4.1 Create VPC (manual)

steps:-

Create subnet

IPV4-CIDR
192.168.0.0/16
192.168.0.0-192.168.255.255


CIDR of subnet
network-1
192.168.1.0-192.168.1.255
192.168.1.0/24

network-2
192.168.2.0-192.168.2.255
192.168.2.0/24

network-3
192.168.3.0-192.168.3.255
192.168.3.0/24

network-4
192.168.4.0-192.168.4.255
192.168.4.0/24

show all network :- here i change name(NETWORK->SUB-NETWORK)

Internet gateways:-

To connect our vpc to internet we need to attach with an internet gateway so our ec2 instance can communicate outside the VPC.

Attach to VPC

Route tables:-

Create EC2 instance with same vpc:-

create public and private subnet:-

create Route table(private):-

then go to :- "SUB-NETWORK-1-private" > Route table > Edit route table association

same steps follow with "SUB-NETWORK-3-private"

then go to ec2 instance those we created

now create an ec2 instance in private subnet because before we create it's in public subnet.

Now i have try to ssh private ec2 instance but itn't connnect because Route table not allow to connect outside the VPC. so inside the VPC both ec2 instance can communicate each other. ping <private_ip_add.> So generaly we store the database and sensitive data in our private server. and for public accessable thing store in the public subnet.

connect private subnet ec2 Bastion_host(jump_server) with public subnet ec2 :-

connect local to jump server(Bastion_host)

Now connect Bastion_host(jump) server to private subnet ec2:-

here we can see that our private ec2 successfully connect but can't run internet.

Access internet in Private Instance -

  1. using NAT Instance

  2. using NAT Gateway

  3. NAT Instance:- (generaly we don't use NAT instance because it's very handy to manage all things of instance)

What is NAT (Network Address Translation)? - Study CCNA

Attatch Elastic IPs to NAT instance :-

  1. using NAT gateways :-

NACL :-

A network access control list (NACL) is an optional layer of security for a VPC in Amazon Web Services (AWS). It acts as a firewall to control traffic in and out of one or more subnets

AWS Network Access Control List | AWS NACL | NACL

allow sg public instance:-

now try to another ping another ip address

VPC endpind:-

A VPC endpoint is a virtual device that allows a private connection between an Amazon VPC and AWS services and VPC endpoint services.