# Part 1: Manually Create Custom VPC

Welcome to the first part of an ongoing mini-series which will result in the creation of network infrastructure for a multi-tier application:

We will manually configure a custom VPC, secure the network environment and add logging & auto remediation.

* **Part 1: Manually Configure a VPC**
    
* Part 2: Secure the Network Environment
    
* Part 3: Launching Servers, Adding Logging/Auto Remediation
    

Our task today will be for the following scenario:

Scenario: Provision a small VPC for a client application that has a web server and app server.  The client would like 1024 ip address reserved for future use and would like to make use of two availability zones for high availability.

---

### Plan Architecture

We will plan our subnet CIDR blocks so that there are no overlapping IP addresses based on client specifications.

> A *subnet CIDR reservation* is a range of IPv4 or IPv6 addresses that you set aside so that AWS can't assign them to your network interfaces. This enables you to specify IPv4 or IPv6 prefixes for use with your network interfaces.

```plaintext
VPC Size: Small (2,046 Ip's)
Subnets:
  1024 IP address reserved (/22)	
  2 Public Subnets of 254 (/24) in two different AZ's.
  2 Private Subnets of 254 (/24) in two different AZ's.
Internet Gateway
NAT Gateway
Route Tables
```

The name of our project is **SmallProjectA** and we will utilize 10.20.0.0/21 (2048 ip addresses) as our CIDR block range.

Visual of our architecture

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1689093846002/06d8d4b6-d694-4c00-957c-bfc75b79b40d.png align="center")

Let's get started:

---

### Create VPC

> A *virtual private cloud* (VPC) is a virtual network dedicated to your AWS account. It is logically isolated from other virtual networks in the AWS Cloud. You can launch your AWS resources, such as Amazon EC2 instances, into your VPC.

* In the top left of the AWS Console click on search and enter VPC - Click VPC:
    
* In the Create VPC screen enter the following:
    
    * VPC Only, SmallProjectA, 10.20.0.0/21 Ipv4 CIDR
        
    * No Ipv6 CIDR and Default tenancy:
        
* Scroll to the bottom and click Create VPC:
    

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1689093962039/33da9123-c670-4bc3-b436-10a0cf293b1a.png align="center")

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1689093918722/7f608a9f-0340-4432-ab81-9f2bbb725c36.png align="center")

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1689093998038/4396d493-ea28-410b-ac89-1a12cc2bf746.png align="center")

---

### Create Subnets

> A *subnet* is a range of IP addresses in your VPC. You can launch AWS resources into a specified subnet. Use a public subnet for resources that must be connected to the Internet, and a private subnet for resources that won't be connected to the internet.

* In the left hand navigation pane of the VPC Dashboard, click Subnets.
    

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1689094014661/e8485f26-48e6-4431-8c00-6b3a61e49f85.png align="center")

* In the subnets dashboard, at the top right, click Create subnet:
    

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1689094026521/2c6c7616-0ccd-4a52-94a2-de62b3cf6e4c.png align="center")

* On the Create subnet screen, select the recently created SmallProjectA V
    
    PC:
    

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1689094050967/f435874a-8079-4b4b-a4aa-f488a85ae57e.png align="center")

* Once you select the SmallProjectA VPC, the Subnet settings screen will appear.
    
* Populate the fields to create Public Subnet 1, Public Subnet 2, Private Subnet 1 & Private Subnet 2.
    
* For the first Subnet Setting enter:
    
    * Public Subnet 1, us-east-2a & CIDR block 10.20.4.0/24
        
* Click Add Subnet:
    

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1689094092943/4982cc6e-2de1-483a-890a-4f3932356d4e.png align="center")

* For the second subnet setting:
    
    * Enter Public Subnet 2, us-east-2b & CIDR block 10.20.5.0/24
        
* Click Add new subnet:
    

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1689094110388/72d09ef9-82be-4c4e-ba0c-9ed33848d0f7.png align="center")

* For the third subnet setting:
    
    * Enter Private Subnet 1, us-east-2a & CIDR block 10.20.6.0/24
        
* Click Add new subnet:
    
* For the fourth subnet setting:
    
    * Enter Private Subnet 2, us-east-2b & CIDR block 10.20.7.0/24
        
* Click Create Subnet once completed:
    

---

### Create Internet Gateway

> An ***internet gateway*** enables resources in your public subnets (such as ***EC2*** instances) to connect to the internet if the resource has a public IPv4 address

* In the left-hand navigation pane of the VPC Dashboard click Internet Gateways:
    
* Click Create internet gateway in the proceeding screen at the top right.
    

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1689094204085/23598b9e-33d3-4f83-8f64-969bfa28ddb1.png align="center")

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1689094210350/b287ebc2-007e-48a8-b2fa-ae18baa85d3c.png align="center")

* In Create internet gateway
    
    * Enter SmallProjectInternetGateway as the name tag and select Create internet gateway:
        

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1689094227482/05d06306-a9f0-4ffc-9cfc-a93abf40a13b.png align="center")

* Once created, there will be a green banner at the top of the screen - Select Attach to a VPC:
    
    * Attach to SmallProjectA:
        

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1689094238929/133a74a3-c9cf-47dc-8bbc-8c76e0209ac7.png align="center")

### Create NAT Gateway & Elastic IP

> Instances in private subnets can connect to the internet through a public NAT gateway, but cannot receive unsolicited inbound connections from the internet. You create a public NAT gateway in a public subnet and **must associate an elastic IP address with the NAT gateway at creation**. You route traffic from the NAT gateway to the internet gateway for the VPC.

![](https://www.theawsdev.com/content/images/2022/11/image-18.png align="left")

* Before creating the NAT Gateway, we will allocate an Elastic IP.
    
* In the left-hand navigation pane of the VPC Dashboard, click Elastic IPs:
    

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1689094263632/c48b0c75-2a63-407a-86c8-946abdc4457b.png align="center")

* In the Elastic IP address dashboard, at the top right, click Allocate Elastic IP address:
    
* Allocate Elastic IP address via Amazon's pool of Ipv4 addresses and select Allocate:
    

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1689094293138/cf13902d-b1da-479e-94e8-d7afe0db8fa3.png align="center")

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1689094319486/f8a2bc0a-187f-4abc-bc61-54523f6cbf4b.png align="center")

* In the left-hand navigation pane of the VPC dashboard, click NAT gateways:
    

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1689094336430/794c174f-3d16-40f5-a5ae-077052f6f53f.png align="center")

* In the NAT Gateway dashboard, at the top right, click Create NAT Gateway:
    
* In the Create NAT gateway screen
    
    * Enter SmallProjectNATGateway as the name
        
    * Subnet: Public Subnet 1
        
    * Connectivity Type: Public
        
    * Elastic IP that we just generated
        

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1689094353986/db512e82-3115-4988-84de-5b68124492bb.png align="center")

* Click Create NAT Gateway
    

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1689094373326/353423db-9a31-4821-9c3d-46632b942399.png align="center")

---

### Configure Route Tables and Routes

> A route table contains a set of rules called routes which determine where traffic is directed.  Each subnet in a VPC must be associated with a route table.

In this section, we will create route tables and routes to the NAT gateway & Internet gateway and associate the Private & Public subnets respectively.

---

### Adding Route Table for Private Subnets

* In the left-hand navigation pane of the VPC dashboard, click Route Tables:
    

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1689094418820/9db5c741-cd02-4dee-9b64-a6893a87c65b.png align="center")

The Route tables dashboard will show all the Route tables in the current region.

* Select the default Route Table for SmallProjectA VPC
    
    * Edit the name of the default Route Table via the Pen icon to: Private Route Table:
        
    
    ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1689094450469/7ab747bc-0746-4614-8819-4722ec47adae.png align="center")
    
* With the Private route table selected, at the top right of the dashboard, click Actions &gt; Edit Routes:
    

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1689094478800/8657fe20-0a77-4c00-bdc8-bd53f3314825.png align="center")

* In Edit routes, select add route.
    
    * Enter destination 0.0.0.0/0
        
    * Targe: SmallProjectANATGateway
        
* Save changes:
    

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1689094487309/f44c996f-10bf-4dba-9878-b657d6ce1d76.png align="center")

* After saving changes, click the Subnet associations tab in the details section at the bottom of the Route tables dashboard (make sure private route table is selected) and select Edit subnet associations:
    
* Select both Private Subnet 1 and Private Subnet 2 and Save associations:
    

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1689094509593/580b359b-a075-4812-beeb-ad211d39f15d.png align="center")

---

### Adding Route Table for Public Subnets

We will now create the Route Tables so that our Public Subnets can access the Internet via the Internet Gateway:

* In left-hand navigation pane of the VPC Dashboard, click Route Tables:
    

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1689094567066/7102c58e-7978-4fc9-89f3-5f247af35831.png align="center")

At the top right of the Route Tables dashboard, click Create route table:

* Enter Public Route Table as the name
    
* Select SmallProjectA as the VPC
    
* Click Create route table:
    

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1689094627341/9ba302be-475b-4744-b1a9-9303793a4c48.png align="center")

* Ensure the newly created Public Route table is selected and in the details section at the bottom:
    
    * Click Subnet associations tab
        
    * Click edit Subnet associations:
        
* In Edit subnet associations
    
    * Select Public Subnet 1
        
    * Select Public Subnet 2
        

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1689094649728/79c0cae1-c435-44d0-ae6a-e19aa6f7d408.png align="center")

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1689094659858/b3bf70ba-2075-4515-9f58-af4cb114ef53.png align="center")

* Ensure the Public Route table is selected and select the Routes tab
    
    * Click Edit Routes:
        
* In Edit routes
    
    * Click Add route: enter 0.0.0.0/0
        
    * Target: SmallProjectInternetGateway
        

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1689094683710/8655e6d3-5589-4755-8467-24d61186e931.png align="center")

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1689094688064/fe40d286-05af-4dfe-8914-0d1b987ede89.png align="center")

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1689094713758/b3d78bf1-c71e-437b-bbc9-0aa7405910e2.png align="center")

We have accomplished creating a custom VPC that has public and private subnets, an internet gateway and NAT gateway with associated route tables/subnets!!

In part 2 of this series, we will configure our security to secure our network environment.  Till next time!