Lab Steps

lock
Logging in to the Amazon Web Services Console
lock
Creating a VPC
lock
Creating a VPC Internet Gateway
lock
Creating a Public Subnet
lock
Creating a Bastion Host
lock
Creating a Private Subnet
lock
Creating a Network ACL for a Private Subnet
lock
Adding Rules to a Private Network ACL
lock
Launching an EC2 Instance on a Private Subnet
lock
Launching a Network Address Translation (NAT) instance
lock
Testing access of Private Subnet Instances
lock
Highlights of Securing your VPC
live-help Need help? Contact our support team

Here you can find the instructions for this specific Lab Step.

If you are ready for a real environment experience please start the Lab. Keep in mind that you'll need to start from the first step.

Introduction

The simplest way to create a subnet for your VPC is using the AWS Management Console. In this Lab Step you will create a public subnet in the VPC you created earlier. As implied by the name, a public subnet is typically for resources that require ingress and/or egress to the public internet. A common use case for this is a DNS server, and a load balancer sitting in front of front-end webservers or web applications.

Instructions 

1. From the VPC Dashboard, click Subnets in the left navigation pane. The Subnets page lists all previously created subnets.

 

2. Select the cloudacademy-labs VPC from the options listed in the Filter by VPC located at the top of the left-hand navigation pane of the VPC Dashboard:

AWS  VPC - Subnet list

Note: You may need to refresh your browser tab to be able to select the cloudacadeylabs-vpc from the Filter by VPC list.

Since you do not have any subnets in the VPC previously created, it should be blank after using the filter. (Prior to the filter, you likely had three subnets already listed that were attached to a previously created VPC in the student account.)

 

3. Click Create Subnet. In the Create Subnet dialog, specify the following Subnet details:

  • Name tag: Enter Public-A (This is the name for your subnet. A tag with a key of Name and the value "Public-A" is created.)
  • VPC: Select the  cloudacademy-labs VPC
  • Availability Zone: Select us-west-2a from the drop-down menu
  • CIDR block: Enter 10.0.20.0/24 (Specify a CIDR block in the selected VPC.)

 alt

Click Create when ready to proceed, followed by Close.

The new subnet will be deployed into the selected VPC, and into the selected Availability Zone. Next you will need to setup the route table.

A route table contains a set of rules, called routes, that are used to determine where network traffic is directed. Each route in a table specifies a destination CIDR and a target (for example, traffic destined for 172.16.0.0/12 is targeted for the virtual private gateway).  If a subnet has a route with the destination (0.0.0.0/0) and Internet Gateway as the target, the subnet is known as a public subnet. You can create a custom route table for your VPC using the Amazon VPC console.

 

4. In the left navigation pane, click Route Tables, then Create Route Table. A Create Route Table dialog is opened up. Fill out accordingly:

  • Name tag: Enter PublicRouteTable. This is the name for your subnet; doing so creates a tag with a key of Name and the value that you specify.

  • VPC: Select the cloudacademy-labs from the drop-down menu. 

alt

Click Yes, Create when ready to proceed. 

 

5. With the PublicRouteTable selected, switch to the Routes tab, and click Edit.

  • Click Add another route 
  • In the new rule set Destination to 0.0.0.0/0  and Target to Internet Gateway -> labs-gw 

Click Save when ready to proceed. Next you will change the default route table of the public subnet to include the new route table. (Note:  The precise ID of your route table will include different random alphanumerics.)

 

6. From Virtual Private Cloud > Subnets in the left navigation pane, select the Public-A subnet, switch to the Route Table tab, and click the Edit route table association button. In the Edit route table association form, change the Route Table ID to the one that isn't selected by default (that will be the PublicRouteTable). Confirm that the 0.0.0.0/0 internet gateway route is displayed in the routes:

alt

Then click Save and Close. The default route table only has local routing (Destination 10.0.0.0/16 with Target local). You need a route to the internet via the Internet Gateway as the destination, associated to your VPC, so you used the PublicRouteTable instead.

 

Summary

Now you have a public subnet in your VPC with a route to the Internet (via the labs-gw Internet Gateway) for all traffic.

Validation checks
1Checks
Connected Internet Gateway to the Route Table

Connected an internet gateway to a non-default VPC route table

Networking for AWS