Lab Steps

lock
Logging in to the Amazon Web Services Console
lock
Creating a VPC
lock
Creating a VPC Internet Gateway
lock
Creating a Public Subnet
lock
Creating a Bastion Host
lock
Creating a Private Subnet
lock
Creating a Network ACL for a Private Subnet
lock
Adding Rules to a Private Network ACL
lock
Launching an EC2 Instance on a Private Subnet
lock
Launching a Network Address Translation (NAT) Gateway
lock
Testing access of Private Subnet Instances
lock
Highlights of Securing your VPC
Need help? Contact our support team

Here you can find the instructions for this specific Lab Step.

If you are ready for a real environment experience please start the Lab. Keep in mind that you'll need to start from the first step.

Introduction

As implied by the name, a public subnet will hold resources that require ingress and/or egress to the public internet. A common use case for this is a DNS server, or a load balancer sitting in front of front-end web servers or web applications.

In this lab step, you will create a public subnet in your VPC.

 

Instructions 

1. In the VPC Dashboard, click Subnets in the left navigation pane: 

  alt

The Subnets page lists all previously created subnets.

 

2. Click Create subnet:

alt

3. Configure the following subnet details:

  • VPC ID: Select  cloudacademy-labs
  • Subnet name: Enter Public-A (This is the name for your subnet. A tag with a key of Name and the value "Public-A" is created)
  • Availability Zone: Select us-west-2a from the drop-down menu
  • CIDR block: Enter 10.0.20.0/24

alt

4. Click Create subnet:

alt

The new subnet will be deployed into the selected VPC, and into the selected Availability Zone.

Next, you will need to set up the route table.

A route table contains a set of rules, called routes, that are used to determine where network traffic is directed. Each route in a table specifies a destination CIDR and a target (for example, traffic destined for 172.16.0.0/12 is targeted for the virtual private gateway).  If a subnet has a route with the destination (0.0.0.0/0) and Internet Gateway as the target, the subnet is known as a public subnet. You can create a custom route table for your VPC using the Amazon VPC console.

 

5. In the left-hand navigation pane, click the Filter by VPC field and select the cloudacademy-labs VPC from the drop-down:

 

alt

Note: You may need to refresh your browser tab to be able to select the cloudacademy-labs VPCfrom the Filter by VPC field.

 

6. In the left navigation pane, click Route Tables:

alt

 

7. Click Create route table:

alt

 

8. Configure the following route table settings:

 

  • Name: Enter PublicRouteTable
  • VPC: Select the cloudacademy-labs VPC from the drop-down menu

alt

 

9. Scroll to the bottom of the page and click Create route table:

alt

 

10. On the route details page, switch to the Routes tab and click Edit routes:

alt

 

11. Click Add route:

alt

 

12. Configure the following route settings:

  • Destination: Enter 0.0.0.0/0 
  • Target: Select Internet Gateway, then labs-gw

 

13. Click Save changes:

alt

Up next, you will change the default route table of the public subnet to include the new route table.

 

14. In the left-hand navigation pane, click Subnets.

 

15. Select the Public-A subnet and click the Route table tab

 

16. Click the Edit route table association button:

alt

 

17.  Select PublicRouteTable from the Route table ID drop-down menu and confirm the following routes:

alt

Note: The internet gateway under your target will differ from the ID above.

 

18. Click Save:

alt

This subnet will require a route to the internet, so the associated route table has now been configured to use PublicRouteTable to determine traffic rules.

 

Summary

In this lab, you created a public subnet in your VPC and associated it with a route table with access to the public internet.

Validation checks
1Checks
Connected Internet Gateway to the Route Table

Connected an internet gateway to a non-default VPC route table

Networking for AWS

Learning Pathnavigation