Creating and configuring a Virtual Private Cloud (VPC) within AWS can be a simple or difficult process. It all very much depends on the complexity of your requirements. For example, how many subnets and hosts will you require? Will you be using one VPC or peering multiple VPCs together? Do you need to establish connectivity back to your on-premise network? Do you need internet connectivity for your Private instances? These and many more questions need to be asked and answered before you start to design your VPC infrastructure.
As a part of this process, you will need to understand VPC Subnet configurations and VPC routing to ensure you architect your solution correctly and efficiently.
This AWS Virtual Private Cloud: Subnets and Routing course looks and VPC Subnets and VPC Routing in detail, providing examples of both across different configurations and solutions and how to best implement your network design.
- VPC CIDR Blocks - This lecture focuses on the effect of subnetting your VPC CIDR Block
- Why Subnet your VPC - This lecture looks at some of the reasons why you may want to subnet your VPC, by looking at the advantages and benefits
- VPC Subnets - This lecture dives into at what a VPC Subnet looks like within the Management Console and its associated components such as Network Access Control Lists (NACLs)
- Public & Private Subnets - This lecture looks at the differences between both Public and Private subnets within a VPC
- VPC Peering: Subnet Considerations - This lecture focuses on some of the considerations when architecting your subnets in different VPC Peering configurations
- Flow Logs: VPC Subnets - This lecture dives into at what a VPC Subnet looks like within the Management Console and its associated components such as Network Access Control Lists (NACLs)
- Demonstration: Creating a VPC & Subnets - This lecture provides a demonstration on how to set up and configure a VPC with both Public and Private subnets
- Routing Fundamentals & Route Tables - This lecture introduces AWS routing and its Routing tables by breaking down all the components within it
- Routing Priorities - This lecture explains how the routing priorities are defined for overlapping routes within the same route table
- Routing: VPC Peering - This lecture looks are different routing configurations for multiple VPC peering scenarios
- Routing: VPN Connection via a Virtual Private Gateway - This lecture looks at routing configurations for virtual Private Gateways
- Routing: Internet Gateways & NAT Gateways - This lecture looks at the routing configurations for both IGWs and NAT Gateways and the dependencies involved
- Routing: VPC Endpoints - This lecture looks at the automatic routing configuration when creating a VPC Endpoint
Hello and welcome to this demonstration lecture on the creation of a VPC and different subnets. Now we understand the concepts of subnets, why we subnet, and the different types of subnets, public and private, I want to demonstrate how to create a VPC and a couple of the associated subnets.
In this demonstration, I will carry out the following steps:
- I'll create a new VPC with a /16 CIDR Block.
- I'll then create and attach an Internet Gateway to the VPC
- I'll then create and configure two subnets whilst allowing for the possibility of creating up to thirty two in total by using a /21 twenty one mask
- and I'll then configure one subnet as a public subnet.
Let's take a look. Okay, so I've logged into the AWS management console and the first thing I want to do is go to the VPC. So I have a shortcut here and once that is loaded, I then want to look at creating a new VPC. Over on the left-hand side here, we can see my existing virtual private clouds. And it gives me opportunity here to create a new VPC.
So let's create this VPC. I'll give it a name, I'll call it "Networking Demo". And then here we can enter the IPv4 CIDR Block for the VPC and I want to use 10.0.0.0/16 and we're not going to use a IPv6 and keep it at default tenancy and then click create. That has now created our new VPC so now we have the new VPC and want to start creating some subnets.
So let's go down to subnets, click on create subnet. Give it a name, we'll call this "Public Subnet". I'm going to have this within our new VPC that we just created so our networking demo VPC. And the availability zone, I don't mind which AZ that's in so I have no preference but I can select on availabilities in there if I want to.
So now I can enter the CIDR Block for this subnet and as I explained before I started this demo, I'm going to use a different mask than the VPC mask with /16 so I want to allow for up to thirty two potential subnets so I'll use this /21. And so the first available subnet for me to use with the /21 is 10.0.0.0/21.
And then I shall create. And now we can see, we have our public subnet within our networking demo VPC. With this subnet mask of a /21, we can see that we have 2043 host addresses available. I now have a public subnet, but at the moment there's nothing public about it because we don't have an Internet Gateway attached to our VPC, and we don't have a route to Internet Gateway either.
So lets create another subnet, and we'll call that "Private". Let's call that our private subnet. Again, we'll select the right VPC, networking demo, and again no preference for availability zone. For this subnet I'm going to use the last available subnet within that range, which is 10.0.248.0/21, create.
Now I could have used any one of the 32 subnets, but for this demonstration I just thought I'd use the first subnet and the last available subnet. So now we have our private subnet within our networking demo VPC and again we have 2043 addresses available. So now what we need to do, we have our VPC set up, we have two subnets, one named "Public" and one named "Private" but now we need to make that public subnet to act as a public subnet.
For that we'll need to create an Internet Gateway. Go down to Internet Gateways, click on create Internet Gateway. Give this a name, we'll say networking demo, yes, create. And we have our Internet Gateway here and at the moment it's detached, so we need to attach this Internet Gateway to our new VPC. So click on attach to VPC, select the appropriate VPC, which is networking demo and say yes, attach.
Now we have an Internet Gateway attached to our networking demo VPC. Now all I'll want to do is create a new route table for the VPC with a route pointing to the Internet Gateway. If I go across to Route Tables, create Route Table, call this "Public Route Networking" and associate that to the networking VPC, create.
Here we have our new route, Public Route Networking. Go down to routes, we have our route table. We can see that we have this local route and what that does, it allows all subnets within this VPC to communicate with each other. But I want to edit this route table to add another route pointing to anywhere with a 0.0.0.0/0 using our new Internet Gateway that we just created here.
Save that, and I now want to associate this route table to our public subnet. If we click on subnet associations, come across to edit, and select our public subnet, click save. We now have a public subnet within our new VPC, because what we've done, we've created our new VPC, we created two subnets, a public subnet and a private subnet. I then created and attached an Internet Gateway to our VPC. I then created a new route that pointed to the Internet Gateway for Internet traffic and I then associated that route table to our public subnet. Now any instances that I might launch in that public subnet can communicate with the Internet.
However, the private subnet cannot because if we look at our private subnet here and look at the route table we can see that it doesn't have any route to the Internet Gateway. It can only talk internally to the other subnets but not any further, whereas our public subnet that we just associated a new route table with, we can see that it now has a route out to the Internet via the Internet Gateway. And that's it.
Before I finish this lecture on VPC subnets, I just want to highlight a few more points around them.
When architecting and designing your VPC subnets across different availability zones, specifically for resiliency, I recommend you replicate the same configurations in both availability settings. This includes any public and private subnets. This ensures you maintain a mirror image of your network infrastructure should one AZ go down.
You should name your subnet something meaningful during creation, allowing you to quickly identify its use or other distinct information about that sublet. For example, web tier or database tier. Think about the amount of network and hosts required across your VPC, ensuring you have allocated a large enough CIDR Block.
Allow for future capacity growth for the number of subnets that you may need. Do not make the host IP addresses availability in your subnet too small unless you have a very specific reason. For example, by using a /28 mask, if you run out of IP addresses for your instances within the subnet then you can't make the subnet bigger.
The only option would be to make a bigger subnet and then migrate your resources across to the new subnet. This now brings us to the end of this lecture. Coming up next, I will be discussing VPC routing using the information we have just covered from these past few lectures.
Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data center and network infrastructure design, to cloud architecture and implementation.
To date, Stuart has created 150+ courses relating to Cloud reaching over 180,000 students, mostly within the AWS category and with a heavy focus on security and compliance.
Stuart is a member of the AWS Community Builders Program for his contributions towards AWS.
He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.
In January 2016 Stuart was awarded ‘Expert of the Year Award 2015’ from Experts Exchange for his knowledge share within cloud services to the community.
Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.