Skip to content

Contact sales

By filling out this form and clicking submit, you acknowledge our privacy policy.
  • Labs icon Lab
  • A Cloud Guru
Google Cloud Platform icon
Labs

Configuring a Basic VPC in AWS

In this hands-on lab scenario, you’re a cloud network engineer tasked with setting up the security and network architecture for your organization's production environment. You'll have the opportunity to explore and understand the relationship between networking components. We will create a virtual private cloud (VPC), subnets across multiple availability zones (AZs), routes, and an internet gateway, as well as adding security using security groups and network access control lists (NACLs). These services are the foundation of networking architecture inside of AWS, and this lab will cover concepts such as infrastructure, design, routing, and security.

Try for free Contact sales
Google Cloud Platform icon
Labs

Path Info

Level
Clock icon Intermediate
Duration
Clock icon 1h 45m
Published
Clock icon Aug 24, 2022

Contact sales

By filling out this form and clicking submit, you acknowledge our privacy policy.

Table of Contents

  1. Challenge

    Create a VPC

    Navigate to the VPC console.

    Note: Do not use the VPC Wizard to create your VPC; instead, configure your VPC from scratch and use the VPC Only option.

    Create a new VPC with the following values:

    • VPC Name: HoLVPC
    • IPv4 CIDR block: 10.0.0.0/16
    • IPv6 CIDR block: No IPv6 CIDR block
    • Tenancy: Default Tenancy

    Note: Windows users who will be using PuTTY will need to enable DNS hostnames for the VPC once it has been created.

  2. Challenge

    Create a Public and Private Subnet

    Build two subnets for your VPC. One will be public to allow access from the internet and one will be private. Ensure you are assigning the valid CIDR blocks when creating your subnets.

    Create Public Subnet

    In the VPC console, create a new subnet with the following values:

    • Name: hol-public-a
    • VPC: Use the VPC ID of HoLVPC
    • Availability Zone: us-east-1a
    • IPv4 CIDR Block: 10.0.1.0/24

    Note: Although the name of our subnet is hol-public-a, it is not actually public until the subnet has a route to an internet gateway. We will set this up later on in the lab.

    Create Private Subnet

    In the VPC console, create a new subnet with the following values:

    • Name: hol-private-b
    • VPC: Use the VPC ID of HoLVPC
    • Availability Zone: us-east-1b
    • IPv4 CIDR Block: 10.0.2.0/24

  3. Challenge

    Create Routes and Internet Gateway

    Auto-Assign Public IPv4 Address

    Automatically request a public IPv4 address for instances launched into the public subnet.

    In the VPC console, enable the Auto-assign public IPv4 address feature for the hol-public-a subnet.

    Configure Internet Gateway

    An internet gateway enables communication over the internet.

    In the VPC console, create a new internet gateway with the name hol-VPCIGW and attach the newly created internet gateway to HoLVPC.

    Configure Routing

    • Create a new route table for HoLVPC to tell traffic in the public subnet, hol-public-a, how to get to the Internet. Use the following values:
      • Name Tag: publicRT
      • VPC: HoLVPC
    • Add a new route to the publicRT route table, with the following values:
      • Destination: 0.0.0.0/0
      • Target: Use the ID of the hol-VPCIGW internet gateway

    Associate with Subnets

    In the VPC console, update the publicRT route table so that the hol-public-a subnet is associated with the public route table and will have access to the internet.

  4. Challenge

    Launch EC2 Instances in the Subnets

    Launch an EC2 Instance in the Public Subnet

    • Navigate to the EC2 service.

    • Launch a new EC2 instance with the following configuration and values:

      • Name: hol-pub-instance
      • Amazon Machine Image (AMI): Use the latest Amazon Linux 2 AMI
      • Architecture: 64-bit (x86)
      • Instance Type: t3.micro
      • Key Pair: Create a new key pair called vpcpubhol
      • VPC: Use the VPC ID of HoLVPC
      • Subnet: Use the hol-public-a subnet
      • Auto-assign public IP: enable

    • While creating the EC2 instance, also create a new security group for the instance called holpubSG.

    • Create a new rule for the security group to allow SSH traffic from the HoLVPC network (10.0.0.0/16) and your own IP address.

    • Launch the new public instance and wait a few minutes for the instance to go into a running state.

    Launch an EC2 Instance in the Private Subnet

    In the EC2 console, launch a new EC2 instance with the following configuration and values:

    • Name: hol-priv-instance

    • Amazon Machine Image (AMI): Use the latest Amazon Linux 2 AMI

    • Architecture: 64-bit (x86)

    • Instance Type: t3.micro

    • Key Pair: Create a new key pair called vpcprivhol

    • VPC: Use the VPC ID of HoLVPC

    • Under Security group name, change the name by typing in holprivSG.

    • Under Description - required, type holprivSG.

    • Under Security Group rule 1, set the following fields:

    • Type: Select ssh

    • Source type: Select Custom

    • Source: Type 10.0.0.0/16

    • Subnet: Use the hol-private-b subnet

    • Auto-assign public IP: disabled

    Access Instances

    After the state on both Instances show as Running and have 2/2 status checks, connect to the EC2 instances using the SSH client of your choice and the key pair for the instance.

    Note: You will be able to connect to the public instance using the assigned public IP address, but to connect to the private instance, you will need to copy the vpcprivhol key to the public instance. From the public instance, using the vpcprivhol key, you will be able to SSH into the private instance with the private IP address.

  5. Challenge

    Add a Network ACL

    • In the VPC console, add the following rule to the Network ACL for the HoLVPC VPC:

      • Rule #: 50
      • Type: All Traffic
      • Source: Use your IP address
      • Allow/Deny: DENY

    • Attempt to connect to your public instance using the SSH client of your choice. You should receive an error message.

    • Update the Network ACL for HoLVPC and remove rule #50.

    • Once again, attempt to connect to your public instance using the SSH client of your choice. You should be able to connect successfully now.

A Cloud Guru - Labs - Configuring a Basic VPC in AWS
Author
A Cloud Guru

The Cloud Content team comprises subject matter experts hyper focused on services offered by the leading cloud vendors (AWS, GCP, and Azure), as well as cloud-related technologies such as Linux and DevOps. The team is thrilled to share their knowledge to help you build modern tech solutions from the ground up, secure and optimize your environments, and so much more!

What's a lab?

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Provided environment for hands-on practice

We will provide the credentials and environment necessary for you to practice right within your browser.

Guided walkthrough

Follow along with the author’s guided walkthrough and build something new in your provided environment!

Did you know?

On average, you retain 75% more of your learning if you get time for practice.

Start learning by doing today

View Plans