Securing your VPC using Public and Private subnets

Beginner

2999 students completed the lab in ~45m

Total available time: 1h:0m

1430+ students rated this lab!

Securing your VPC using Public and Private subnets

In this lab we'll design a VPC with a public subnet and private subnet, and a network address translation (NAT) instance in the public subnet.

A NAT instance enables instances in the private subnet to initiate outbound traffic to the Internet. This scenario is usually used if you want to run a public-facing web application, while maintaining back-end servers that aren't publicly accessible.

A common example is a multi-tier website with the web servers in a public subnet and the database servers in a private subnet. You can set up security and routing so that the web servers can communicate with the database servers.The instances in the public subnet can send outbound traffic directly to the Internet, whereas the instances in the private subnet can't. The instances in the private subnet can access the Internet via the NAT instance in the public subnet. You can increment the network security using a network access control list (ACL) which is an optional layer of security that acts as a firewall for controlling traffic in and out of a subnet. You might want to set up network ACLs with rules similar to your security groups in order to add an additional layer of security to your VPC.

 

You'll build and learn following these steps:

Log In to the Amazon Web Service Console

Your first step to start the laboratory experience

Create a VPC

How to create a Virtual Private Cloud using the AWS Management Console 

Create a VPC Internet Gateway

How to create an Internet Gateway for your VPC

Create a Public Subnet

After creating a VPC, you can add one or more subnets and each subnet may be public or private

Create Network ACL for Public

network access control list (ACL) is a layer of security for control traffic in and out of a subnet

Add rules to Public Network ACL

You can add or delete a rule from an ACL, any subnets associated with the ACL are subject to the change.

Launch NAT instance

Launch an NAT instance on public Subnet selecting a AWS NAT AMI

Create a Private Subnet

After creating a VPC, you can add one or more subnets and each subnet may be public or private

Create Network ACL for Private

network access control list (ACL) is a layer of security for control traffic in and out of a subnet

Add rules to Private Network ACL

You can add or delete a rule from an ACL, any subnets associated with the ACL are subject to the change.

Launch EC2 instance on private subnet

Launch an EC2 instance on private subnet selecting a community AMI

Securing your VPC resume

A resume about the labs