Open in app

Sign in

Write

Sign in

VPC Traffic Flow and Security

Evan Selunani
8 min readSep 17, 2024

--

Hello, beautiful human,
I hope your weekend was wonderful, filled with joy, excitement, and spiritual renewal. I’ve been reflecting on the idea of free will, and it’s something I still find myself pondering often. Do you believe that God truly gave us free will? How would you define it?

I admit, I often get lost in thought about what it really means to have free will. Is it the ability to make choices without limitation, or is it something more complex? A good friend, David Irungu, believes that God has granted us the freedom to choose. I, on the other hand, lean towards the idea that while we have choice, our ‘free will’ is shaped by an all-knowing God who offers us two paths — each with its own set of consequences.

Share your thoughts with me —

Free will is the ability of individuals to make choices that are not determined by prior causes, divine intervention, or external forces. It refers to the power or capacity to act independently, making decisions based on one’s own desires, motivations, and reasoning.

Photo by William Felipe Seccon on Unsplash

Bringing our attention to earthly inventions, today we’ll explore Virtual Private Cloud (VPC) and how to manage traffic within it. In this guide, we’ll cover the following steps:

a) Creating a Route Table
b) Setting up a Security Group
c) Creating a Network ACL (Access Control List)

This article builds on the concepts from our previous guide. To follow along, ensure your VPC is set up. The architecture we’ll be working with is illustrated below…

Courtesy of Draw.io

Looks beautiful — “Ama namna gani my friends”.

Let’s dive in

Create your VPC

The instruction to properly setting up your vpc is here.

Creating A Route Table

Is it true that women are bad at giving directions? Women in the house please confirm in the comments. Has science really proven that? (Lol!) Anyway, unlike human directions, route tables in AWS won’t let your traffic get lost!

A route table in AWS Cloud contains a set of rules, known as routes, that decide where network traffic from your subnet or gateway is sent. Think of it like a GPS. When you need to reach a specific destination, you rely on your GPS to guide you correctly. Similarly, every subnet in your VPC needs to be linked to a route table to direct data where it needs to go.

Each subnet can only use one route table at a time, but multiple subnets can refer to the same route table as their GPS.

N/B: When a subnet’s route table has a route to an internet gateway, it becomes a public subnet, meaning it can communicate with the internet.To allow your subnet to use an internet gateway, its route table must have a route that directs internet-bound traffic to the gateway.

Steps to Set Up Your Route Table:

  1. Route Tables: Go to your VPC dashboard, and in the left navigation pane, select Route Tables. You’ll notice there’s already a default route table created by AWS. When you create your VPC(name vpc), another route table is automatically generated.
  2. Select the first route and click on Routes to view the details:
  • Route 0.0.0.0/0 | igw — directs traffic to the default internet gateway.
  • Route 172.31.0.0/16 | local — manages internal traffic within the VPC. Local means that traffic is routed internally to resources inside the VPC, specifically within the range 172.31.0.0/16.
Route Table DashBoard

When you select the second Route Table for our VPC, you’ll notice that it has a single route allowing traffic within the 10.0.0.0/16 CIDR block to flow inside the network. There’s no route with an internet gateway as the target, meaning traffic cannot leave your VPC.

3. Rename Route Table: To make it easier to recognize, rename your VPC route table (the one with the single route to 10.0.0.0/16).
- Select the pencil icon in the Name column of your route table and enter a new name (e.g., YourName’s Route Table).

4. Routes Tab: Select the Routes tab and click on Edit Route.

5. Add Route: Near the bottom left of the page, choose Add Route to create a new route.

Edit Route Dashboard

6. Destination: Setting the destination to 0.0.0.0/0 means all IPv4 addresses. By configuring 0.0.0.0/0 as the destination in your route table, you’re creating a default route that directs any traffic not covered by more specific routes to this route.

7. Target: Set the target to Internet Gateway.

8. Save Changes: Click Save Changes to apply your updates.

9. Subnet Associations: Navigate to the Subnet Associations tab and under Explicit Subnet Associations, click Edit Subnet.

10. Select: Choose Public 1 from the list.

11. Choose Save Associations: Click Save Associations to finalize the changes.

And that wraps up our discussion on Route Tables. This is a crucial concept to understand and implement correctly in your environment.

Create Security Group

In AWS (Amazon Web Services), a security group functions as a virtual firewall that manages the inbound and outbound traffic to your resources, such as EC2 instances. It lets you set rules that determine which traffic is allowed or blocked. Think of it this way: If VPCs are cities and subnets are neighborhoods, a security group is like a security checkpoint or guard at each building (resource) in that neighborhood (subnet).

N/B — Each resource must be associated with a security group. Security groups don’t attach to a VPC or subnet; they attach directly to specific resources within that VPC/subnet. They control who can enter and leave by enforcing rules based on IP addresses, protocols, and port numbers.

Steps to Set Up Your Security Group

  1. Navigate to Security Groups: Go to your VPC dashboard and scroll down to find Security Groups. You’ll see a default security group created by AWS for each new VPC. This default group allows all traffic between resources within the same VPC, ensuring secure communication without external threats.
  2. Create a New Security Group: — Click on the Create Security Group button at the top right.
  3. Name Your Security Group:
    Security Group Name: Enter a name for your security group (e.g., YourName’s SG).
    Description: Provide a brief description of what your security group allows or denies.

4. Select VPC: — Choose the VPC where you want to apply this security group.

5. Add Rules: — Go to the Inbound Rules tab and click Add Rule.
Type: Select HTTP.
Source: Choose Anywhere IPv4.
— A yellow pop-up may appear, warning that allowing traffic from “0.0.0.0/0” means any IP address can access your resource.

6. Create Security Group:
— At the bottom of the screen, click Create Security Group.

N/B: By default, AWS security groups allow all outbound traffic.

And that’s it! Your Security Group is set up and ready to use.

For our short break I want to share a link on a great speech by Jordan Peterson. In my opinion he is a great psychologist and a researcher of God. — A call to adventure!

Create a NACL (Network Access List)

Great, we’ve got your traffic flow route table and basic security security groups set up for your VPC. To enhance your VPC’s security further, let’s add a Network Access Control List (NACL).

Speaking of security did you buy your watchman a ka chai ? Please do if you haven’t…

A NACL acts as an additional firewall layer at the subnet level, controlling the traffic that enters and leaves your subnets. Think of NACLs as traffic cops at every entry and exit point of your subnet, checking each data packet against a set of rules before allowing it through.

Steps to Set Up Your Network Access Control List

1. Navigate to Network ACLs: — In the left navigation pane of the VPC dashboard, under Security, select Network ACLs.
— You’ll see two default NACLs created by AWS. These defaults allow all traffic until you customize the rules to fit your needs. — In this guide we will create our custom NACL and give it rules that are specific to us.

Network ACLs

2. Create a New Network ACL:
— Click Create Network ACL.
— Name: Enter a name for your NACL (e.g., name_NACL).
— VPC: Choose your VPC.
— Click Create Network ACL.

3. Edit Inbound Rules: — Select the checkbox next to your newly created Network ACL.
— Click on the Inbound Rules tab.
— Click Edit Inbound Rules.
— Click Add New Rule.
Rule Number: Enter 100 (lower numbers are checked first, so starting at 100 leaves room for additional rules).
Type: Select All Traffic.
Source: Enter 0.0.0.0/0.
— Click Save Changes.

Challenge:
Try setting up similar rules for your Network ACL’s outbound traffic.

Steps for Outbound Rules:
1. Select the Outbound Rules tab.
2. Click Edit Outbound Rules.
3. Click Add New Rule.
Rule Number: Enter 100.
Type: Select All Traffic.
Destination: Enter 0.0.0.0/0.
4. Under the Subnet Associations tab, click Edit Subnet Associations.
— Select your Public 1 subnet.
— Click Save Changes.

We’ve successfully set up the core components of our VPC: route tables, security groups, and network ACLs. Here’s a quick recap of what we’ve achieved:

- Route Tables: We configured route tables to manage traffic flow within your VPC, ensuring data is directed appropriately between subnets and gateways.
- Security Groups: We created and customized security groups to act as virtual firewalls, controlling inbound and outbound traffic for your resources.
- Network ACLs: We established Network ACLs to add an extra layer of security at the subnet level, managing traffic that enters and exits your subnets.

With these elements in place, your VPC is now better equipped to handle network traffic securely and efficiently. Understanding and implementing these configurations is crucial for maintaining a robust and secure AWS environment.

And with that I wish you a blessed week filled with God’s Love!

Vpc Traffic Flow
Security
Aws Route Table
Free Will
Aws Nacl

--

--

Evan Selunani
Evan Selunani

Written by Evan Selunani

59 Followers
100 Following

Transforming the world, one keystroke at a time.| Certified AWS Cloud Practitioner.

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams