Scribd Logo
Carica

Benvenuto in Scribd!

  • VPC Lab

    Caricato da

    saketsj
    55 visualizzazioni4 pagine
    The document describes how to design and build a custom VPC from scratch in AWS including: 1. Creating a VPC with CIDR block 10.0.0.0/16 and subnets using CIDR blocks 10.0.0.0/24 through 10.0.10.0/24 across three availability zones. 2. Configuring private internet connectivity using NAT gateways in the public subnets and routing tables to direct traffic from the private subnets. 3. Testing the VPC security configuration by launching an app server in a private subnet, restricting its security group, and using network ACLs on the public subnets.

    Descrizione originale:

    Titolo originale

    VPC_lab.docx

    Copyright

    © © All Rights Reserved

    Formati disponibili

    DOCX, PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    The document describes how to design and build a custom VPC from scratch in AWS including: 1. Creating a VPC with CIDR block 10.0.0.0/16 and subnets using CIDR blocks 10.0.0.0/24 through 10.0.10.0/24 across three availability zones. 2. Configuring private internet connectivity using NAT gateways in the public subnets and routing tables to direct traffic from the private subnets. 3. Testing the VPC security configuration by launching an app server in a private subnet, restricting its security group, and using network ACLs on the public subnets.

    Copyright:

    © All Rights Reserved
    Scarica in formato DOCX, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    55 visualizzazioni4 pagine

    VPC Lab

    Caricato da

    saketsj
    The document describes how to design and build a custom VPC from scratch in AWS including: 1. Creating a VPC with CIDR block 10.0.0.0/16 and subnets using CIDR blocks 10.0.0.0/24 through 10.0.10.0/24 across three availability zones. 2. Configuring private internet connectivity using NAT gateways in the public subnets and routing tables to direct traffic from the private subnets. 3. Testing the VPC security configuration by launching an app server in a private subnet, restricting its security group, and using network ACLs on the public subnets.

    Copyright:

    © All Rights Reserved
    Scarica in formato DOCX, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 4

    Designing and Building a Custom VPC from Scratch

    Additional Information and Resources


    Log in to the live AWS environment using the provided credentials. Make sure you are
    in us-east-1 when you work in this environment.
    You will be creating a VPC using 10.0.0.0/16 and subnets using:

     10.0.0.0/24
     10.0.1.0/24
     10.0.2.0/24
     10.0.4.0/24
     10.0.5.0/24
     10.0.6.0/24
     10.0.8.0/24
     10.0.9.0/24
     10.0.10.0/24

    If you are using PuTTY to connect to EC2 instances, use these instructions.
    When using SSH Key Forwarding, you will need specific configuration for using PuTTY.
    You can find the subnetting calculator mentioned in video 2 here.

    Learning Objectives
    check_circleCreate VPC and Subnet Architecturekeyboard_arrow_up

    From the VPC console


    Create a VPC

    1. Select Your VPCs.


    2. Click Create VPC, and set the following values:
     labVPC
     10.0.0.0/16
     Amazon Provided IPv6 block
     Default Tenancy
    3. Click Create.

    Create Subnets
    Create a three-AZ, three-app tier subnet layout (leaving spaces for a fourth AZ and
    fourth tier).

    1. Select Subnets
    2. Click Create subnet
    3. Enter the following values in order for Name, VPC, Availability Zone, and IPv4 CIDR Block. Don't
    assign IPv6 block.
     publicA, labVPC, us-east-1a, 10.0.0.0/24
     publicB, labVPC, us-east-1b, 10.0.1.0/24
     publicC, labVPC, us-east-1c, 10.0.2.0/24
     Skip 10.0.3.0/24 as the reserved space for a fourth AZ public subnet
     privateA, labVPC, us-east-1a, 10.0.4.0/24
     privateB, labVPC, us-east-1b, 10.0.5.0/24
     privateC, labVPC, us-east-1c, 10.0.6.0/24
     Skip 10.0.7.0/24 as the reserved space for a fourth AZ private subnet
     dbA, labVPC, us-east-1a, 10.0.8.0/24
     dbB, labVPC, us-east-1b, 10.0.9.0/24
     dbC, labVPC, us-east-1c, 10.0.10.0/24
     Skip 10.0.11.0/24 as the reserved space for a fourth AZ db subnet

    10.0.12.0/24, 10.0.13.0/24, 10.0.14.0/24, and 10.0.15.0/24 can be used for the fourth
    tier in four AZs, but we won't create them for now.

    Learning Objectives
    check_circleCreate VPC and Subnet Architecturekeyboard_arrow_up

    From the VPC console


    Create a VPC

    1. Select Your VPCs.


    2. Click Create VPC, and set the following values:
     labVPC
     10.0.0.0/16
     Amazon Provided IPv6 block
     Default Tenancy
    3. Click Create.

    Create Subnets
    Create a three-AZ, three-app tier subnet layout (leaving spaces for a fourth AZ and
    fourth tier).

    1. Select Subnets
    2. Click Create subnet
    3. Enter the following values in order for Name, VPC, Availability Zone, and IPv4 CIDR Block. Don't
    assign IPv6 block.
     publicA, labVPC, us-east-1a, 10.0.0.0/24
     publicB, labVPC, us-east-1b, 10.0.1.0/24
     publicC, labVPC, us-east-1c, 10.0.2.0/24
     Skip 10.0.3.0/24 as the reserved space for a fourth AZ public subnet
     privateA, labVPC, us-east-1a, 10.0.4.0/24
     privateB, labVPC, us-east-1b, 10.0.5.0/24
     privateC, labVPC, us-east-1c, 10.0.6.0/24
     Skip 10.0.7.0/24 as the reserved space for a fourth AZ private subnet
     dbA, labVPC, us-east-1a, 10.0.8.0/24
     dbB, labVPC, us-east-1b, 10.0.9.0/24
     dbC, labVPC, us-east-1c, 10.0.10.0/24
     Skip 10.0.11.0/24 as the reserved space for a fourth AZ db subnet

    10.0.12.0/24, 10.0.13.0/24, 10.0.14.0/24, and 10.0.15.0/24 can be used for the fourth
    tier in four AZs, but we won't create them for now.

    eck_circleConfigure Private Internet Connectivity Using NAT Gatewaykeyboard_arrow_up

    From the VPC Console:


    Create the NAT Gateways

    1. Click NAT Gateways and then Create NAT Gateway.


    2. Set the subnet to publicA.
    3. Click Create New EIP and then Create a NAT Gateway.
    4. Click Close.
    5. Repeat the process for publicB and publicC for a total of three NAT gateways.
    6. Select each NAT gateway in turn, and make a note of the NAT Gateway ID and
    which public subnet it's in.

    Create Three Private Route Tables

    1. Click Route Tables.


    2. Click Create route table.
    3. Set the name as privateA-RT and VPC as labVPC.
    4. Click Create and then Close.
    5. Repeat for privateB-RT and privateC-RT.

    Route Table Associations


    Do the following for each route table in privateA-RT, privateB-RT, and privateC-RT.

    1. Select the Subnet Associations tab, click Edit subnet associations, select the db and
    private subnets in the same AZ.
     privateA-RT = privateA and dbA
    2. Click Save.
    3. On the same route table, click Routes, Edit routes, and Add route.
    4. Set the destination as 0.0.0.0/0, target as NAT Gateway, and select the NAT Gateway
    ID in the same AZ (in the list you made earlier).
    5. Click Close.
    6. Repeat these steps for each route table.

    Configure and Test VPC Security

    1. Create an App Server privateA using the same bastion vpclab key.
    2. Configure security group, only allowing incoming SSH from the bastion
    security group.
    3. Log in via SSH to the App Server.
    4. Create Network ACL.
    5. Set the name as Bastion NACL and the VPC as labVPC.
    6. Click Create.
    7. By default, it allows all traffic in and all traffic out.
    8. Associate it with publicA, publicB, and publicC.
    9. Add an explicit DENY for your IP.
    10. Remove the explicit DENY.

    Potrebbero piacerti anche