Configured VPC through AWS-CLI by creating a High Availability Architecture of Networking
→VPC | Subnet- Public and Private |Internet Gateway | NAT Gateway | Route Table | Linux | AWS | AWS-CLI←
In this article, We will discuss about some core concept of networking i.e. VPC via AWS-CLI. Before going through the task , let’s discuss some basic terminologies 👩💻 used here:-
💠 VPC (Virtual Private Cloud)
A virtual private cloud (VPC) is an on-demand configurable pool of shared computing resources allocated within a public cloud environment, providing a certain level of isolation between the different organizations using the resources. The isolation between one VPC user and all other users of the same cloud (other VPC users as well as other public cloud users) is achieved normally through allocation of a private IP subnet and a virtual communication construct per user.
In AWS, Amazon Virtual Private Cloud (Amazon VPC) enables you to launch AWS resources into a virtual network. Amazon VPC is the networking layer for Amazon EC2 and a virtual network dedicated to your AWS account.
VPC provides a multi-tenancy service and NAAS(network as a service). AWS create a VPC for you ,when you create an account or in every cloud, we need to create a vpc or the cloud gives a default vpc(which aws automatically creates). They not only provides the NAAS service ,infact, they provide you the entire infrastructure.
A subnet, or subnetwork, is a network inside a network. Subnets make networks more efficient. Through subnetting, network traffic can travel a shorter distance without passing through unnecessary routers to reach its destination. Subnet is basically a range of IP addresses in your VPC.
Switch is a device that will connect the IPs having same network.
Router is a device that will connect the IPs of different network to the internet. In this, if public IP comes to router ,it won’t allow that connects to internet.
💠 ROUTE TABLE
A set of rules, called routes, that are used to determine where network traffic is directed. It basically shows the IP range of your network with the netmask. You can easily identify by this that to how much ip you can connect and ping them.
💠 INTERNET GATEWAY
A gateway that you attach to your VPC to enable communication between resources in your VPC and the internet. In this, if anyone from outside (or from internet) from different network , wants to connect to the private ip of your own private subnet of vpc then, router collects all the data packets and change the destination IP address(private ip) with it’s own public ip. So, it is known as port address translation(or DNAT).
💠 NAT GATEWAY
Network Address Translation (NAT) gateway is used to enable instances in a private subnet to connect to the internet or other AWS services, but prevent the internet from initiating a connection with those instances. In this, there is a replacement of source IP, so it is known as SNAT.
To create a NAT gateway, you must specify the public subnet in which the NAT gateway should reside. You must also specify an Elastic IP address to associate with the NAT gateway when you create it. The Elastic IP address cannot be changed after you associate it with the NAT Gateway. After you’ve created a NAT gateway, you must update the route table associated with one or more of your private subnets to point internet-bound traffic to the NAT gateway. This enables instances in your private subnets to communicate with the internet.
💠 AWS Command Line Interface
The AWS Command Line Interface (CLI) is a unified tool to manage your AWS services. With just one tool to download and configure, you can control multiple AWS services from the command line and automate them through scripts.
Let’s discuss about the task….✨
🔅 Create your own customize VPC , inside this VPC, create two Subnets — public and private , then, from the private subnet ,ping to the outside world(public world-internet) by creating an Internet gateway and NAT gateway linked with the Route table and associate them with the suitable subnets.
🔅 Do the task by AWS-CLI.
◾Download the AWS CLI MSI installer for Windows (64-bit):
◾Configure aws by enter access key and secret access key id by using command: 🔸#aws configure
‼️NOTE: In my case, I am using N.Virginia region as us-east-1 to perform this task.‼️
Step-1: Create a VPC
Add Tag to above created vpc:
Step-2: Create a public subnet in our customize VPC(lwvpc1)
Here, I have created this public subnet in availability zone ‘us-east-1a’.
Add tag to above created subnet:
Step-3: Create a private subnet in our customize VPC(lwvpc1)
Here, I have created this private subnet in availability zone ‘us-east-1b’.
Add tag to above created subnet:
Step-4: Create Internet Gateway
Add tag to above created igw:
Step-5 Attach Internet Gateway to the VPC(lwvpc1)
Step-6: Create a Key-pair
Step-7: Create a Security Group in lwvpc1
Add tag to above created security group:
Step-8: Enable Auto-assign Public IP on Public Subnet(lwlab1)
👉 # aws ec2 modify-subnet-attribute — subnet-id subnet-0692e7d81ea570011 — map-public-ip-on-launch — region us-east-1
Step-9: Launch an EC2 Instance in VPC(-lwvpc1) in Public Subnet(-lwlab1)
👉 # aws ec2 run-instances — image-id ami-04d29b6f966df1537 — count 1 — instance-type t2.micro — key-name newvpcclikey — security-group-ids sg-04f89e491076e30ef — subnet-id subnet-0692e7d81ea570011 — region us-east-1
Add tag to above created instance:
👉 It is clearly shown above that the ec2 instance which is launched in public subnet with auto-assign public ip enabled having Public IP: 220.127.116.11.
Step-10: Launch an EC2 Instance in VPC(-lwvpc1) in Private Subnet(-lwlab2)
👉 # aws ec2 run-instances — image-id ami-04d29b6f966df1537 — count 1 — instance-type t2.micro — key-name newvpcclikey — security-group-ids sg-04f89e491076e30ef — subnet-id subnet-00bbe141db6182ed9 — region us-east-1
Add tag to above created instance:
👉 Here, In os2lab2 instance ,NO PUBLIC IP Address is assigned because I have enabled auto assign IP only for public subnet and here, I have launched this instance in private subnet .
Step-11: Ping the os1lab1(in lwlab1 — public subnet) to its public IP from your base OS(Windows command prompt)
👉 It is not pinging because this instance ‘os1lab1’ has been created in customize VPC ,So no one from outside world can ping to it until & unless we create a route table associated with the internet gateway.
Step-12: Create a Route Table in lwvpc1
Add tag to the above created routing table:
Step-13: Create route to Internet Gateway
Step-14: Associate Public Subnet(lwlab1) with Route Table(NewRTforVPC)
Step-15: Create an Inbound Rule to security group (SecurityGroupForvpc) in both ec2 instances
👉 Here, I have created an inbound rule to allow “All traffic” and go anywhere as 0.0.0.0/0 .
Step-16: AGAIN, Ping the os1lab1(in lwlab1 — public subnet) to its public IP from your base OS(Windows command prompt)
👉 Finally, it’s pinging🎉 because now we have associated route table with internet gateway to the public subnet.
Step-17: Allocate Elastic IP Address for NAT Gateway
👉 It is important to assign Elastic IP (or public IP) to the NAT Gateway , without this , it cannot be created.
Step-18: Create a NAT Gateway
👉 Here, I have created a NAT Gateway in public subnet(lwlab1).
Add tag to above created NAT Gateway:
Step-19: Create a new Route Table
Add tag to above created route table:
Step-20: Create route to NAT Gateway
‼️NOTE: You are charged for creating and using a NAT gateway in your account. NAT gateway hourly usage and data processing rates apply. Amazon EC2 charges for data transfer also apply. So, If you no longer need a NAT gateway, you can delete it. Deleting a NAT gateway disassociates its Elastic IP address, but does not release the address from your account.
⭕ Delete a NAT Gateway using CLI: # aws ec2 delete-nat-gateway — nat-gateway-id nat-0d393cea05f5bf3b8 ‼️
Step-21: Associate Private Subnet(lwlab2) with Route Table(NewRTforVPCnatGW)
👉 Now, if you want to ping through the private subnet instance to the outside world(or google) then, it will ping successfully🎉🎉 but it ping only when ,you have logged-in to private subnet instance through the public subnet instance via ssh otherwise not because our Internet gateway is associated with the public subnet here. So, if you trying to ping directly from the private subnet instance, it failed.
Thus, TASK COMPLETED SUCCESSFULLY !🔥
Hope you like my article ,as it will help you to explore more about networking concepts and VPC. For any queries, give your response📝 below👇 and make sure to give a clap👏👏.