How to create VPC

LAB : 1
Objective :- Inside VPC need to have private subnets in two different AZ’s. Where we will Launch Our
Ec2 instance. However as Instances inside private subnet can-not go to internet directly, we would be
launching ONE NAT instance in public subnet though which our private instance will be
communicating to the internet.
Step-1. Create a VPC of the range you desire.

Step-2. Click on subnets and create two private subnet in two different az and one public subnet in
any az.

Step-3. Create an Internet gateway and attached to your VPC 

Step-4. Attached it to your VPC

Step-5. Since we created all public and pivate subnet exacly in same manner, how we can enforce
which is public and which is pivate subnet ? ------------ >A public subnet would have route to
internet-gateway and pirvate subnet would not. Also, public subnet would have public IP on
instance (either auto assigned or elastic IP)

Step-6. We would need one route for public subnet which is connected to internet and one route
for private subnet which will be connected to nat-gateway

Step-7. By default when we created a VPC it has given, us one Route table which we will use for our
private subnet configuring its route to nat gateway

Step-8. And create a new route table having route to internet gateway and will attached it to public
subnet -- > go to routes tables → create routes

Step-9. Will go back to subnets in VPC configuration and find public subnet, we have created and
will changes it route table to the new one we have created, which has route to internet-
gateway

Step-10. Now, we will launch a NAT instance inside our public Subnet, once we get its ID, we will
configuring our private subnets route table.

Step-11. Configure NAT instance Security group to allow traffic from private subnet IP range on port
80 s

Step-12. Once your NAT instance will launch, you have to disable source/destination check.

Step-13. Copy the NAT instance id and configure the private route table as below

Step-14. Now, your pivate subnets have a route associates which goes to nat instance if traffic is
detined for internet (0.0.0.0/0) and public subnet has a route associated which goes to the IG
if traffic is destined for public15. SSh to your NAT instance (ssh -i ztoc.pem [email protected]) please note its user is ec2-
user

Step-15. Launch a instance in private subnet with keeping below setting in mind

Step-16. Go, to the private instance machine via this Nat instance (will server as your jump box), you
need to get your private key on the Nat Instance (jump box) simply copy and paste private
key content.
Step-17. And to try to apt-get update it will work. Break the route by removing the nat gateway from
route and try to apt-get update again it will not work