Launching an EC2 instance in a Custom Virtual Private Cloud (VPC)

Get Started
45 minutes
  • 5 Learning Objectives

About this Hands-on Lab

In this lab scenario, you’re planning to launch a simple static website using an EC2 instance on AWS. During this lab, you’ll have the opportunity to explore and understand foundational and compute services provided by AWS. We will create a custom virtual private cloud (VPC), subnets across multiple availability zones (AZs), routes and an internet gateway, as well as adding a security group. These services are the foundation of networking architecture inside of AWS and cover concepts such as infrastructure, design, routing, and security.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Create Custom VPC

Create a VPC

Navigate to the VPC console.

Note: Do not use the VPC Wizard to create your VPC; instead, configure your VPC from scratch.

  1. Select Your VPCs.
  2. Click Create VPC, and set the following values:
    • HoLVPC
    • 10.0.0.0/16
    • No IPv6 CIDR block
    • Default Tenancy
  3. Click Create.
Create Public and Private Subnets

Create Subnets

Build two subnets for your VPC. One will be public to allow access from the Internet and one will be private. Ensure you are assignibg the valid CIDR blocks when creating your subnets.

Create Public Subnet
  1. Select Subnets.
  2. Click Create subnet.
  3. Enter the following values in order for Name, VPC, Availability Zone, and IPv4 CIDR Block.
    • sn-public-a, HoLVPC, us-east-1a, 10.0.1.0/24

Note: Although the name of our subnet is hol-public-a, it is not actually public just yet. By definition a public subnet must have an Internet Gateway. In the next tasks, we will add an Internet Gateway so that instances in this newly created public subnet can access the Internet.

Create Private Subnet
  1. Click Create subnet.
  2. Enter the following values in order for Name, VPC, Availability Zone, and IPv4 CIDR Block.
    • sn-private-b, HoLVPC, us-east-1b, 10.0.2.0/24

Note: By default, all subnets are private. If there is no route to the Internet via an Internet Gateway, instances running in the subnet can only be reached by other instances in the VPC.

Create Routes and Internet Gateway

Auto-assign public IPv4 address

Automatically request a public IPv4 address for instances launched into the public subnet.

  1. Select Subnets.
  2. Select sn-public-a, Actions, and Modify auto-assign IP settings.
  3. Enable Enable auto-assign public IPv4 address.

Configure Internet Gateway

An internet gateway enables communication over the Internet.

  1. Select Internet Gateways, and click Create internet gateway.
  2. Set the name tag as hol-VPCIGW, and click Create internet gateway.
  3. Select the newly created IGW, click Actions and then Attach to VPC.
  4. Select HoLVPC and click Attach internet gateway.

Configure Routing

Create a new route table for HoLVPC to tell traffic in the public subnet, sn-public-a, how to get to the Internet.

Note: You may notice there is already a default route table created for you associated with your main network. This route allows traffic from the 10.0.0.0/16 network to pass to other nodes within the network, but it does not allow traffic to go outside of the network, such as, to the public Internet. Each VPC you create by default is associated with this main route table; therefore, the main route table shouldn’t allow traffic out to the public Internet so we’ll create a new one specifically for public Internet traffic.

  1. Click Route Tables.
  2. Click Create route table.
  3. Set the name tag as publicRT and the VPC as HoLVPC.
  4. Click Create.
  5. Click Close.
  6. Select your newly created route table.
  7. Click Routes tab.
  8. Click Edit routes, and Add route.
  9. Set the destination as 0.0.0.0/0, target as Internet Gateway, and select hol-VPCIGW.
  10. Click Save routes.
  11. Click Close.

Associate with Subnets

  1. Select publicRT, and click the Subnet Associations tab.
  2. Click Edit subnet associations.
  3. Select sn-public-a.
  4. Click Save.

Great, now our public subnet will allow traffic within it to access the public Internet.

Launch Instances in Subnet

Launch EC2 Instance in Public Subnet

  1. Navigate to the EC2 Dashboard
  2. Select Instances
  3. Select Launch instances
  4. Choose Amazon Linux 2, check 64-bit (x86), and click Select.
  5. Choose t2.micro, and click Next: Configure Instance Details.
  6. Leave all as defaults, except set the subnet to sn-public-a and make sure Auto-assign Public IP is Use subnet setting (Enable).
  7. Click Next: Add Storage.
  8. Click Next: Add Tags.
  9. Click Next: Configure Security Group.
  10. For security group, create a new one with the name and description holpubSG.
  11. Click Review and Launch.
  12. Click Launch, select to Create a new key pair, call it vpcpubhol, and click Download Key Pair.
  13. Click Launch Instances and then View Instances.

Launch EC2 Instance in Private Subnet

  1. Navigate to the EC2 Dashboard
  2. Select Instances
  3. Select Launch instances
  4. Choose Amazon Linux 2, check 64-bit (x86), and click Select.
  5. Choose t2.micro, and click Next: Configure Instance Details.
  6. Leave all as defaults, except set the subnet to sn-private-b and make sure Auto-assign Public IP is Use subnet setting (Enable).
  7. Click Next: Add Storage.
  8. Click Next: Add Tags.
  9. Click Next: Configure Security Group.
  10. For security group, create a new one with the name and description holprivSG.
  11. Click Review and Launch.
  12. Click Launch, select to Create a new key pair, call it vpcprivhol, and click Download Key Pair.
  13. Click Launch Instances and then View Instances.
Access Instance

Access Instances

After the state on both Instances show as Running and has 2/2 status checks continue with these steps. You may have to refresh the screen to see the udpated status.

SSH to Public Instance

You will connect to your newly created instance via SSH. SSH (Secure Shell) enables two computers to communicate. Let’s try to SSH into the public EC2 instance using it’s public IP.

  1. Right click on the instance running in the public subnet.

  2. Click Connect, select the SSH client tab, and copy the connection command.

  3. Open your SSH client

  4. Locate your private key file, vpcpubhol.pem, that you downloaded. This key file is used to launch this instance.

  5. Run this command chmod 400 vpchol.pem, if necessary, to ensure your key is not publicly viewable.

    • Linux/macOS users will need to run a chmod 400 vpclab.pem command first to avoid errors.
    • Windows users can connect using this as a guide.
  6. Connect using the copied connection string.

  7. Answer yes to any prompts.

You should be able to connect with no problems.

SSH to private instance

Now, that we are inside the public instance we should be able to SSH to the private instance since by default instances within the same VPC can communicate with each other.

Go to your SSH client and from the same tab that is logged into instance 1:

  1. Create a private key as that will be used for the SSH connection. Type vi vpcprivhol.pem to open VIM and create a new blank .pem file. Press i to enter insert mode of VIM.
  2. Copy the contents of your downloaded vpcprivhol.pem to the new .pem file. You can open the downloaded file using your favorite text editor and you can paste in the terminal using Command + V on Mac and Ctrl + Shift + V on Linux.
  3. Press Escape key to exit the insert mode and type :wq to save the file and quit
  4. Run this command chmod 400 vpcprivhol.pem, if necessary, to ensure your key is not publicly viewable.
  5. Type the necessary command to SSH to your instance (using the same steps as before) and answer yes to any prompts.
  6. Wrap up by closing the connection to your public instance.

Success! You’re able to SSH to the private instance.

Additional Resources

Log in to the live AWS environment using the provided credentials. Make sure you are in us-east-1 when you work in this environment.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Get Started
Who’s going to be learning?

How many seats do you need?

  • $499 USD per seat per year
  • Billed Annually
  • Renews in 12 months

Ready to accelerate learning?

For over 25 licenses, a member of our sales team will walk you through a custom tailored solution for your business.


$2,495.00

Checkout
Sign In
Welcome Back!
Thanks for reaching out!

You’ll hear from us shortly. In the meantime, why not check out what our customers have to say about ACG?