Launching VPC Resources
Do You Believe in Rebirth?
Before diving into our guide, let’s start with a brief story. Reincarnation is the belief that after death, the soul or consciousness is reborn into a new body. While this idea is central to many religions like Hinduism, Buddhism, and Jainism, my own faith presents a different understanding. In Christianity, rebirth refers not to a physical reincarnation but to a spiritual transformation — being “born again” through faith in Jesus Christ. This spiritual rebirth marks a profound change, a renewal of the soul, not a repeated cycle of life and death.
Have you experienced this yet ?
There is no light in your room. We removed your clothes and cleaned your room. Grandson to Mzee Shikoli took your clothes — He liked the black shoes more. I went through your belongings, we found cool photos of us and you together. It is sad. Home is cold without you around, and Dad keeps saying I look like Uncle Mwami. Any ways I miss you my brother. I’m sorry I didn’t get the time to pay more attention to you while you were here with us. I have so many questions though I know — tutapiga story (we will talk) when we meet.
This week, we’re excited to launch our resources in our VPC — something we’ve all been anticipating! It feels incredible to see our work come to life, though we’ll need a bit more patience before we can fully test and interact with our servers. Additionally, we’ll explore new ways to streamline the VPC launch process, focusing on an option we’ve often overlooked during resource deployment.
In today’s guide, we will build our VPC, subnets, route tables, and network configurations using a relatively new feature added to AWS: the VPC and More feature introduced in February 2023! Cool, right?
Our steps will be as follows:
1. Create a VPC using Amazon VPC’s Wizard.
2. Launch an EC2 instance in your public subnet.
3. Launch an EC2 instance in your private subnet.
The diagram below is what we are going to build.
I find a calming satisfaction in sketching virtual architecture diagrams — it’s like piecing together a puzzle, with the soothing reassurance that everything is falling into place exactly as you envisioned.
Create VPCs using Amazon VPC’s Wizard
The Amazon VPC Wizard is a tool within the Amazon Virtual Private Cloud (VPC) service that simplifies the creation and configuration of VPCs (virtual private networks) in AWS. It allows users to quickly set up VPCs without the need to manually configure individual components. The wizard provides predefined templates and guided steps, making it easy to launch a VPC tailored to your specific requirements.
The wizard automatically creates essential components of the VPC, including:
- Subnets (both public and private)
- Internet Gateways for public subnets
- Route Tables
- Network ACLs
- Security Groups
- Optionally, a Virtual Private Gateway for VPN connections
Steps to Set Up Your VPC Using Amazon VPC Wizard:
- Navigate to Your VPC Console: From the left-hand navigation bar, select Your VPCs.
- Select Create VPC: Instead of creating a VPC only, choose VPC and More. A visual flow diagram will appear, showing additional VPC resources — this is called a VPC Resource Map!
The VPC Resource Map
The VPC Resource Map offers a high-level overview of your VPC’s architectural layout. It provides details such as the number of subnets, which subnets are associated with specific route tables, and which route tables have routes to the internet gateway. These resource maps help you understand how different components in your setup are connected and interact with each other, making it easier to design, manage, and troubleshoot your architecture at a glance.
3. Name Tag Auto-Generation
On the left side of your screen, under Name Tag Auto-Generation, enter a name (e.g., Batman).
N/B: The name you enter will automatically tag all your VPC resources.
4. CIDR Block
For our VPC, the CIDR block is pre-selected as `10.0.0.0/16`.
N/B VPCs can have overlapping CIDR blocks since they are isolated within AWS.
- IPv6 CIDR Block: Leave the default option of No IPv6 CIDR block.
- Tenancy: Keep the default selection of Default Tenancy.
N/B: Tenancy in AWS refers to the hardware your instances run on. The two options are:
— Default: Your instances share hardware with other AWS customers, making it cost-effective.
— Dedicated: Your instances run on hardware that is dedicated exclusively to you.
5. Availability Zones
AWS recommends using at least two Availability Zones to ensure high availability and redundancy (having backups in different locations). However, for this guide, we will use only one Availability Zone.
N/B: You can customize which Availability Zones you’d like to use for your VPC.
6. Public Subnets
The number of Availability Zones (AZs) in an AWS region affects how many subnets the Amazon VPC Wizard offers, as each subnet must reside in a single AZ. This setup ensures high availability, fault tolerance, and redundancy across the VPC.
- For our architecture, select 1 Public Subnet.
7. Private Subnets
For this setup, we will use 1 Private Subnet, though the range can be from 0–2.
8. Customize CIDR Blocks
- For the Public Subnet, assign `10.0.0.0/24`.
- For the Private Subnet, assign `10.0.1.0/24`.
9. Route Tables
- In a VPC, public subnets typically share a single route table, as they all need to route traffic to the internet via the same internet gateway. This simplifies management because all public subnets follow the same internet access rules.
- Private subnets often have their own route tables to allow for precise traffic routing and security customization for each subnet.
10. NAT Gateways
NAT Gateways are an AWS-managed service that enables instances in a private subnet to connect to the internet or other AWS services, while preventing the internet from directly accessing those instances. They translate private IP addresses from the instances to public IP addresses, allowing outbound communication while maintaining the internal network’s privacy.
— For this guide, we will not require NAT Gateways, so leave it as None.
11. VPC Endpoints
VPC Endpoints allow your VPC to privately connect to AWS services without using the public internet. For instance, the S3 Gateway Endpoint can create a private connection between your VPC and S3.
— In this setup, we won’t require VPC Endpoints, so leave it as None.
12. DNS Options
Leave the default DNS options enabled:
— DNS Hostnames: This option allows your EC2 instances to have human-readable names (e.g., batman.compute-1.amazonaws.com) instead of numeric IP addresses. This simplifies connecting to and identifying your instances.
— DNS Resolution: This option allows AWS to automatically translate the hostnames into their corresponding IP addresses, ensuring that network requests are routed to the correct instance.
13. Create VPC
Once everything is set, click Create VPC. Navigate to your VPC dashboard and go to the Resource Map Dashboard, where you’ll be able to view your VPC architecture!
I know this guide might seem lengthy with all the steps, but trust me — it takes less than 2 minutes to set up your VPC and its components, and you’ll be up and running before you know it!
For our short break, i’d like to share a talk by Alan Watts. His words always leave me reflecting on the deeper questions of life.
Launch an EC2 Instance in Your Public Subnet
EC2 (Elastic Compute Cloud) instances are virtual servers provided by Amazon Web Services (AWS) that allow you to run applications and workloads in the cloud. These instances are scalable, so you can easily adjust their computing power based on your needs.
Steps to Launch an EC2 Instance:
1. Navigate to EC2 Dashboard:
— Search for “EC2” on the AWS Management Console dashboard.
— On the EC2 Dashboard, click Instances in the left menu, then select Launch Instance from the top right corner.
— Name the instance: Batman Public Server.
2. Select Amazon Machine Image (AMI):
— Choose Amazon Linux 2023 AMI for this instance.
3. Instance Type:
— Select t2.micro, which is within the AWS Free Tier and sufficient for testing.
4. Key Pair (Login):
— In the Key pair (login) section, select Create new key pair.
— Name the key pair: Batmankp.
N/B — Key pairs enable secure access to your EC2 instances. A key pair consists of two cryptographic keys: a public key (installed on the instance) and a private key (kept by the user). When you attempt to connect to the instance, the server uses the public key to generate an encrypted challenge, which can only be decrypted by the private key. This ensures secure, authenticated access.
5. Key Pair Type:
— Choose RSA (Rivest-Shamir-Adleman) as the key pair type.
N/B — RSA is a widely-used cryptographic algorithm known for its strength and security. It’s commonly used for generating digital signatures and encrypting data.
6. Network Settings Panel:
— At the Network settings panel, click Edit at the right-hand corner.
7. Select VPC:
— From the drop-down list, select Batman VPC.
8. Select Public Subnet:
— Choose your public subnet.
9. Configure Firewall (Security Groups):
— Under Firewall (security groups), select Create a new security group**.
— Check the box labeled Allow HTTP traffic from the internet
10. Launch Instance:
— Once all the settings are configured (VPC, subnet, security group, etc.), review your choices and click Launch Instance at the bottom of the page.
Launch an EC2 instance in your private subnet.
Quick test — try launching your private EC2 in your private subnet.
If you get stuck follow the below steps.
Steps to Launch an EC2 Instance in Your Private Subnet (with connection to the public security group):
- Navigate to EC2 Dashboard
— Search for EC2 on the AWS Management Console dashboard.
— On the EC2 Dashboard, click Instances in the left menu, then select Launch Instance from the top-right corner.
— Name the instance: Batman Private Server. - Select Amazon Machine Image (AMI):
— Choose Amazon Linux 2023 AMI for this instance. - Instance Type:
— Select t2.micro. - Key Pair (Login):
— Use the same key pair from the public instance setup by selecting Batmankp. - Network Settings:
— Click Edit in the Network settings panel. - Select VPC:
— From the drop-down list, select Batman VPC. - Select Private Subnet:
— Choose your private subnet. - Configure Firewall (Security Groups):
— Click on the Create security group button.
— Security group name: Enter a name like Batman Private SG.
— Description: Write a description, such as Security group for private instance allowing traffic from public SG and SSH access.”
— VPC: From the drop-down menu, select Batman VPC. - Add Inbound Rules:
— Click on Add rule to define traffic rules.
— Rule 1 (Allow Traffic from Public Security Group):
— Type: Choose All traffic (or a specific type if preferred, like HTTP).
— Source: Select Custom and then choose your public security group (e.g., Batman Public SG). This allows your private instance to receive traffic from the public instance.
— Rule 2 (Allow SSH Access):
— Click Add rule again.
— Type: Select SSH from the list.
— Source: You can choose My IP to allow SSH access only from your current IP address, which is more secure. Alternatively, choose Anywhere(0.0.0.0/0) if you need broader access, but this is less secure. - Review and Create:
— Double-check your settings to ensure everything is correct.
— Click the Create security group button to finalize. - Launch EC2 Instance : Click on Launch
And there you have it guys! we’ve just launched a fully functioning VPC with both public and private subnets, and now you’re well on your way to mastering cloud networking like a pro. It’s kind of like building your very own digital Batcave, complete with secret tunnels (aka private subnets) and well-guarded entrances (security groups, of course).
In Batman’s voice: Enjoy your week… and stay sharp. There’s always more to do.
