Build your VPC and Launch a Web Server:

Amazon Virtual Private Cloud (Amazon VPC) assists in enabling AWS resources to be launched into a virtual network that you've defined. Its a logically isolated network system where User can create totaly remote network design from the public Network.

 (AWS,How AmazonVPC Work,2020, https://docs.aws.amazon.com/vpc/latest/userguide/how-it-works.html )

Scenario:

In this lab you build the following infrastructure:

Accessing the AWS Management Console:

1.    Click Start Lab at the top of these instructions to launch your lab.

2.    Click X  to close the start lab panel after the message "Lab status: ready"

3.    At the top of these instructions, click AWS.

4.    The AWS Management Console will be opened in a new browser tab and will log you in automatically.

Task 1: Create Your VPC:

A virtual private cloud (VPC) is a virtual network that is solely dedicated to your AWS account, where you can launch your AWS resources and  specify an IP address range, add subnets, associate security groups, and configure route tables.

5. On the Services menu of the AWS Management Console, click VPC.

6. Click on the Launch VPC Wizard.

7. Click VPC with Public and Private Subnets In the left navigation panel,

(the second option).

Click select then configure:

·       VPC name: Lab VPC

·       Availability Zone: Select the first Availability Zone

·       Public subnet name: Public Subnet 1

·       Availability Zone: Select the first Availability Zone (the same as used above)

·       Private subnet name: Private Subnet 1

·       Elastic IP Allocation ID: Click in the box and select the displayed IP address

8. Click on Create VPC:

9. Click on Create VPC:

Task 2: Create Additional Subnets:

When creating a VPC, a range of IPv4 addresses  should be specified for the VPC in the form of a Classless Inter-Domain Routing (CIDR) block.

When creating a subnet, the CIDR block should be specified for the subnet, which is a subset of the VPC CIDR block. Each subnet must reside entirely within one Availability Zone and cannot span zones. 

(AWS,VPCs and Subnets,2020, https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html )

10. Click Subnets on the left navigation pannel

Initially, you will create a second Public Subnet.

511.   Click Create subnet and configure:

·       Name tag: Public Subnet 2

·       VPC: Lab VPC

·       Availability Zone: Select the second Availability Zone

·       IPv4 CIDR block: 10.0.2.0/24

12. Now to create a second Private Subnet.

·       Name tag: Private Subnet 2

·       VPC: Lab VPC

·       Availability Zone: Select the second Availability Zone

·       CIDR block: 10.0.3.0/24

Configuring a Route table:

How route table works:

Each subnet in the VPC must be linked with a Route table which is used to control the direction of the network traffic, VPC has an implicit router. A subnet can be associated with a route table if not it would be implicitly associated with the main route table. The same route table can be used to associate multiple subnets but a subnet cannot be associated with many route tables. The number of route tables that can be created per VPC are limited and also the number of routes per route table are limited as well.

Main Route Table:

When a VPC is crested, it will have a main route will control the routing of all subnets which are explicitly associated with any other route table.

Custom Route Tables:

A custom route table is empty by default. When you create a VPC the VPC wizard also creates a custom route table and adds a route to the internet gateway, it is recommended to leave the main route table in its original state and explicitly associate new subnets with custom route tables you create

Subnet Route Table Association:

Each and every subnet must be either implicitly or explicitly associated with the main route table or explicitly associated with the custom route table.

Gateway Route Tables

A route table can be associated with an internet gateway or a virtual private gateway  and is called  a gateway route table.

Route Priority:

In order to determine as to how to route the traffic, the most specific route in your route table that matches the traffic is used.

 (AWS,Route Tabels, 2020, https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html )

In order for the resources in the Private Subnet to connect the Internet while keeping the resources private , the private subnets need to be configured to route internet-bound traffic to the NAT. 

13. Click Route table  ->  create Route Table

 14. Select  the route table with Main = Yes and VPC = Lab VPC:

Note That Destination 0.0.0.0/0 is set to Target nat-xxxxxxxx. This means that traffic destined for the internet (0.0.0.0/0) will be sent to the NAT Gateway. The NAT Gateway will then forward the traffic to the internet.

A name can be added to the Route Table for ease of future reference.

15. Click the pencil icon  available in in the Name column for this route table and type Private Route table and  then click the right mark.

16. Click Edit Subnet Associations.

17. Next both Private Subnet 1 and Private Subnet 2 need to be selected:

18. Click Save.

19. Click the pencil icon  available in in the Name column for this route table and type Public Route table and  then click the right mark.

20. Click Edit Subnet Associations.

21. Next both Public Subnet 1 and Public Subnet 2 need to be selected.

22. Click Save.

Task 3: Create a VPC Security Group:

A security group acts at the instance level and not subnet level and acts as a virtual firewall for your instance to control inbound and outbound traffic. You can assign up to five security groups to the instance when it’s launched.

( AWS,Security Groups for your VPC, 2020,https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html )

23. Click Security Groups in the left of the navigation panel.

24. Click create security group.

25. Configure: 

• Security group name: Web Security Group
• Description: Enable HTTP access
• VPC: Lab VPC

26. Click create -> Close 

27. Select  Web Security Group and  then select Inbound Group -> Edit Rules.

28. Add Rules and configure:

• Type: HTTP
• Source: Anywhere
• Description: Permit web requests

29. And click save rules. 

This security group will be used in the next task when launching an Amazon EC2 instance.

Task 4: Launch a Web Server Instance:

You will launch an Amazon EC2 instance into the new VPC and configure the instance to act as a web server.

30. Click EC2 on the service menu.

31. Click Launch Instance:

32. To select a desired Operating system select an Amazon Machine Image (AMI).

33. Select t2.micro (shown in the Type column) and click configure instance Details: 

34. Now configure the instance in order to launch in a Public Subnet of the new VPC.

• Network: Lab VPC.
• Subnet: Public Subnet 2 (not Private!).
• Auto-assign Public IP: Enable.

35. At the bottom of the page Expand the  Advanced Details section

36. This code needs to be Copied and pasted into the User data box:

When the instance is run for the first time this script will run automatically and will load and configure as a PHP web appllication.

37. Click Add Storage.

38. Click add tag then configure

• Key: Name
• Value: Web Server 1

Configure the instance to use the Web Security Group that had been created earlier.

39. Click on  Select an existing security group.

40. Then select  Web Security Group.

41. Click Review and Launch. 

This is the security group that was created in the previous task and It permits HTTP access to the instance.

When you get a warning sign that you will not be able to connect to the instance through port 22.

42. Click Continue.

43. Click launch after reviewing the instance information :

44. Click on I acknowledge in the Select an existing keypair dialog and click launch instances

45. Copy the Public DNS (IPv4) value shown in the Description tab at the bottom of the page.

46. Paste the Public DNS value in a newly opened web browser tab and press Enter.

A web page displaying the AWS logo and instance meta-data values will be seen.