In this post I would like to show you how to complete the lab created by AWS. If you want to follow along and gain more knowledge about AWS, I recommend that you enroll in this free training: Networking Core – Knowledge Badge Readiness Path.
Table of Contents
Lab overview:
Before you start this lab, you need to create a AWS account. The resources created in this lab are included in Free Tier. To find out more about Free Tier, check out this link.
When you start, you need to create a virtual private cloud (VPC) manually. The VPC needs to include a publicly accessible Web server running on an EC2 instance. The VPC will have a public subnet, a route table associated with the public subnet, and a security group which permits traffic to the Web server. Make sure that the Web server is up and running and accessible over the Internet.
Amazon VPC is a logically isolated virtual network defined by you, where you can launch/deploy AWS resources such as an EC2 instance. You can use IPv4 and IPv6 in your VPC. To read more about Amazon VPC, check out this page.
Step 1: Create the Amazon VPC
First, you need to decide in which region you want to create the VPC (virtual private cloud). I will create my VPC in the London region (eu-west-2). You have the possibility to change the region from the AWS console. Go to the upper left corner, next to the question mark, and select the desired region.
Next, go to the VPC dashboard. You can write VPC in the Search bar and select the first option.
You can select the VPC from the Services -> Networking & Content Delivery -> VPC page.
By default, each VPC region contains a default VPC which is created by AWS. The default VPC is using the CIDR range 172.31.0.0/16.
In order to create a new VPC from the VPC dashboard, you need to press the “Create VPC” button.
From the new window, choose “VPC only”. You need to specify the VPC name, the IPv4 CIDR range. You also need to confirm if you want to use IPv6. After adding these details press the create VPC button.
You will see something similar in your environment.
Step 2: Create a public subnet
The next step is to define the subnets. If you want to deploy resources which are reachable over the Internet, you need to create a pubic subnet. If your resources need to remain private, you should create a private subnet.
In the left pane, choose “Subnets”. There you will find the subnets which are used by the default VPC. In order to create a new subnet, press the “Create subnet” button.
After you pressed the “Create subnet” button, select the VPC in which the subnet will be created.
I selected my-new-vpc in my lab. Next, you need to define the subnet name, the IPv4 CIDR block and the preffered Availabilty Zone. You can leave the “No preference” option, and the Availabilty Zone will be selected randomly. Press the “Create subnet” button.
After the subnet is created successfully, you will see something similar.
In order to have a public IPv4 address for the EC2 instance (the equivalent of a VM in AWS) that you will create later, you need to select the newly created subnet and edit its settings. Press the “Actions” button and select “Edit subnet settings”.
Now, enable the auto-assign IP settings to automatically request a public IPv4 or IPv6 address for a new network interface in this subnet. After adding the checkbox, press Save.
Even though you created a public subnet, it is not yet public. A public subnet must have an Internet gateway.
Step 3: Create an Internet gateway
In order for the EC2 instance to connect to the Internet, you need to create an Internet gateway and attach it to the VPC.
An Internet gateway is used as the next hop for the default route in the route table and it also performs network address translation (NAT) for instances that have a public IPv4 address assigned. The Internet gateway is the equivalent of a default gateway on a Linux or a Windows machine.
In the left pane, choose Internet gateways. You will find one Internet gateway there, which is attached to the default VPC. You will need to create a new one for your VPC. Press the “Create internet gateway” button to do so.
Specify the name for your new Internet gateway.
This is the result.
Next, you need to attach the Internet gateway to your VPC.
Press the “Actions” button and select the “Attach to VPC” option.
Select your VPC from the list and press the “Attach internet gateway” button.
Next, confirm that the Internet gateway is attached.
Step 4: Create a route table, add the default route and associate the public subnet
Each subnet needs to be associated with a route table. A route table contains routes which are used to determine where the network traffic will be sent.
In order to send traffic to the Internet, your route table needs to contain a route which directs the traffic to the Internet gateway.
First, you need to create a route table. In the left pane, choose “Route tables”.
Press the “Create route table” button and name it. From the same window, select the VPC which will use this route table. In my lab, I used my-new-vpc.
Next, you need to press on “Edit routes” and add the default route (0.0.0.0/0) which will point to the Internet gateway.
Press on “Add route”, specify the destination as 0.0.0.0/0, specify the target as Internet gateway and save the changes.
The last step is to associate your public subnet with the route table. Press on “Subnet associations” and then press on “Edit subnet associations”.
In the new window, select your public subnet and press “Save associations”.
Step 5: Create a security group to allow traffic to your Web server
A security group is similar to a firewall running on your Linux or Windows host. It controls the inbound and outbound traffic and it can be associated with one or multiple instances.
You need to create a security group which will be attached to the EC2 instance and which will allow traffic to the TCP port 80.
In the left pane, choose Security Groups. Press on “Create security group”.
Specify the security group name and select your VPC. I would suggest you to add a description to remind you at a later date why this security group was created.
Next, you need to add the inbound rule which will permit traffic to your Web server. By default, there is no inbound rule and the traffic is denied by the implicit deny rule. Press on “Add rule” and specify the port (in our case 80), select the source (in our case 0.0.0.0/0). After defining the inbound rules, select “Create security group” at the bottom of the page.
Confirm that your security group was successfully created.
Step 6: Launch the EC2 Instance
Now, you need to launch an EC2 instance. This instance will be used as your Web server.
Press on Services -> Compute -> EC2.
Now you are in the EC2 dashboard. From here you will create the new instance. You need to use the “Launch instance” button.
Next, you need to specify the EC2 details.
Select a name and the OS. I will use Amazon Linux for my VM.
For Instance type, leave t2.micro. It is included in the Free Tier.
For Key pair, press “Create new key pair” and name it. You can use this Key pair for connecting to your EC2 instance via SSH. You will not need the key pair for this lab.
Under Network settings, select the security group you created earlier.
Go past “Configure Storage” and press on “Advanced details”.
Find the “User data” field and add this script. This script will be executed during launch. It installs and starts the httpd daemon. You will use the Apache Web server.
Press the “Launch instance” button and wait until your EC2 is up and running. Go to the instance page by pressing on its ID.
From the instance page, copy its public IPv4 address.
Open a browser and enter the URL http://<Your-Instance-Public-IPv4-address>.
Your Web server is up and running.
Step 7: Remove the created resources
If you do not plan to keep the created resources, you need to remove them after finishing the lab otherwise you will incur costs.
On the Instances page, select your instance, click “Instance state” and choose “Terminate instance”.
Next, go to the VPC dashboard and select your VPC. Press on “Actions” and choose “Delete VPC”. This will ensure that all resources associated with this VPC will be deleted.
I hope you find this post useful. Share it on your social media channels so that other people can read it too.