AWS Tutorial For Beginners: Intro to Amazon Virtual Private Cloud (VPC)

VPC Overview

So what is VPC, and what is it used for?

VPC, or Virtual Private Cloud, is the AWS service that allows you the ability to setup networks on Amazon’s infrastructure. You can create multiple subnets and restrict access from the Internet to specific subnets, protecting backend, sensitive data from direct access.

A typical case study for VPC would be a web server in an Internet accessible subnet that access data from a database in a non-Internet accessible subnet. In this arrangement only the web server can talk to the database, preventing attackers from attempting to hack into potentially sensitive data directly from the Internet.

Other case studies include subnets accessible by only trusted partner networks which can be used to create a hybrid of corporate and AWS networks.

All of this networking and communication comes without the need to physically install any components. All of these services operate on Amazon’s infrastructure, making services available in near on demand timelines. Establishing a VPC is a matter of configuration not construction when using AWS.



Benefits to You

What this means for your business is, as soon as you have a need for a cloud based network there is no lead time to begin constructing and testing it. Simply start with the AWS VPC console and put together the components you need. No delays or lost productivity while you wait on hardware to be delivered, racks to be assembled, or cabling to be run.

You can scale your network as large as you want, spinning up additional resources in minutes. If your capacity demand shrinks, simply turn off the resources you aren’t using. You’re only billed for what you use so your expenses can be matched to your usage needs. No more investing in spare capacity for peak usage periods.



What you will learn today

Our lesson plan is going to walk you through all the necessary steps to create and configure a VPC with a public and a private subnet and launching an EC2 web server into the public subnet. We’ll be using the AMI you created in lesson two from your web server. So, if you haven’t completed that lesson go back and finish it up so you can proceed from here.

At the end of the lesson you will have a fully functional network running on AWS with a publicly accessible web server. You will have mastered enough AWS services to launch a production ready system using AWS.



Step By Step VPC Setup

Step One: Creating the VPC

The creation of a VPC starts with the AWS VPC wizard. Select the VPC service from the AWS services drop down menu and click on the “Start VPC Wizard”. Make sure the option “VPC with a single public subnet” is selected.

Using this selection for the wizard will make sure you’ve addressed several key points in creating a VPC including: creating a network block with private IP addresses, attaching an Internet Gateway to the VPC to allow access to resources such as web servers, creation of a subnet, and creation of route tables to allow traffic from and to the subnet to travel through the Internet Gateway.

Click the “Select” button.

The next screen prompts you for configuration information. All of the defaults are fine for our purposes. Enter an name for your VPC that will help you remember what it’s for. You may also enter a name for your subnet or accept the default name, Public Subnet.

When you have everything the way you want, click the “Create VPC” button.

The new VPC will be fully set up with a subnet, a security group, and an Internet Gateway. You’re ready for the next step.

Step Two: Configuring your Security Group for Web Access

Once the VPC is successfully created, you can now configure it to allow traffic for your web server into and out of the VPC. To configure the correct rules click the “Security Groups” link in the left panel of the VPC screen.

Locate the security group that was created by the VPC wizard for your VPC. It will have the name you provided for your VPC in the VPC column. Select the security group by clicking on it.

Click the “Inbound Rules” tab.

You will see that the security group is configured to allow all traffic on all ports. With this configuration you will be able to access your web server but your network is wide open to attackers. We’ll add a couple rules to allow just the traffic we need for serving web pages and administering the server.

Click the “Edit” button.

We’re going to add the new rules we need before removing the all access rule. Click the “Add another rule” button.

Select the “HTTP (80)” option from the Type dropdown menu. In the Source text box enter 0.0.0.0/0.

Click the “Add another rule” button.

Select the “HTTPS (443)” option from the Type dropdown menu. In the Source text box enter 0.0.0.0/0.

These two rules allow web traffic over the standard port 80 and the secure port 443. Next, we will add a rule that will allow you to connect to your instance over SSH to do any administrative work needed.

Click the “Add another rule” button.

Select the “SSH (22)” option from the Type dropdown menu. In the Source text box enter 192.0.2.0/24.

Click the “Save” button. All of your new rules will be saved to the security group.

The last step is to remove the all traffic rule. Click the “Edit” button.

Click the x icon in the remove column on the All Access rule row. Click the save button.

You’ve successfully updated your security group to restrict traffic to only allow web and admin traffic through. You’re ready for the next step.



Step 3: Adding an EC2 Instance to your VPC

A secure and functioning network is great. But you can’t do much with it until you have a server connected to it and running. That’s the next step in this lesson. Launch an EC2 instance into your newly built VPC and start serving web pages from it.

To get started choose EC2 from the Services drop down menu.

Click the “Launch Instance” button.

You will be prompted to choose an AMI. Click the “My AMIs” tab. Look for the AMI we created in Lesson 2. Click the “Select” button for it.

The instance type screen will appear. Make sure the t2.micro type is selected and click the “Next: Configure Instance Details” button.

In the “Network” dropdown choose the VPC you created earlier. Click the “Next: Add Storage” button. Accept the defaults and click the “Next: Add Tags” button.

You can add any tags you like hear to help identify the instance. When you’ve added any you would like click the “Next: Configure Security Group” button.

Click the “Select an existing security group radio button”.

Select the security group you configured earlier and make sure the rules match the instructions above. If everything checks out, click the “Review and Launch” button.

You’ll be given one last opportunity to look things over and go back and make changes if needed. When you’re ready click the “Launch” button.

AWS will ask you if you want to create a new key pair or use an existing key pair. I recommend using the key pair you created in lesson 2. If you want to create a new one just be sure to download it and put it in a safe place. You will need this if you ever want to access your instance to administer it.

With all of that out of the way click the “Launch” button.

Hooray! Time to get some coffee while the instance comes online.



Step 4: Assigning a Public IP to your Instance

In order for the world at large to be able to access your web server you will need to assign a public IP address to your VPC. It’s a quick and painless procedure. I promise.

Select the VPC service from the Services drop down menu. Click on the Elastic IPs link.

Click the “Allocate new address” button. Leave the scope radio button for VPC selected and click the “Allocate” button.

You will see a confirmation that the IP has been successfully allocated. Click the “Close” button.

Select the IP that was just allocated in the list and select the “Associate” action from the Actions drop down list.

Select the instance you established in this lesson and click the “Associate” button. You will receive confirmation that the IP has been successfully associated.

Click the “Close” button.