[0:00]Welcome back to the another chapter of this AWS series, and in this chapter, we are going to focus more onto the networking concept. And when we are talking about the networking concept, then I'm talking about the VPC, public subnet, private subnet, how to create your Internet Gateway, how to create your Route Table, and how to provision your resources, for example, EC2 or any other resource inside your public as well as into your private subnet. So, I would highly recommend to pay careful attention onto these networking concept, because these networking concepts are gonna used quite a lot when we will move ahead into another chapter and another topics. So, without further ado, let's jump into the topic and start setting up your own whole VPC network. To begin with, here you can see this is our targeted setup which we want to achieve once we start setting up our VPC, public subnet and private subnet. So here onto the screen, you can see the first box which I have denoted as a AWS, so this is our AWS Cloud account. Or you already have signed up for AWS account, so that's the boundary of our AWS. Inside that AWS, you will find another rectangle, which is a VPC, so this is our Virtual Private Cloud. So, consider this VPC as a data center. So, you're trying to set up a data center on a AWS account. And these VPC in in this VPC, you are just going to create all the resources, whether you are just going to create a EC2 instance, whether you are just going to create a Lambda, whether you are just going to create a ECS service, Kubernetes. So, everything we will fall inside this VPC. So, that's why we are calling it as a VPC, or in other words, we can also call it as our data center, or we can say it as a virtual data center also. Now, inside the data center, you just need to create more networking, and in the terms of networking, what I mean to say is, we need to create our public subnet, where we will put our resources which is publicly accessible via internet. So, that's why we are just going to create our public subnet, which you can see over here, and for example, I have just put a EC2 instance over here. And on the right hand side, you will find another subnet, which is our private subnet, where we will be putting more resources, but these resources are little bit specific, which we don't want to expose to the internet. So, that's why we call it as a private subnet, and we want to create those resources inside that private subnet. And so what's the example of a private subnet and why do we need it? So, for example, if you are having an web application, so any web application, the web pages or the web part of that application will reside onto your public subnet on our EC2 instance. This is just an example, I'm taking over here. So, anything which is accessible to a public will be putting will be put onto our public subnet. And anything which is not accessible to public or a client, then we will put onto private subnet. So, I'm taking again the same example of our web application. So, any web application if you are just trying to create, then it will have a database. So, we are just going to create our database into the private subnet, because database doesn't need to be accessed to by another person. So, this database will only be accessible by our web application. So, the web application front-end part will reside onto our public subnet, but the database side will always reside onto private subnet, because we don't want to expose our database to internet or to the other person. So, that's why we need to keep our database inside our private subnet. So, that's the basic difference between our public and the private subnet. Apart from that, you might see over here, there are IP ranges which I have created. So, here at the bottom, you will see that 12.0.1.0/16. So, that's the IP range I'm just going to assign for my VPC. And once I assign that IP range, then all the public subnet and the private subnet which I'm just going to create, should fall under that particular range. So, here I'm just going to then again assign the range 12.1.0/24 for my public subnet, and then 12.0.2.0/24 will be my private subnet IP. So, these are the cider uh IP ranges. So, just read about the cider, so these are the cider range we will assign inside my VPC. So, those are necessary, because any instance which you will create inside those public subnet and private subnet will fall under those IP ranges. So, that's a key thing which you need to keep in mind when you are working with this AP VPC and when you're trying to set up the public and the private subnet. Now, talking about the next concept, which is an internet gateway, which you can see over here. So, Internet Gateway, as the name suggests, it's a gateway for accessing the internet. So, any resource which is present onto your public subnet will have an access to internet, although you can configure like which resource you want to provide a internet access or not. But, in general, any resource which is present onto public subnet should have an access to internet. So, that's the main reason which we need for which we need to create an internet gateway and we need to associate that internet gateway with our public subnet.
[5:20]All right, the next important thing which we need to know before we begin onto the demo side of this particular chapter, which is a route table. So, Route Table is common, and these route table, it's not common, but we need to create a route table for our public subnet as well as our private subnet. So, these route table will be able to route the traffic or route the request between our Internet Gateway in and into our public subnet as well as into our private subnet. So, these are the key component which we need to set up for setting up our VPC or our virtual data center, so that we can place our resources inside those public as well as private subnet. All right, so now we know what we need to do. So, let's first start with our first block, which is our AWS account. So, this is our AWS boundary. And if I go back to my AWS console over here, then you can see this is my AWS account. So, that's our first building block, you need to have an AWS account. Secondly, we need to create a VPC. So, this is our VPC boundary. So, how to create a VPC? So, go back to your AWS console over here. And in the search box, just type VPC, click on this VPC link. And here, you will find quite a lot of option, but don't don't just get confused over here. So, here you will find a Create VPC button, and if you don't find that Create VPC button, then here is a link for creating the VPC. So, click on this VPC. And here you will find there is one VPC, which is already existing. So, these VPCs are created by default when you create your AWS account. But for this chapter, we are just not going to use this default VPC, but we are just going to create our own VPC. So here onto this AWS console or AWS UI, you will find this orange color or yellow color button for Create VPC. So, click on it. And here we need to enter the details about our VPC. So, first thing which I'm just going to put over here is test let's say test VPC. Here we need to specify the IP range for my VPC. So, for that, I'm just going to copy my IP range from my notepad and put it over here. So, this is the IP range which I'm just going to assign, so which we also call it as a cider. And here, we need to choose other options. So, for tenancy, I'm just going to keep it default. I just don't want to use the tenancy. And after that, the tag, we can check over here. So, the tag name is this, and the we are just going to use the value, which is test VPC. So, that's the minimum thing which you need to provide for creating the VPC. Once you fill in those details, then just go here and click on Create VPC. And here you can see our VPC has been created. And you can check again by going clicking over here, and now you should see there are two VPCs. So, click on this VPC, and here you can see, this is the default VPC, which has been provided, and this is the test VPC which we have just created. Moving further, the next resource which we need to create is the internet gateway, so that we can associate that Internet Gateway with the public subnet and private subnet. But first of all, let's go to our AWS console and create our internet gateway. So, go back to your VPC, or the AWS console, and here on the left hand side, you will find an option to create an internet gateway, which is just below the route table. So, click on this Internet Gateway over here. And here you will see that there is one gateway, which has already been created. So, you don't need to use that internet gateway, or maybe I have just created in past, so that's why it is there, but I'm not just not going to use that internet gateway, but instead, I'm just going to create a new one. So here click on this Internet Gateway button, and here you can just type, uh I'm just going to put Internet Gateway, this is the short abbreviation, for test, yeah, that should be quite okay. Internet Gateway test. Just click on Create Internet Gateway, and just go onto Internet Gateway and verify that you have created. So, here you can see Internet test has been created, Internet Gateway test has been created. After creating the Internet Gateway, the key thing which you need to look over here is this Internet Gateway is not associated with your VPC. And how will you know? So here, this is the Internet test gateway, which you can see, but here in the state column, you will find an option, which is detached. That means, this is an Internet Gateway, which we have created, but it is not been attached with any VPC. So for that, we need to attach this particular internet gateway. So for that, what I'm just going to do, I'm just going to click on this internet gateway ID, which is present over here. So click on here, go to Actions. And here you will find attach to VPC option at top. So click on it, and here you need to select the VPC. So, as you know, we have just created our test VPC. So, just click on this test VPC and click Attach Internet Gateway. And here you can see, our Internet Gateway is now attached with our VPC, which we have just created. And which you can verify again, just click on Internet Gateway, and here you can see this test Internet Gateway has been now attached. Now, moving back to the slide, the next resources which we need to create after creating the Internet Gateway is the public subnet and the private subnet. So, now we have the VPC, we have the Internet Gateway, and Internet Gateway is now attached with our VPC. But now we need to create our public subnet and the private subnet. So again, I'll go back to my AWS console, and I will just go into my VPC section, and here you just need to click on the VPC dashboard. And here we will find an option for subnet. So, either you can click on click over here in this particular tiles, or you can on the left navigation, you can also click on the subnets. So, I'm just going to click on subnet. And here you will find the three subnet which already exists. So, I'm just not going to use those three subnet. Those are the default subnet, which which has been assigned to you from AWS when you have signed up for AWS account. So here, we just need to create our own subnet. So, click on this create subnet button over here. And here you just need to select the VPC. Now, you might get the feel of VPC here. So here, if I go back to the slide, then here you will see, now we are working inside the boundary of VPC. So, any resource which we are going to create, we need to attach or we need to create within that particular VPC, and which is going to be our virtual data center. So here, I'm again, just going to create the select the same VPC, which which I have created earlier. So, here I'm just going to go over here, and I'm just going to select test VPC. And here we just need to enter the private public and private subnet detail. So, first of all, let's create the test public subnet. And I'm just going to put 1A. I'm just going to show you why I'm putting 1A. So, we need to put the availability zone. Since I'm in Europe, so that's why I have choose like Europe central region. But in case, if you are present in any other part of the world, then just select the that particular reason. And in that region, you will find a multiple availability reason, and why we need to choose this availability reason, is because of high availability. So that you you will not have many downtime, and you will have a maximum availability of our resources from AWS side. So here, I'm just going to choose Europe Central 1A. Here, we need to specify the IP range, and again, remember, we need to specify the IP range of our VPC, which we have created. So, we have created 12.0.1.0 for our VPC, so we will work on that same IP range. So, we are just going to assign 12.0.1.0/24. So, I'm just going to copy this particular IP range, go back to my console and paste it over here. So, this is going to be the public subnet IP range or the cider block. All right, so we have the tags, and the tag name is test public subnet 1A. That's fine. So, now this is the first public subnet we have created. Let's add one more subnet, and now we are just going to create a private subnet. So here, I'm just going to copy the name as it is, and I'm just going to rename it and make it as a public instead of instead of I'm just going to put it as a private. Availability zone, I'm just going to choose 1A again, because we can create a multiple subnet over here. We can create a public and private subnet in 1 EU Central 1A, and then we can create another public and another private subnet inside EU Central 1B, which you can see over here.
[13:53]Which which is present over here, you can see 1B or 1C. So, with that, what you will have, you will have a maximum availability. But for the demo purpose, I'm just going to create a one subnet, one which is public and one is private subnet. Okay. So, now we have specified our private subnet also, just I'm just going to specify the private subnet range. So, I'm just going to put uh let's say 3.0 over here.
[14:19]All right. So, now in the tags section, you can see, uh it has already created the tags for me. And after that, you can just verify all these details for VPC, public subnet, private subnet. And once you are satisfied with these detail, just click on create subnet. And here you can see, uh these are the subnets which has been created right now. So, we will go again to the dashboard over here. And here, uh if you are like confused, like how to navigate between these options. So, what you can do, the good option would be, just on the left hand side, you will find an option for a VPC. So, here, just select the test VPC. And all the resources which are present into this VPC will be visible over here. So, just go to subnet, and here you can see, the subnet which are created only into this test VPC. So, now we have created the subnets. Now, after creating our Internet Gateway, public subnet, private subnet, the next thing which we need to create is the route table. So, here you can see, this is the route table, which we need to create. And we are just going to create a route table for our public subnet as well as for our private subnet. So, let's go back to our AWS console, and here, just click on this VPC dashboard. Because all the options are available here into our VPC dashboard. So here on the left hand side, you can click on this route table. And here, just here, you will find a one default route table, but we are not going to use that default route table. But instead, we are just going to create a new one. So, click on this create route table. And here I'm just going to put the name. So, first of all, I'm just going to choose a abbreviation RT for route table, and here I'm just going to put test public for our public subnet. Here, again, we need to choose the VPC. So, the VPC is our test VPC, because all the resources we want to create inside the test VPC. So, that's the reason. Okay. So, here again, just verify the tags. The key is name, and the value is RT test public. So, just click on create route table over here. All right. So, now our route table public route table has been created, which we will be used for our public subnet. But creating a route table is not sufficient enough. We need to provide a route so that it can access the internet. For that, what we need to do, we just need to click on this edit route option over here.
[16:47]And here you will see, this is the IP, which is our internal IP. So, right now, this route table doesn't have a internet access. For that, we need to create a route. So, click on this add route, and just enter the IP, which is 0.0.0.0/0, which means it can it can be accessed over internet, and it has an access to internet. All right. The next thing which we need to put is target. So, target is like from where it's it's going to get the internet. So, for that, we are just going to choose the internet gateway, which we have just created. So, just click on Internet Gateway over here, and here you will find the Internet Gateway test, which we have just created, which will be responsible for providing all the internet access. So, I'm just going to click on this one. So, now you can see, we have created a route table, and this was our default route, which was internal. But now we have created a internet route with this IP address. All right, so now that's been done, just click on Save Changes. And here you can verify the routes once again. So, this is our public route for internet access, and this is our private route. So, this route table has an access to internet as well as internal access. Let's take a look onto the diagram once again, and try to see what pieces are missing. So, now we have the VPC, we have the Internet Gateway, and that Internet Gateway is now assigned to our route table over here. But one thing which you see over here, our route table is not associated with our public subnet yet. So, we need to associate our route table with our public subnet. We have just created a route table, and we have just associated with our Internet Gateway with routes. So, what we need to do, just go back over here, and into our public route table, go to your subnet association. Into the subnet association, you will find an option for edit subnet association. So, click on edit subnet association. And here you will find the subnets. So, we have created one public subnet, and one private subnet. But since we just want this route table to be associated with our public subnet, so that it has an internet access. So, I'm just going to select only one subnet over here, which is our public subnet. Click on Save Association. And now you can see, uh we have our public subnet, which is associated with this particular route table. Now, we have just finished our public route table. The next route table which we need to create is for our private subnet. So here in the diagram, so here you will see, although I have just mentioned the route table, I have not specified whether it's a public or private, but we need to have a two route table. So, one route table for public subnet, which we have already created. Now, we are just going to create for private subnet. So go back to your AWS console, click on this route table. And here you can see, we have already have a public route table. Just click on create route table for creating our private. So, I'm just going to paste the name and change the name to the private. Again, we need to select the VPC under which VPC we want to create. So, here I'm just going to select test VPC. And then I'm just going to click on Create Route Table. And here you can see, our route table has been created. The next thing which we need to do, we need to create a subnet association. Remember, this is our private subnet, this is our private route table, which will be associated with our private subnet. So, we don't need to provide an internet route, which we have done previously for our public route table. But this is going to be a private route table with private subnet, and it doesn't need an internet access. So, we are just not going to create any routes over here. We will directly jump to the subnet association. Click on subnet, click on Edit Subnet Association. And here I'm just going to choose only the private subnet this time. Click on Save Association. And here you can see, our subnet is associated, our private subnet is associated with our route table test private. So, that's how you're just going to create a route table, and then you're just going to associate the private subnet with our route table. Okay. So, now our basic skeleton networking setup is ready, and the next thing what we need to do over here, we just need to create a resource inside our public subnet. So here you can see, we we are just going to create an EC2 instance into our public subnet, and we are just going to SSH from my local machine into my EC2 instance. So, that's going to be the next step which we are going to perform. And for that, what we need to do, we just need to go back to our AWS console over here. Go to AWS homepage, because we are done with our VPC setup and all the networking setup which is needed. So here, we need to click on the EC2, or you can just go to search box and type EC2 over here. Click on EC2. And here you can see, uh this is our EC2 dashboard, and here you can see no instances are running. So, click on this instances, and here you can see, nothing is running. So, either you can create a instance or EC2 instance from here, or either you can go back and click on Launch Instance. So, I'll just going to go over here and click on Launch Instance over here. So here, first of all, need to put the name or assign the name for your EC2 instance. So, I'm just going to put test, I'm just going to put test EC2 public sub instance. So, that's just a name, I'm just going to put for this particular demo. I'm just going to choose Ubuntu. I'm just going to stick with my free tier, because this is I'm doing it for the demo purpose. So, I'm just not going to use some higher or more powerful CPU. Okay, so I'm just going to keep the things default over here, 64-bit, that's okay. T2.micro, because yeah, I'm just going to stick with a lower bare minimum CPU. The key pair. So here, I have already created the public key and the private key, and if you don't know like how to create a public key and the private key, then just check my previous chapter, where I have explained like how to create your public key and the private key, which will be used for your EC2 instance. So, that's a key thing which you need to keep in mind. And in case if you you haven't created the public key and private key, then you can just simply click on this create a new key pair. And that will create a public key as well as the private key. So, I'm just going to show you briefly over here. So if you click on create new pair, so here you will put, for example, test key pair. And then just click Create key pair. And once you click on this, then it will just download you the private key. That test key pair.pem. This is the private key, which will be downloaded onto your local system. So that you need to keep it with you, and the public key is already being associated created over here. So here you can see test key pair. So this public this public key has already been created, and that is present onto your AWS console. So, that's how you are just going to create a public key and private key. So, since I have already created, and already have a copy of that key with me, so I'm just going to use this AWS EC2 Terraform pub. This is the public key, which I generally use. But in case you are creating a first time, then just use that particular key, which is test key pair. And which might be different for you. So, I'm just going to select this one.
[24:20]Go further, and here you will find the network settings. So, here you need to pay careful attention, because all the setup networking setup, which we which we have done previously, we need to use it over here. So, click on edit over here. So, here you need to choose the VPC. So, this is not the VPC we have created. We have created a test VPC. I'm just going to select that one. Here, we need to choose the subnet. So, I'm just going to choose the public subnet, because here if you take a look onto the slide, so we are just creating EC2 into our public subnet. So, I'm just going to select public subnet over here. Go again further, and then auto assign the public IP. Since this EC2 instance is going to be available publicly, so that we can access or we can SSH into this particular instance. So, we need to assign a public IP. So, we need to enable this option so that we get a public IP. All right. So here, the next thing is the create security group. That's a one more important thing. So, I'm just going to name the security group test EC2, I'm just going to put test EC2 security group. And in this security group, which we, I'm just going to keep the same into description, that should be okay. So here, we need to put more attention onto the SSH part, because we want to SSH into this EC2 instance using the public IP. So for that, we need to enable the type SSH, port 22. And source type can be accessed from anywhere. So, I'm just keeping it anywhere so that I can access or anyone with the IP and the private key can access this particular EC2 instance. All right. So, now we have done the security group also. Then next we are just going to check, I'm just not going to check any advanced networking configuration. We are just going to skip that part, which is not needed at this point. Configuration storage, so I'm just going to go with the 8GB of memory, sorry, 8GB of our disk space over here. After that, into advanced detail, I'm just not going to choose anything over here. We don't want spot instances right now. And once we are done with these many like options, which we have fill in already, then we can just go ahead and click on Launch Instance. So, I'm just going to click on Launch Instance. And I'm just going to click on this, this is the instance ID, which generated from the AWS. So click on it. And here you can see, the state is in pending, so you just need to refresh it. And it will be in a running state. And here you can see, the instance is now into our running state. All right. So, now we have created our whole VPC with our public subnet, private subnet, Internet Gateway, route table, and also we have started an EC2 instance onto our public subnet. The next thing which we need to do is, we need to SSH into our EC2 instance. So, this is the EC2 instance, which is running. So, the next just click on this instance ID, so that we can see the details. So here we need to pay careful attention onto some of the IP addresses. So, we will be mostly interested into this public IP, which is generated by AWS. So, I'm just going to copy this public IP address. And here you will find all other detail like the host name, the private IP, the public IP for DNS, Elastic IP, if you have created any elastic IP, the instance type. So, all those details are available over here. So, in the networking also, you can see the details uh associated with our EC2 instance, which is a subnet uh and your VPC. So, all those details you can see over here. But, let's copy the public IP address from here, and we just wanted to SSH from my local laptop. So, in case if you are using Windows, then you can use putty, and since I'm using Mac, so I have a terminal over here. So, which is just similar to the putty. So, here I need to first of all, check onto my private key. So, I'm just going to run the LS and LTRT commands to to see my private key. So, the my private key is AWS EC2 Terraform. This is the private key which I have already created. And while I was creating an EC2 instance, I showed you that there is a test key pair which I have created. So, in case you are creating the keys for the first time, then this is the key which you need to use, test key pair.pem. So, that will be your private key for this SSH utility. All right. Now, we have copied the public IP address. We have our terminal ready. We already have our private key, which is present over here onto the same directory. So, I'm just going to clear this terminal. But how to SSH into this EC2 instance? So, what you need to do, you just need to go to connect over here, go to SSH client, and here you will find the instructions. So, locate your private key, which is this one, uh, which we have already located. In this case, this name will differ, because you might have created some different key with different name. Then we need to change the permission of that particular key, which is 400. Because whenever you create a key, then you will have a very big bigger permission or very broad permission. So what you need to do, you just need to run the command, I'm just going to copy this command, CH mode 400 and the key name, which is this one. This is my private key, but in case you will have a .pem also, that's absolutely fine, that's not a problem. So, just hit enter. After that, you just need to follow the next instruction to SSH into your Ubuntu or your Linux machine. So here, this is the command which you need to create to SSH into your EC2 instance.
[30:21]And once you have created this command, just simply hit enter. Uh, are you sure you want to connect? Type yes. And here you can see, now we have entered into our Linux machine. And here you can see, this is the IP address, which is 12.0.1.27. So, that's the IP which we have got, and this IP belongs to our public subnet. And which I can show you from our slide. Here you can see, 12.0.1.0/24. So this is the IP range we have assigned, and what we have got the IP address, that is 1.27. So, that's belong to our public subnet. And also, you can verify the details. So, that's the usage, uh, like the disk, and this is our Ubuntu, which is running on the 22.04. So, that's how you are just going to create an EC2 instance, and you are just going to set up your whole VPC with public subnet, private subnet, and then you can access that EC2 instance from your local machine. So, that was the session which I have planned for today. And once you're done with this whole setup and if you're doing it for the demo purpose, then what I would recommend is just to clean up all this resource. Otherwise, it might incur some cost to you. So, for that, what you need to do is, you just need to exit from here, uh, go back to your EC2. Click onto the instances, select the instance, go to action, uh, instance state, then click on Terminate Instance. If you are just using it for learning purpose, then I would recommend it to terminate the instance once you have done the setup, because, uh, it will start costing a little bit of money if you don't stop or don't terminate your EC2 instance. So, I'll be back shortly once this instance is completely terminated. All right, so here you can see, our instance has been terminated. So, now we need to clean up all the route table, our public subnet, private subnet, and our internet gateway along with our VPC. So, go over here into AWS, click on VPC over here. Select VPC. Then what we need to do over here, we just need to go to the route tables first. Select our private route table. Go to action, select delete. And you will find an error message over here. Route table is still associated and cannot be deleted. So, what you need to do, you just need to cancel this one.
[32:46]Click on this subnet association. Edit subnet association. Deselect this one. Save association. So, now we have dis like, we have unregistered our private subnet with this particular route table. And now again, go back to action, click on delete. And now you can delete this route table. Click on delete. So, now we have deleted our private route table. Just refresh it once again, and that that is gone. And your route table is gone. So, now we have deleted our route table. The next thing which we need to delete after that is public subnet and the private subnet. So, click on this subnets. Go to private subnet.
[33:39]Click on action, click on delete. And here you can just type delete. Refresh it, and your private subnet is gone. Just click on public subnet. Click on action, click on delete. Type delete over here. All right. Refresh the page, and now our subnets has been deleted. The next thing which we need to delete after that is Internet Gateway. So, go on Internet Gateway. Click on this Internet Gateway, and this Internet Gateway is still attached with our VPC. So, let's check that one. So, Internet Gateway is there. Go to action, detach from VPC, because that's necessary before you delete your Internet Gateway. So, I'm just going to click on detach. Detach. Go to action, click on delete. Type delete over here. And now we have deleted our Internet Gateway. Refresh this one. And you can see this is our default Gateway, which we have got when we signed up for AWS. So, now our Internet Gateway has been deleted. Now, we finally need to delete our VPC. So, click on this your VPCs. This is our test VPC. Select this test VPC. Go to action and delete VPC. Type delete over here. And that has been deleted. So, that's how we have set up our whole networking. We have tested our EC2 instance, and finally, we have cleaned up our whole demo. So, in case if you face any error while cleaning up, then check the association between the route table, subnets, your Internet Gateway, your VPC. There might be some kind of a association. So, you need to detach those association. So, with that, I hope you like the today's session on how to set up your VPC and networking, and how to create your EC2 instances onto your public subnet. Into the next session, we will be taking a look onto the Bastion host, and that is a really important concept when it comes to security. So, stay tuned for this series, and in the next chapter, we'll take a look onto the Bastion concept into much more detail. So till then, take care, and bye-bye.
