Amazon VPC (Virtual Private Cloud): how to configure?

On this post we will continue with the preparation for the AWS CERTIFIED SOLUTIONS ARCHITECT EXAM. Remember the exercises we are solving here are from AWS Certified Solutions Architect Official Study Guide: Associate Exam by Joe Baron and others. We will show you how to configure Amazon VPC.

We have already cover the EC2 exercises on the previous entry so now we will go through the Amazon VPC (Virtual Private Cloud) exercises.

Amazon VPC

Amazon VPC (Virtual Private Cloud) Exercises

EXERCISE 4.1

Create a Custom Amazon VPC

aws ec2 create-vpc --cidr-block 192.168.0.0/16 VPC id is: vpc-052846c30bf662c5e
aws ec2 create-tags --resources vpc-052846c30bf662c5e --tags Key=Name,Value='My First VPC'

EXERCISE 4.2

Create Two Subnets for Your Custom Amazon VPC

aws ec2 create-subnet --vpc-id vpc-052846c30bf662c5e --cidr-block 192.168.1.0/24
aws ec2 create-tags --resources subnet-052846c30bf662c5e --tags Key=Name,Value='My First subnet'
aws ec2 create-subnet --vpc-id vpc-052846c30bf662c5e --cidr-block 192.168.2.0/24 --availability-zone sa-east-1c
aws ec2 create-tags --resources subnet-052846c30bf662c5e --tags Key=Name,Value='My first subnet'

EXERCISE 4.3

Connect Your Custom Amazon VPC to the Internet and Establish Routing

Lets create the Internet Gateway:

aws ec2 create-internet-gateway

InternetGatewayId is igw-0cb490b5a457817e3

Create an IGW with a name tag of My First IGW and attach it to your custom Amazon VPC

aws ec2 create-tags --resources igw-0cb490b5a457817e3 --tags Key=Name,Value='My First IGW'

Add a route to the main route table for your custom Amazon VPC that directs Internet traffic (0.0.0.0/0) to the IGW

Lets first check the current routing tables

aws ec2 describe-route-tables

The route table id is rtb-0d52a402c833a8491

we attach the IGW to the VPC:


aws ec2 attach-internet-gateway --internet-gateway-id igw-0cb490b5a457817e3 --vpc-id vpc-052846c30bf662c5e

Lets create the default gw route:

aws ec2 create-route --route-table-id rtb-0d52a402c833a8491 --destination-cidr-block 0.0.0.0/0 --gateway-id igw-0cb490b5a457817e3

EXERCISE 4.4

Launch an Amazon EC2 Instance and Test the Connection to the Internet

Lets get the subnet id for the first subnet we created within our VPC:

aws ec2 describe-subnets subnet id is subnet-0d4c9f8d721dda4be

Lets create the security group assicated to the VPC so we can connect to the instance

aws ec2 create-security-group --vpc-id vpc-052846c30bf662c5e --description "security group custom vpc" --group-name "security group custom vpc"

GroupId is “sg-0e8012d7b1e190c1d”

Add SSH rule, we are using 200.1.2.3 as the IP address we allow SSH connectivity from. Replace with your own IP

aws ec2 authorize-security-group-ingress --group-id sg-0e8012d7b1e190c1d --protocol tcp --port 22 --cidr 200.1.2.3/32

And we create the instance and associate it to the security group and subnet

aws ec2 run-instances --image-id ami-09f4cd7c0b533b081 --instance-type t2.micro --key-name AWSKey --security-group-ids sg-0e8012d7b1e190c1d --subnet-id subnet-0d4c9f8d721dda4be --associate-public-ip-address

Don’t forget the –associate-public-ip-address switch, as we are assigning subnets to the instance instead of using default ones, we need to specify we want a public IP for this instance.

You should be able now to connect to the instance and ping www.google.com which will probe there is Internet connectivity inbound and outbound.