nikdzub / aws_vpc Goto Github PK

VPC - Virtual Private Cloud is a commercial cloud computing service that provides a virtual private cloud, by provisioning a logically isolated section of Amazon Web Services Cloud.

The DNS hostnames attribute determines whether instances launched in the VPC receive public DNS hostnames that correspond to their public IP addresses.

An internet gateway is a virtual router that connects a VPC to the internet.

aws ec2 attach-internet-gateway --vpc-id "vpc-08c6e4ccb8b131621" --internet-gateway-id "igw-08a034af09f3ce082" --region us-east-1

To add a new subnet to your VPC, you must specify an IPv4 CIDR block for the subnet from the range of your VPC. You can specify the Availability Zone in which you want the subnet to reside. You can have multiple subnets in the same Availability Zone. You can optionally specify an IPv6 CIDR block for your subnet if an IPv6 CIDR block is associated with your VPC.

Edit the subnet settings to enable auto-assign public IPv4 address.

The auto-assign IP settings determines if, when you launch an EC2 instance, the primary network interface is assigned a public IPv4 address or IPv6 address by default.

Once we created the vpc a main route table was created automatically for it, a private one so lets create a public one as well and add routes

keeping in mind to associate the private subnet to the same availability zone as the public one

what makes the 2 public subnets actually public is that they are associated in the public route table wich is 0.0.0.0/24

how the 4 remaining are private? bacause when we created the vpc the main route table was created wich is private, now when a subnet has not been associated with any route tables they auto associate with the main one.

The NAT gateway allows the instances in the private subnets (app + data) to access the internet

The private route table is associated with the private subnets and routes the traffic to the internet trough the NAT gateway

after creating the nat gateway lets create the private route table and add a route to the NAT

now lets associate this private route table with the private subnets of az1

and basically the same for az2 as well

A security group acts as a virtual firewall for your instance to control inbound and outbound traffic.

lets start with the app load balancer security group

then SSH

then the webserver (adding ssh & alb)

and for the database (port 3306 for mysql)

first we need to create the subnet groups,in order to specify on which subnets we want our RDS database in

now lets create the database (2long 4 screenshot)

engine - MySQL, Template - Dev/Test, Id - dev-rds-db, Instance configuration - db.t2.micro (free), VPC - dev_vpc, subnet group - db_subnets (the one we just created), security group(firewall) - db_security_group, Availability Zone - 1b, db name - app_db, pwd - rZpdQGf6QdKAYsE4iYf7 (lol)