Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
10.0.0.0/24
10.0.1.0/24
10.0.2.0/24
10.0.4.0/24
10.0.5.0/24
10.0.6.0/24
10.0.8.0/24
10.0.9.0/24
10.0.10.0/24
If you are using PuTTY to connect to EC2 instances, use these instructions.
When using SSH Key Forwarding, you will need specific configuration for using PuTTY.
You can find the subnetting calculator mentioned in video 2 here.
Learning Objectives
check_circleCreate VPC and Subnet Architecturekeyboard_arrow_up
Create Subnets
Create a three-AZ, three-app tier subnet layout (leaving spaces for a fourth AZ and
fourth tier).
1. Select Subnets
2. Click Create subnet
3. Enter the following values in order for Name, VPC, Availability Zone, and IPv4 CIDR Block. Don't
assign IPv6 block.
publicA, labVPC, us-east-1a, 10.0.0.0/24
publicB, labVPC, us-east-1b, 10.0.1.0/24
publicC, labVPC, us-east-1c, 10.0.2.0/24
Skip 10.0.3.0/24 as the reserved space for a fourth AZ public subnet
privateA, labVPC, us-east-1a, 10.0.4.0/24
privateB, labVPC, us-east-1b, 10.0.5.0/24
privateC, labVPC, us-east-1c, 10.0.6.0/24
Skip 10.0.7.0/24 as the reserved space for a fourth AZ private subnet
dbA, labVPC, us-east-1a, 10.0.8.0/24
dbB, labVPC, us-east-1b, 10.0.9.0/24
dbC, labVPC, us-east-1c, 10.0.10.0/24
Skip 10.0.11.0/24 as the reserved space for a fourth AZ db subnet
10.0.12.0/24, 10.0.13.0/24, 10.0.14.0/24, and 10.0.15.0/24 can be used for the fourth
tier in four AZs, but we won't create them for now.
Learning Objectives
check_circleCreate VPC and Subnet Architecturekeyboard_arrow_up
Create Subnets
Create a three-AZ, three-app tier subnet layout (leaving spaces for a fourth AZ and
fourth tier).
1. Select Subnets
2. Click Create subnet
3. Enter the following values in order for Name, VPC, Availability Zone, and IPv4 CIDR Block. Don't
assign IPv6 block.
publicA, labVPC, us-east-1a, 10.0.0.0/24
publicB, labVPC, us-east-1b, 10.0.1.0/24
publicC, labVPC, us-east-1c, 10.0.2.0/24
Skip 10.0.3.0/24 as the reserved space for a fourth AZ public subnet
privateA, labVPC, us-east-1a, 10.0.4.0/24
privateB, labVPC, us-east-1b, 10.0.5.0/24
privateC, labVPC, us-east-1c, 10.0.6.0/24
Skip 10.0.7.0/24 as the reserved space for a fourth AZ private subnet
dbA, labVPC, us-east-1a, 10.0.8.0/24
dbB, labVPC, us-east-1b, 10.0.9.0/24
dbC, labVPC, us-east-1c, 10.0.10.0/24
Skip 10.0.11.0/24 as the reserved space for a fourth AZ db subnet
10.0.12.0/24, 10.0.13.0/24, 10.0.14.0/24, and 10.0.15.0/24 can be used for the fourth
tier in four AZs, but we won't create them for now.
1. Select the Subnet Associations tab, click Edit subnet associations, select the db and
private subnets in the same AZ.
privateA-RT = privateA and dbA
2. Click Save.
3. On the same route table, click Routes, Edit routes, and Add route.
4. Set the destination as 0.0.0.0/0, target as NAT Gateway, and select the NAT Gateway
ID in the same AZ (in the list you made earlier).
5. Click Close.
6. Repeat these steps for each route table.
1. Create an App Server privateA using the same bastion vpclab key.
2. Configure security group, only allowing incoming SSH from the bastion
security group.
3. Log in via SSH to the App Server.
4. Create Network ACL.
5. Set the name as Bastion NACL and the VPC as labVPC.
6. Click Create.
7. By default, it allows all traffic in and all traffic out.
8. Associate it with publicA, publicB, and publicC.
9. Add an explicit DENY for your IP.
10. Remove the explicit DENY.