EMAIL SUPPORT

dclessons@dclessons.com

LOCATION

NZ

LAB Configuring VPC

LAB Configuring VPC

Posted on Jan 17, 2020 (0)

LAB Configuring VPC

Once completing this exercise you can access the Amazon EC2 instance from Internet.

Task:

  • Create the VPC
  • Create a Security Group
  • Launch an Instance into Your VPC
  • Assign an Elastic IP Address to Your Instance
  • Clean Up

Step 1: Create the VPC

  • Creates a VPC with a /16 IPv4 CIDR block (a network with 65,536 private IP addresses).
  • Attaches an Internet gateway to the VPC
  • Creates a size /24 IPv4 subnet (a range of 256 private IP addresses) in the VPC.
  • Creates a custom route table, and associates it with your subnet, so that traffic can flow between the subnet and the Internet gateway.

Steps to be followed:

  • Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
  • In the navigation bar, on the top-right, take note of the region in which you'll be creating the VPC. Ensure that you continue working in the same region for the rest of this exercise, as you cannot launch an instance into your VPC from a different region.
  • In the navigation pane, choose VPC dashboard, and then choose Start VPC Wizard.

  • Choose the first option, VPC with a Single Public Subnet, and then choose Select.

  • On the configuration page, enter a name for your VPC in the VPC name field; for example, dclessons-vpc , and enter a name for your subnet in the Subnet name This helps you to identify the VPC and subnet in the Amazon VPC console after you've created them. For this exercise, you can leave the rest of the configuration settings on the page, and choose Create VPC.

You can also do the optional work  given below if you want or choose create VPC as discussed above.

  • The IPv4 CIDR block displays the IPv4 address range that you'll use for your VPC (0.0.0/16), and the Public subnet's IPv4 CIDR field displays the IPv4 address range you'll use for the subnet (10.0.0.0/24).
  • The Availability Zone list enables you to select the Availability Zone in which to create the subnet. You can leave No Preference to let AWS choose an Availability Zone for you.
  • In the Service endpoints section, you can select a subnet in which to create a VPC endpoint to Amazon S3 in the same region.
  • The Enable DNS hostnames option, when set to Yes, ensures that instances that are launched into your VPC receive a DNS hostname.
  • The Hardware tenancy option enables you to select whether instances launched into your VPC are run on shared or dedicated hardware. Selecting a dedicated tenancy incurs additional costs

  • The Your VPCs page displays your default VPC and the VPC that you just created. The VPC that you created is a non-default VPC, therefore the Default VPC column displays No.

Step 2: Create a Security Group

A security group acts as a virtual firewall to control the traffic for its associated instances. To use a security group, you add the inbound rules to control incoming traffic to the instance, and outbound rules to control the outgoing traffic from your instance. To associate a security group with an instance, you specify the security group when you launch the instance. If you add and remove rules from the security group, we apply those changes to the instances associated with the security group automatically.

Your VPC comes with a default security group. Any instance not associated with another security group during launch is associated with the default security group. In this exercise, you'll create a new security group, dclessons_WebServerSG, and specify this security group when you launch an instance into your VPC.

INBOUND RULE:

OUTBOUND RULE:

To create the dclessons_WebServerSG security group and add rules

  • Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
  • In the navigation pane, choose Security Groups.
  • Choose Create Security Group.

  • In the Group name field, enter dclessons_WebServerSG as the name of the security group, and provide a description. You can optionally use the Name tag field to create a tag for the security group with a key of Name and a value that you specify.
  • Select the ID of your VPC from the VPC menu, and then choose Yes, Create.
  • Select the dclessons_WebServerSGsecurity group that you just created (you can view its name in the Group Name column).

  • On the Inbound Rules tab, choose Edit and add rules for inbound traffic as follows, and then choose Save when you're done:

  • Select HTTP from the Type list, and enter 0.0.0.0/0 in the Source
  • Choose Add another rule, then select HTTPS from the Type list, and enter0.0.0.0/0 in the Source
  • Choose Add another rule. If you're launching a Linux instance, select SSH from the Type list, or if you're launching a Windows instance, select RDP from the Type Enter your network's public IP address range in the Source field. If you don't know this address range, you can use 0.0.0.0/0 for this exercise.

Step 3: Launch an Instance into Your VPC

When you launch an EC2 instance into a VPC, you must specify the subnet in which to launch the instance. In this case, you'll launch an instance into the public subnet of the VPC you created. You'll use the Amazon EC2 launch wizard in the Amazon EC2 console to launch your instance.

To launch an EC2 instance into a VPC

  • Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
  • In the navigation bar, on the top-right, ensure that you select the same region in which you created your VPC and security group.
  • From the dashboard, choose Launch Instance.
  • On the first page of the wizard, choose the AMI that you want to use. For this exercise, we recommend that you choose an Amazon Linux AMI or a Windows AMI.
  • On the Choose an Instance Type page, you can select the hardware configuration and size of the instance to launch. By default, the wizard selects the first available instance type based on the AMI you selected. You can leave the default selection, and then choose Next: Configure Instance Details.
  • On the Configure Instance Details page, select the VPC that you created from the Network list, and the subnet from the Subnet Leave the rest of the default settings, and go through the next pages of the wizard until you get to the Add Tags page.

  • On the Add Tags page, you can tag your instance with a Name tag; for example Name=dclessons_Webserver. This helps you to identify your instance in the Amazon EC2 console after you've launched it. Choose Next: Configure Security Group when you are done.
  • On the Configure Security Group page, the wizard automatically defines the launch-wizard-x security group to allow you to connect to your instance. Instead, choose the Select an existing security group option, select the dclessons_WebServerSG group that you created previously, and then choose Review and Launch.

  • On the Review Instance Launch page, check the details of your instance, and then choose Launch.
  • In the Select an existing key pair or create a new key pair dialog box, you can choose an existing key pair, or create a new one. If you create a new key pair, ensure that you download the file and store it in a secure location. You'll need the contents of the private key to connect to your instance after it's launched.
  • To launch your instance, select the acknowledgment check box, and then choose Launch Instances.
  • On the confirmation page, choose View Instances to view your instance on the Instances Select your instance, and view its details in the Description tab. The Private IPs field displays the private IP address that's assigned to your instance from the range of IP addresses in your subnet.

Step 4: Assign an Elastic IP Address to Your Instance

In the previous step, you launched your instance into a public subnet — a subnet that has a route to an Internet gateway. However, the instance in your subnet also needs a public IPv4 address to be able to communicate with the Internet. By default, an instance in a non-default VPC is not assigned a public IPv4 address. In this step, you'll allocate an Elastic IP address to your account, and then associate it with your instance.

To allocate and assign an Elastic IP address

  • Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
  • In the navigation pane, choose Elastic IPs.
  • Choose Allocate new address, and then Allocate.
    • Note If your account supports EC2-Classic, first choose VPC.

  • Select the Elastic IP address from the list, choose Actions, and then choose Associate Address.

  • For Resource type, ensure that Instance
  • is selected. Choose your instance from the Instance Choose Associate when you're done.

Now how to access the EC2 instance from internet, got to EC2 and follow the rules mentioned in how to connect to instance via RDP.

Your instance is now accessible from the Internet. You can connect to your instance through its Elastic IP address using RDP.

Step 5: Clean Up

To terminate your instance, release your Elastic IP address, and delete your VPC

  1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
  2. In the navigation pane, choose Instances.
  3. Select your instance, choose Actions, then Instance State, and then select Terminate.
  4. In the dialog box, expand the Release attached Elastic IPs section, and select the check box next to the Elastic IP address. Choose Yes, Terminate.
  5. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
  6. In the navigation pane, choose Your VPCs.
  7. Select the VPC, choose Actions, and then choose Delete VPC.
  8. When prompted for confirmation, choose Yes, Delete.

 


Comment

    You are will be the first.

LEAVE A COMMENT

Please login here to comment.