Amazon Web Services (AWS) provides powerful networking capabilities through Virtual Private Clouds (VPCs). Setting up a VPC with public and private subnets allows you to design a scalable and secure network architecture for your applications. In this guide, we’ll walk you through the process of creating a VPC with both public and private subnets, and explore how to configure them effectively.
Step 1: Setting Up Your VPC
First, log in to your AWS Management Console and navigate to the VPC Dashboard. Click on Create VPC to start the configuration process. Here’s a basic setup:
- Name Tag: Enter a descriptive name for your VPC.
- IPv4 CIDR Block: Specify an IP range, such as
10.0.0.0/16, which will be used for your VPC. - IPv6 CIDR Block: Optional, you can choose to associate an IPv6 CIDR block if needed.
- Tenancy: Choose between default or dedicated instances.
After filling in the details, click Create VPC to finalize the creation.
Step 2: Creating Public and Private Subnets
Once your VPC is created, you’ll need to set up subnets. Navigate to the Subnets section and click Create Subnet. Here’s how to create public and private subnets:
- Public Subnet: Choose your VPC, enter a name, and specify an IPv4 CIDR block within the range of your VPC (e.g.,
10.0.1.0/24). This subnet will host resources that need internet access. - Private Subnet: Similarly, choose your VPC, enter a name, and specify a different IPv4 CIDR block (e.g.,
10.0.2.0/24). This subnet will be used for resources that don’t require direct internet access.
Click Create Subnet to complete the process.
Step 3: Configuring Route Tables
To enable internet access for the public subnet, you need to set up an internet gateway and update the route table. Here’s how:
- Create and Attach an Internet Gateway: Navigate to the Internet Gateways section, click Create Internet Gateway, and attach it to your VPC.
- Update Route Table: Go to the Route Tables section, select the route table associated with your VPC, and add a route with destination
0.0.0.0/0pointing to the newly created internet gateway. Associate this route table with your public subnet. - Private Subnet Configuration: Ensure that the route table associated with your private subnet does not have a route to the internet gateway. If you require private subnet resources to access the internet (e.g., for updates), consider setting up a NAT gateway.
Step 4: Verifying Your Setup
To ensure everything is set up correctly, you can launch instances in both subnets and test connectivity. Instances in the public subnet should be able to access the internet, while instances in the private subnet should not. You can also configure security groups and network ACLs to further control access and enhance security.
Conclusion
Creating a VPC with both public and private subnets in AWS allows you to build a flexible and secure network architecture. By following these steps, you can ensure that your applications are properly isolated and secured while still having access to the internet where necessary.