Creating a Private Subnet
Jambo It’s pouring where I am — how’s the weather on your end? I hope your week is going smoothly. Before we dive into today’s guide, I want to pick your beautiful mind a bit.
I love philosophy, and during my evening walks, I often reflect on life, especially what it means to be a child under God’s care. I grew up in a Christian home, and my mother is like a beacon of faith. Her devotion to Christianity constantly amazes me, and her strong belief in God is truly inspiring.
As someone still navigating life and faith, I often wonder how I can reach such a deep level of trust and belief in God.
Jesus said, “Truly I tell you, if anyone says to this mountain, ‘Go, throw yourself into the sea,’ and does not doubt in their heart but believes that what they say will happen, it will be done for them.” (Mark 11:23). I’m trying to grow my faith, but getting closer to God feels both exciting and a little scary at the same time.
How about you? Are you moving closer in your faith?
Anyway, let me not wander off too much!
Today, we’ll focus on creating a private subnet within our VPC. This guide builds on concepts covered in previous articles, so if you haven’t set up your VPC yet, I recommend reviewing those first. Below is an overview of the architecture we’ve established in the earlier steps.
In this guide, we’ll cover the following steps:
- Create a private subnet.
- Create a private route table.
- Create a private network ACL
I enjoy drawing these diagrams, it makes me understand what I am doing. I look at the diagram and implement it directly.
Let’s Dive in!
Create a private subnet.
In AWS a private subnet that is not directly accessible from the internet. It is typically used to host resources, such as databases, application servers, or back-end services, that do not need to be publicly accessible. The steps to create a private subnet is similar as the one to create a public subnet, but without an internet route.
Steps to setup your private subnet
- Navigate to Subnets: Go to the VPC dashboard and select Subnets.
- Create Subnet: Click Create subnet.
— VPC ID: Choose your previously created VPC.
— Name: Enter a name like “Private 1”.
— Availability Zone: Select the second AZ from the dropdown (not the first one!).
— VPC CIDR block: This is pre-set to `10.0.0.0/16`.
Question — what do you think the IPv4 subnet CIDR block will be ? What will happen if this new subnet has the exact same CIDR block as your Public subnet?
3. Subnet CIDR Block: You’ll need to specify a CIDR block for your new subnet. If we set the cidr block for the subnet as 10.0.0.0/24 we get an error — (the cidr block overlaps with existing subnet)
— To avoid overlap, use `10.0.1.0/24` for this private subnet.
4. Create Subnet: Click Create subnet to finalize.
We have created our private subnet! Now let’s move to the next step.
Create a private route table
A private subnet needs to be associated with a route table, just like a public subnet. The route table directs network traffic, similar to a GPS guiding you to your destination. As stated in our previous article — A route table in AWS Cloud contains a set of rules, known as routes, that decide where network traffic from your subnet or gateway is sent. Think of it like a GPS. When you need to reach a specific destination, you rely on your GPS to guide you correctly. Similarly, every subnet in your VPC needs to be linked to a route table to direct data where it needs to go.
Each subnet can only use one route table at a time, but multiple subnets can refer to the same route table as their GPS.
N/B: When a subnet’s route table has a route to an internet gateway, it becomes a public subnet, meaning it can communicate with the internet.To allow your subnet to use an internet gateway, its route table must have a route that directs internet-bound traffic to the gateway.
Steps to Set Up Your Route Table:
1. Navigate to Route Tables: In the VPC dashboard, select Route Tables from the left navigation pane. AWS automatically creates a default route table, but you’ll need to create a new one.
2. Create Route Table: Click Create route table.
— Name: Enter a name like Private Rt.
— VPC: Select your VPC.
— Click Create route table.
3. Associate Route Table: Select your new route table (Private Rt).
— Go to the Routes tab and ensure it only has a default route with a local target.
— Switch to the Subnet associations tab.
— Click Edit subnet associations.
— Select the checkbox next to your private subnet.
— Click Save associations.
During our short break today, I want to highlight one of my favorite artists — Nyashinski! His song reflects themes of confidence, skill, and success. I’m drawing inspiration from his energy to deliver top-tier articles for you all!
Create a private Network ACL
This will be our last stop for today. — As stated in our previous article a NACL acts as an additional firewall layer at the subnet level, controlling the traffic that enters and leaves your subnets. Think of NACLs as traffic cops at every entry and exit point of your subnet, checking each data packet against a set of rules before allowing it through.
- Navigate to Network ACLs: In the VPC dashboard, under Security, select Network ACLs.
2. Create New Network ACL: Click Create Network ACL.
— Name: Enter a name (e.g., Private_NACL).
— VPC: Choose your VPC.
— Click Create Network ACL.
3. Configure Rules: Check the Inbound rules and Outbound rules tabs. By default, custom NACLs deny all inbound and outbound traffic.
N/B We’ll customize these rules later based on our needs and depending on what you want to achieve.
4. Associate NACL with Subnet: Go to the Subnet Associations tab.
— Click Edit Subnet Associations.
— Select your private subnet.
— Click Save Changes.
And that’s a wrap on creating your private subnet! We’ve just leveled up our AWS game by setting up a secure, private space within our VPC.
Stay tuned as we continue to explore more advanced AWS topics and refine your cloud skills. With each guide, we are getting closer to becoming an AWS Pro!
Happy networking, and see you in the next article!
