Here is a simple use case for creating Custom VPC
Create a VPC (AP-SOUTH-PROD-1 – 192.168.0.0/16) with separate secure environments for hosting the web servers and database servers
Only the web server environment(AP-SOUTH-PROD-WEB-192.168.1.0/24)should have direct Internet access.
The database server environment (AP-SOUTH-PROD-DB – 192.168.2.0/24) should be isolated from any direct access from the outside world.
The database servers can have restricted Internet access only through a jump server(NAT Instance).The jump server needs to be apart of the web server environment.
You can follow the simple wizard, but to understand the flow clearly am going to create and configure each and every option manually. Here is the steps am going to perform.
Creating a Custom VPC
Creating Subnets under Custom VPC
Creating IGW and associating with VPC
Creating a Route table and performing subnet association
Launching instance in Public subnet and private subnet
As mentioned in above image,am creating a VPC with Custom VPC name and selecting CIDR block in Class CIP address range 168.0.0/16(provide a/16 subnet will provide us 65,531 IP addresses to use)and selecting tenancy as Default.
STEP 2: Creating a subnets under custom VPC (One public and one private subnets)
Navigating to Subnets option and selecting“Creating Subnet”and giving name as“Public Subnet”where I want to deploy my Internet Facing instances.
Creating this Subnet under Custom VPC,Select that option and select the ap-south-1a Availability Zone,Given a CIDR block as 192.168.1.0/24(all instances launched under ap- south-1a will get the same range Private IP addresses and we’ll get 251 usable IP addresses) and click on Create.Remember again,one subnet is equal to one AZ
Now creating another subnet and naming it as“Private Subnet”and want to deploy the instance which doesn’t required internet faced.
Creating this subnet under Custom VPC,and named as“Private Subnet”then provided CIDR as192.168.2.0/24 and selecting Avaiablility Zone as ap-south-1b and click on Create option.
This is how exactly subnet dashboard looks like now.
STEP 3: Creating an Internet gateway and Associating with Custom VPC
Navigate to internet Gateways from Navigation pane and Select“Create Internet gateway”option and provide a name for Internet Gateway.
And select the“Attach to VPC”option and select the Custom VPC and click on“Yes, Attach”option.
This is how the IGW dashboard looks like after attaching it to custom VPC.Remember: One Internet gateway can be attached with only one VPC.
STEP 4: Creating Route Table and Performing Subnet association.
Till now we have created a Custom VPC,Private and Public subnets,Created internet gateway and associated that to our custom VPC. Now we need to allow the traffic to our newly created subnets through the internet gateway,for that we are going to create a Route Table.
Select“Create RouteTable”option and give a name tag and select the Custom VPC and click on“Yes,Create”
Newly created route is not enabled with any of the public routes through IGW,Select the newly created route table to choose Route option to verify this.
Now we have to add a route by selecting edit option and select“Add an other Route” option and enter 0.0.0/0 and when you click on Target automatically internet gateway will populate,choose the populated IGW and click on save.
Then select the“Subnet Association”ad click on“Edit”option and select the“Public Subnet”and click on save
That’s it our custom VPC is ready to deploy the resources. But we have one additional option.
STEP 5: Enabling Auto-assign IP Settings for Public Subnet (Optional Step).
You can enable auto assign public IP address option for Public Subnet instances,by editing the subnet settings.Navigate to Subnets dashboard and select the“Public Subnet”and choose the “Subnet Actions”and choose“Modify auto-assign IP settings”,select the check box and click on save
Now we will get public IP address for every instance when we are launching it under public subnet,we no need to select the option in instance launch wizard.
More Information :https://www.fgrade.com/aws/