Harshit's Blogs
How to create a VPC in AWS

How to create a VPC in AWS

with Public and Private subnet connected through Internet Gateway

Harshit Sahu's photo
Harshit Sahu
ยท

2 min read

Creating a VPC with Public and Private Subnets Connected to an Internet Gateway on AWS

When designing a cloud infrastructure, proper network segmentation within a Virtual Private Cloud (VPC) is essential for security and performance. Here's a simple guide on setting up a VPC with public and private subnets, enabling secure communication across AWS services.

๐Ÿš€ Steps to Set Up Your VPC:

Create the VPC:

Start by creating a VPC with a CIDR block, e.g., 10.0.0.0/16. This block will serve as the foundation for the private and public subnets.

Set Up Subnets:

Public Subnet: This subnet is connected to the Internet via an Internet Gateway (IGW). Assign a CIDR block, e.g., 10.0.0.0/24, and enable public IP addresses for resources such as web servers.

Private Subnet: This subnet will have no direct access to the Internet. It can be assigned a CIDR block, e.g., 10.0.1.0/24, and will host sensitive resources like databases.

In the above Subnet dashboard, the three default Subnet are the three different subnet of three availability zone of the tokyo regions.

Create and Attach an Internet Gateway:

Create an Internet Gateway and attach it to the VPC to allow traffic from the public subnet to flow in and out.

Route Table Configuration:

Public Subnet Route Table: Associate this subnet with a route table that directs traffic destined for the Internet (0.0.0.0/0) through the Internet Gateway.

Private Subnet Route Table: Direct traffic from private instances through a NAT Gateway or NAT instance placed in the public subnet, ensuring secure Internet access for updates and outbound communication.

Security Groups and NACLs:

Set up security groups and Network Access Control Lists (NACLs) to control inbound and outbound traffic for instances in both public and private subnets.

Testing:

Deploy web servers in the public subnet, and database servers in the private subnet. Verify that the web servers are accessible from the Internet, and that the private subnet can access the web via the NAT Gateway.

๐Ÿ’ก Pro Tip: Always use a NAT Gateway to provide secure outbound Internet access for instances in private subnets, while keeping them inaccessible from the outside world.

This architecture ensures that your public-facing services have the necessary connectivity, while sensitive backend services remain protected.

In my next blog I will tell you how to peer to subnet in same region as well as in different regions also. So, Don't forget to subscribe my newsletter to get notified.

vpcAWSsubnet
ย