VPC Basics: Subnets, Route Tables, Gateways

Lesson Objectives

By the end of this lesson, you will:

1. Understand what an Amazon VPC (Virtual Private Cloud) is and its role in AWS networking.
2. Learn about key components of a VPC: subnets, route tables, and gateways.
3. Create and configure a VPC with subnets, a route table, and a gateway.
4. Understand how these components interact to enable secure, customizable networking.

---

Introduction: Your Own Private Network in the Cloud

Imagine you’re setting up a new office. You need to create different areas (e.g., workstations, conference rooms), establish routes for communication, and connect to the internet. A Virtual Private Cloud (VPC) does the same for your resources in AWS, providing a logically isolated network where you can launch and manage resources securely.

In this chapter, we’ll explore the fundamentals of VPC, including subnets, route tables, and gateways, and configure a custom VPC step by step.

---

What is a VPC?

An Amazon Virtual Private Cloud (VPC) is a virtual network dedicated to your AWS account. It allows you to isolate and control your networking environment, including IP address ranges, subnets, route tables, and internet gateways.

Key Features:

1. Isolation: Keep your resources separate from others on AWS.
2. Customization: Define your own network configurations, including IP ranges and routing rules.
3. Security: Use network ACLs, security groups, and subnets to protect resources.
4. Scalability: Add or modify subnets and routes as your application grows.

---

Core Components of a VPC

1. Subnets

• Definition: A subnet is a segment of your VPC where you can launch resources, such as EC2 instances.
• Types:
  • Public Subnet: Has a route to the internet through an Internet Gateway (IGW).
  • Private Subnet: Does not have direct internet access, used for internal resources like databases.

2. Route Tables

• Definition: A route table contains rules (routes) that determine how traffic is directed within your VPC and beyond.
• Key Points:
  • Each subnet must be associated with a route table.
  • Public subnets have routes to the Internet Gateway.
  • Private subnets route traffic to internal resources or a NAT Gateway for internet access.

3. Gateways

• Internet Gateway (IGW): Allows resources in a public subnet to access the internet.
• NAT Gateway: Enables resources in private subnets to access the internet for updates without being exposed to inbound traffic.
• Virtual Private Gateway: Used to connect your VPC to an on-premises data center through a VPN.

---

Step-by-Step Lab: Creating and Configuring a VPC

---

Scenario: You need to set up a custom VPC with a public subnet for web servers and a private subnet for databases.

---

Step 1: Create a VPC

1. Log in to AWS:
   • Go to the AWS Management Console and search for VPC.
2. Create a New VPC:
   • In the VPC dashboard, click Create VPC.
   • Configure the VPC:
     • Name Tag: MyCustomVPC.
     • IPv4 CIDR Block: 10.0.0.0/16 (provides 65,536 IP addresses).
   • Click Create VPC.

---

Step 2: Create Subnets

1. Create a Public Subnet:
   • In the VPC dashboard, click Subnets > Create Subnet.
   • Configure the subnet:
     • Name Tag: PublicSubnet.
     • VPC: Select MyCustomVPC.
     • Availability Zone: Choose any zone (e.g., us-east-1a).
     • CIDR Block: 10.0.1.0/24 (provides 256 IP addresses).
   • Click Create Subnet.
2. Create a Private Subnet:
   • Repeat the steps above, but configure:
     • Name Tag: PrivateSubnet.
     • CIDR Block: 10.0.2.0/24.

---

Step 3: Configure Route Tables

1. Create a Public Route Table:
   • Go to Route Tables > Create Route Table.
   • Configure:
     • Name Tag: PublicRouteTable.
     • VPC: Select MyCustomVPC.
   • Click Create.
2. Add a Route to the Internet Gateway:
   • Select PublicRouteTable, click Routes > Edit Routes > Add Route.
     • Destination: 0.0.0.0/0.
     • Target: Select your Internet Gateway (created in Step 4).
   • Click Save Changes.
3. Associate the Public Subnet:
   • Select PublicRouteTable, click Subnet Associations > Edit Subnet Associations.
   • Select PublicSubnet and save.
4. Create a Private Route Table:
   • Repeat the process above but do not add an Internet Gateway route. Associate it with PrivateSubnet.

---

Step 4: Add an Internet Gateway

1. Create an Internet Gateway:
   • Go to Internet Gateways > Create Internet Gateway.
   • Name it MyInternetGateway and click Create.
2. Attach to VPC:
   • Select the internet gateway and click Actions > Attach to VPC.
   • Choose MyCustomVPC and click Attach Internet Gateway.

---

Step 5: Test the Configuration

1. Launch an EC2 Instance in the Public Subnet:
   • Use a t2.micro instance in PublicSubnet with SSH enabled.
2. Verify Internet Access:
   

   
   ping google.com
   

   • SSH into the instance and test internet connectivity by pinging a website:
3. Launch an EC2 Instance in the Private Subnet:
   • Place another instance in PrivateSubnet.
   • Verify that it cannot access the internet directly.

---

Reflection: Understanding VPC Components

1. Subnets: Divide your VPC into public and private zones to isolate resources.
2. Route Tables: Direct traffic based on your architecture’s needs.
3. Gateways: Enable or restrict internet access for resources.

This architecture provides a secure and scalable foundation for hosting web applications, databases, or private backend services.

---

What’s Next?

In the next chapter, we’ll explore Security Groups vs. Network ACLs, diving into how AWS protects your resources at the network level.

Your networking journey is advancing—let’s build securely!