AWS networking consists of multiple components, and understanding the relationship between the networking components is a key part of understanding the overall functionality and capabilities of AWS. In this hands-on lab, we will create a VPC with an internet gateway, as well as create subnets across multiple Availability Zones.
Learning Objectives
Successfully complete this lab by achieving the following learning objectives:
- Create a VPC
- Create a VPC from scratch (without using the VPC Wizard).
- Set the VPC CIDR to 172.16.0.0/16.
- Create an Internet Gateway, and Connect It to the VPC
Create an internet gateway, and connect it to the VPC.
- Create a Public and Private Subnet in Different Availability Zones
Create a public and private subnet in different Availability Zones using the following IP CIDR addresses:
Public1
subnet inus-east-1a
: 172.16.1.0/24Private1
subnet inus-east-1b
: 172.16.2.0/24
- Create Two Network Access Control Lists (NACLs), and Associate Each with the Proper Subnet
- Create a public NACL with inbound rules allowing HTTP and SSH traffic, as well as an outbound rule allowing traffic on port range 1024-65535.
- Associate the public NACL with the public subnet.
- Create a private NACL with an inbound rule allowing SSH traffic with a source of 172.16.1.0/24, as well as an outbound rule allowing traffic on port range 1024-65535.
- Associate the private NACL with the private subnet.
- For the Public_NACL, let the ephemeral port range in the inbound rule with the destination going to 172.16.2.0/24 and a public outbound port 22 going to 172.16.2.0/24.
- Create Two Route Tables, and Associate Them with the Correct Subnet
- Create two route tables:
- One for the public subnet with an internet gateway route
- One for the private subnet without an internet gateway route
- For the public route table, create a default route to the internet using the 0.0.0.0/0 CIDR notation.
- Create two route tables: