Day 1 - VPC Zero to Hero | AWS VPC | Hands-on | Certification Tips

Day 1 - VPC Zero to Hero | AWS VPC | Hands-on | Certification Tips

Day 1 - VPC Zero to Hero | AWS VPC | Hands-on | Certification Tips

Day 1 - VPC Zero to Hero | AWS VPC | Hands-on | Certification Tips


Day 1 - 
 
Today we are discussing a complete end to end AWS VPC (Virtual Private Cloud) in our 100DayOfRandomLearning series. 

Networking is an important part of any infrastructure because the security of the system truly depends on the company's current network configuration. In order to maintain the configuration up to date, one needs to invest in heavy hardware ( such as a router, firewall, gateways, and many more). However, to achieve this much network setup company must invest a huge amount of operational cost. 

In order to avoid any further operational cost, nowadays the company migrate into the cloud - where they can use on-demand instances, reserved instances, and many other services at a cheaper rate. 
But the main question arises how to achieve secure infrastructure in the cloud -where thousands millions of company using AWS Services every second then how to achieve isolated infrastructure -
The answer is AWS VPC ( Virtual Private Cloud )

Amazon Virtual Private Cloud (Amazon VPC) lets you provision a
a logically isolated section of the AWS Cloud where you can launch
AWS resources in a virtual network that you define.


Table of Contents
  • VPC - Introduction
  • Default vs Non-Default
  • IP Address and CIDR
  • Subnet (Public and Private)
  • Elastic IP (EIP)
  • Internet Gateway
  • Route Table
  • Nat Device - ( Instance vs Gateway )
  • NACL
  • Virtual Private Gateway

Bonus - Contents

  • VPC Hands-on
  • VPC Peering
  • Real Life VPC Implementation
  • AWS Certification Preparation Guide
  • AWS Certification CheatSheet
  • AWS Study Material

 

VPC - Introduction 

Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define.

Features of VPC:

  1. VPC – Virtual private cloud
  2. Provides Isolated Network
  3. Can create secure networks using subnets
  4. Acts as a virtual datacenter
  5. Resources can be launched within VPC

 

Amazon reserves the first four (4) IP addresses and the last one (1) IP
address of every subnet for IP networking purposes.

 

 

Default vs Non-Default VPC

Default VPC:
  • Owned and managed by AWS
  • Provides lesser flexibility and
    Security
  • All instances get public IP by
    default
  • If the default VPC deleted by mistake
    need to raise support ticket for
    re-configured. 
Non-Default VPC:
  • Owned and Managed by
    Customer
  • Provides more flexibility
    and Security
  • All instances get private
    IP by default
  • For public IP, assigned
    elastic IP or load
    balancer.

IP Address and CIDR
IP Address: 
  • Provides a unique identity over the internet which helps in communicating with others.
  • Two types of IP address (IPv4 and IPv6)
  • Mostly used is IPv4
  • Secure and Complex is IPv6
  • IPv4 syntax is 8bit.8bit.8bit.8bit
  • Loopback IP address - 127.0.0.1 or referred to as localhost used for communication within the machine.
  • At the time of the creation of a new machine or we can say that at the time of the creation of new EC2 instances - each EC2 instances with assigned private and public IP address (a public IP address is optional it depends on the custom VPC).
 
CIDR:
  • CIDR stands for Classless Inter-Domain Routing
  • Why CIDR originated? In order to avoid wastage of IP addresses IEEE ( Internet Engineering Task Force) introduced the CIDR concept where there is no Class (A, B, and C) exist - if anyone requires a certain range of IP addresses it can choose from the network pool.
  • Notation of CIDR: 
    • a.b.c.d/n => where a.b.c.d denotes network bits and n denotes host bit.
    • Number of Network bits or block bits =>  2n
    • Number of host bits => 2(32 - n)
  • It helps in Subnetting

Subnet ( Public and Private )
What is subnet?
  • Divide the whole network into smaller chunks or smaller networks is called a subnet.
  • It helps in creating isolation between certain departments such as the IT department has no connection between the HR department, in order two achieve this we can create two subnet - one for IT and one for HR. 
Public Subnet:
  • The internet-facing network is known as Public Subnet. 
  • Such as Web Server.
Private Subnet: 
  • The secure network used for database patching achieved with the help of a private subnet where only the ingress connection allowed. 
  • No outgoing connection is permissible.
  • Allowed connection within the internal environment.
  • Such as Database Server.

Elastic IP
  • Why use Elastic IP? There are two uses of Elastic IP's 
    • In order to assign public IP to a server whenever we are using custom VPC's.
    • Whenever we stop the EC2 instances its public IP changes every time, in order to assign static IP we can use the Elastic IP (EIP).
  • There is a limitation of Elastic IP - in each region, we can only use 5 EIP's although we can request AWS for more. 
  • Always release EIP if not using to avoid extra charges. 
  • It's not a good practice to use EIP in real-time scenarios there are multiple ways to achieve this static nature using an Elastic load balancer.

Internet Gateway
  • In order to allow internet connection in custom VPC, we need to create an internet gateway.
  • Only one internet gateway is allocated to one VPC.
  • No additional charge need to pay for Internet Gateway

Route Table
  • The route table is used for creating network flow between VPC and Other resources such as internet gateway and nat devices.
  • Internet is not accessible even internet gateway is configured. For this, routing also needs to be configured between the internet and VPC.
  • For the private subnet - the routing table needs to be configured between the NAT device and private subnet.

Nat Device
What is NAT Devices?
Network Address Translation (NAT) devices, launched in the public subnet enables instances in a private subnet to connect to the Internet, but prevents the Internet from initiating connections with the instances.

Nat Instance:
  • Launched using EC2 instance AMI
  • Less -
    • Stable
    • Redundant
    • Bandwidth 
    • Availability
  • Not Managed by AWS 
  • Customizable ( we can perform a lot of configuration setup )
Nat Gateway:
  • Act as a virtual Gateway
  • More -
    • Stable
    • Redundant
    • Bandwidth
    • Availability
  • Managed by AWS
  • Not Much Customizable 
NACL 
  • NACL is known as Network Access Control List
  • Provide an extra layer of security on the subnet level.
  • Acts as a firewall for controlling traffic in and out of one or more subnets.

Security Group

  • Security Group applies to EC2 Instances.
  • Provide an extra layer of security on the instance level.
  • Acts as a firewall for controlling traffic in and out of one or more instances.

difference between Security group and NACL


Virtual Private Gateway
  • Virtual Private Gateway is used to establish a connection between VPC and On-Prem network with the help of VPN Connection
  • Virtual Private Gateway can connect N numbers of datacenter. 
  • Things required to Setup AWS VPG - 
    • VPN Connection
    • Configuration between Customer Gateway and AWS Virtual Private Gateway  

Bonus - Contents

VPC Hands-On

Pre-requisite for AWS VPC Hands-on. 

  • Free Tier AWS Account would be sufficient
  • Any SSH Connection software such as Putty. 
 Step 1. Create a VPC -

Day 1 - VPC Zero to Hero | AWS VPC | Hands-on | Certification Tips

Day 1 - VPC Zero to Hero | AWS VPC | Hands-on | Certification Tips

Step 2. Create two Subnet - Public and Private in a different availability zone.

Day 1 - VPC Zero to Hero | AWS VPC | Hands-on | Certification Tips


Day 1 - VPC Zero to Hero | AWS VPC | Hands-on | Certification Tips

Step 3. Create an Internet Gateway and attach it to VPC.

Day 1 - VPC Zero to Hero | AWS VPC | Hands-on | Certification Tips

Step 3. Setup a Route table for Public Subnet.

Day 1 - VPC Zero to Hero | AWS VPC | Hands-on | Certification Tips

Day 1 - VPC Zero to Hero | AWS VPC | Hands-on | Certification Tips

Step 4. Create two EC2 Instances one in Public Subnet and one in Private Subnet.

Day 1 - VPC Zero to Hero | AWS VPC | Hands-on | Certification Tips

Day 1 - VPC Zero to Hero | AWS VPC | Hands-on | Certification Tips

Day 1 - VPC Zero to Hero | AWS VPC | Hands-on | Certification Tips

Step 5. Create a Security Group for Public and Private Instances.

Day 1 - VPC Zero to Hero | AWS VPC | Hands-on | Certification Tips

Day 1 - VPC Zero to Hero | AWS VPC | Hands-on | Certification Tips

Step 6. Create NAT instance in Public Subnet for accessing the internet in Private Subnet and set up a security group for NAT.


Day 1 - VPC Zero to Hero | AWS VPC | Hands-on | Certification Tips

Day 1 - VPC Zero to Hero | AWS VPC | Hands-on | Certification Tips
Day 1 - VPC Zero to Hero | AWS VPC | Hands-on | Certification Tips

Step 7. Create EIP for Public and NAT instance

Day 1 - VPC Zero to Hero | AWS VPC | Hands-on | Certification Tips

Day 1 - VPC Zero to Hero | AWS VPC | Hands-on | Certification Tips

 

Step 8. Create a Route table for Private Subnet and Edit Route Table.

Day 1 - VPC Zero to Hero | AWS VPC | Hands-on | Certification Tips

Step 9. Edit Route Table Association for Private Subnet

Step 10. SSH into Public EC2 instance and from there login into Private Subnet - update the package manager using "sudo yum update". This will work. 

Step 11. Clean up all the EC2, Elastic IP's and VPC components to avoid extra charges.


VPC Peering

  • In order to share AWS resources in different VPC's - the VPC Peering concept is helpful.
  • Why there is a need to use VPC Peering? Suppose there are two companies XYZ and ABC those having different VPC and located in different regions - Due to some project requirements, XYZ needs to work with ABC. In order to work effectively ABC wants some AWS Resources access which is located on XYZ VPC - In order to achieve this kind of Scenario, we can use VPC Peering.
  • Four major things need to keep in mind at the time VPC Peering setup.
      • Initiate a VPC Peering Connection
      • Choose a Requestor
      • Choose an Acceptor ( Acceptor can approve or deny the request ).
      • Modify the route tables in both the VPC's or else create a new one --> Configure the latest route configuration to Subnet.
    • Also, we need to choose whether we want a VPC Peering connection in the Same/Different account or Same/Different Region.
 
  • No IP's are overlapped at the time of initiating VPC Connection.


Real Life VPC Implementation

VPC Peering | VPC Real life Implementation | RandomSkool.com

In the above scenario, we are working on two different VPC's ( XYZ and ABC ) - What we have learned so far - 

  • Creation of Complete End to End VPC's 
  • VPC Peering Connection
These two concepts are sufficient - 
Suppose we have created two VPC one for XYZ and one for ABC. Suddenly there are some requirements that come up that ABC needs to access on S3 of XYZ. But how to achieve it - using VPC Peering. 
 
    Step 1. Create a VPC of XYZ in AWS A/C.
    Step 2. Create a VPC of ABC in AWS A/C.
    Step 3. Create an S3 in XYZ 
    Step 4. Set up a VPC Peering Connection between XYZ and ABC.
    Step 5. Test the access by listing the S3 Bucket.

AWS Study Combo Pack -


 
 
 
 

0 Response to "Day 1 - VPC Zero to Hero | AWS VPC | Hands-on | Certification Tips"

Post a Comment

Hey Random,

Please let me know if you have any query :)

Adsense

Adsense

Adsense

Adsense