Saturday, June 24, 2017

AWS : VPC : Create a VPC with public & private subnet (without wizard)

Outlining the steps needed to create a VPC , with one public and one private subnet (without wizard)

  1. create a VPC
  2. It will automatically create a 
    • DHCP Option set : It sits on second address on the VPC … so in our 10.0.0,0/16 it will be on 10.0.0.2
    • Route table : can be different for different subnets or be same. can be main or
    • Network ACL : what traffic is allowed and what is blocked
  3. Create Needed number of Subnets ( and route table as needed)
  4. Create NAT instance in public subnet
  5. add entry of nat instance in routing table
  7. See details of routing table https://medium.com/@mda590/aws-routing-101-67879d23014d 
    • By default, each VPC comes with 1 route table pre-configured with a “local” route. The scope of the “local” route is only within the subnet defined for the entire VPC. For example, if your VPC was set up to have the address space of 10.1.0.0/16, your “local” route would be defined as “10.1.0.0/16”. This allows all of the resources created within the VPC to talk to each other without any additional configuration.
    • VPC route table option
      • Single Route Table for entire VPC
      • 1 route table per subnet 
      •  2-tier routing tables (1 for public subnets, and 1 for private subnets)
    • In order for the resources within your VPC to reach the public internet, the “gateway of last resort” (0.0.0.0/0) needs to be defined and pointed to either a NAT Gateway or an Internet Gateway. 
      • When an instance is about to send packet , it takes a look at route table and says ok which root do i need to take ?
             If there is a match in route table : it sends to target
             If no match then sends to target of 0.0.0.0/0 : default route
    •  Routing between multiple VPC ( VPC Peering )
      • In order to enable connectivity between VPCs, you must initiate the peering connection from one VPC, 
      • and then accept the request on the other VPC. Once the connectivity has been accepted and established, a new route needs to be added to each route table
      •  
  8. one VPC has only one IGW ( There is only 1 internet gateway per VPC.)
  9. A route table can be ‘main’ or ‘non main’... only difference between main and non main route table is … anytimes a subnet is created then automatically main route table is assigned to it.



Elastic IPs


When you reboot EC2 instance , it gets a new public ip address. This is solved via ‘elastic ip’ of EC2 instance. Bouncing an instance will not cause its elastic ip to change.

Only time Elastic IP is released back to amazon , is when we explicitly say so. There is a small charge for Elastic IP when it’s not allocated to any ‘running’ instance.

Elastic Network Interface : ENI : Elastic interface is kind of a network card … which we can associate and re-associate with any interface we want , elastic ip can be assigned to it.

If you assign a Elastic IP then public IP is also assigned to same ( guess they can’t be different )
There is a limits of 5 Elastic IP per VPC ( Summer 2015 )



Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)