec2 run-instances — image-id ami-04d29b6f966df1537 — count 1 — instance-type t2.micro — key-name newvpcclikey — security-group-ids sg-04f89e491076e30ef — subnet-id subnet-0692e7d81ea570011 — region us-east-1

Add tag to above created instance:

os1lab1 in ‘lwlab1'
WEBUI — os1lab1 in ‘us-east-1a’
os1lab1 with public IP

👉 It is clearly shown above that the ec2 instance which is launched in public subnet with auto-assign public ip enabled having Public IP: 34.227.111.59.

Step-10: Launch an EC2 Instance in VPC(-lwvpc1) in Private Subnet(-lwlab2)

👉 # aws ec2 run-instances — image-id ami-04d29b6f966df1537 — count 1 — instance-type t2.micro — key-name newvpcclikey — security-group-ids sg-04f89e491076e30ef — subnet-id subnet-00bbe141db6182ed9 — region us-east-1

CLI

Add tag to above created instance:

os2lab2 in ‘lwlab2'
WEBUI — os2lab2 in ‘us-east-1b’
os2lab2 with no public IP

👉 Here, In os2lab2 instance ,NO PUBLIC IP Address is assigned because I have enabled auto assign IP only for public subnet and here, I have launched this instance in private subnet .

Step-11: Ping the os1lab1(in lwlab1 — public subnet) to its public IP from your base OS(Windows command prompt)

No Piniging

👉 It is not pinging because this instance ‘os1lab1’ has been created in customize VPC ,So no one from outside world can ping to it until & unless we create a route table associated with the internet gateway.

Step-12: Create a Route Table in lwvpc1

CLI

Add tag to the above created routing table:

Tag: NewRTforVPC
WEBUI — NewRTforVPC

Step-13: Create route to Internet Gateway

CLI — Add route rule for ‘lwigw’(internet gateway) in ‘NewRTforVPC’(route table)
WEBUI

Step-14: Associate Public Subnet(lwlab1) with Route Table(NewRTforVPC)

CLI
WEBUI

Step-15: Create an Inbound Rule to security group (SecurityGroupForvpc) in both ec2 instances

CLI

👉 Here, I have created an inbound rule to allow “All traffic” and go anywhere as 0.0.0.0/0 .

WEBUI — Inbound rule in os1lab1
WEBUI — Inbound rule in os2lab2

Step-16: AGAIN, Ping the os1lab1(in lwlab1 — public subnet) to its public IP from your base OS(Windows command prompt)

Pinging successfully

👉 Finally, it’s pinging🎉 because now we have associated route table with internet gateway to the public subnet.

Step-17: Allocate Elastic IP Address for NAT Gateway

👉 It is important to assign Elastic IP (or public IP) to the NAT Gateway , without this , it cannot be created.

CLI

Step-18: Create a NAT Gateway

CLI

👉 Here, I have created a NAT Gateway in public subnet(lwlab1).

Add tag to above created NAT Gateway:

Tag added
WEBUI
NAT Gateway with public IP: 54:158:159:121(or elastic ip)

Step-19: Create a new Route Table

CLI

Add tag to above created route table:

Tag: NewRTforVPCnatGW
WEBUI

Step-20: Create route to NAT Gateway

CLI — Add route rule for ‘NewLab1NGW’(NAT gateway) in ‘NewRTforVPCnatGW’(route table)
WEBUI

‼️NOTE: You are charged for creating and using a NAT gateway in your account. NAT gateway hourly usage and data processing rates apply. Amazon EC2 charges for data transfer also apply. So, If you no longer need a NAT gateway, you can delete it. Deleting a NAT gateway disassociates its Elastic IP address, but does not release the address from your account.

⭕ Delete a NAT Gateway using CLI: # aws ec2 delete-nat-gateway — nat-gateway-id nat-0d393cea05f5bf3b8 ‼️

Step-21: Associate Private Subnet(lwlab2) with Route Table(NewRTforVPCnatGW)

CLI
WEBUI

👉 Now, if you want to ping through the private subnet instance to the outside world(or google) then, it will ping successfully🎉🎉 but it ping only when ,you have logged-in to private subnet instance through the public subnet instance via ssh otherwise not because our Internet gateway is associated with the public subnet here. So, if you trying to ping directly from the private subnet instance, it failed.

Thus, TASK COMPLETED SUCCESSFULLY !🔥

Hope you like my article ,as it will help you to explore more about networking concepts and VPC. For any queries, give your response📝 below👇 and make sure to give a clap👏👏.

THANKYOU(*-*)🌻