6.2 Create a Custom VPC Part 1

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
3 hours 27 minutes
Difficulty
Beginner
CEU/CPE
4
Video Transcription
00:00
In this video,
00:02
we will
00:03
create a custom VPC step by step
00:06
and we will test our V p c for reach ability.
00:12
Hello and welcome back to the course.
00:15
In our last video,
00:17
we defined what is a virtual private cloud or V p. C.
00:22
And we introduced the components of our default VPC.
00:26
In this video, we dive right in and create our first vpc from scratch.
00:33
After completing the next few videos,
00:35
you should be able to put all of the pieces together and hopefully really begin to solidify your understanding of AWS.
00:44
This is going to be a fun exercise, so let's get started.
00:48
So of course,
00:50
no architect builds anything without first creating the blueprints
00:55
here We have a logical diagram of our V p C that we will be creating.
00:59
We will remain within the same US East region that we have been using throughout the course.
01:06
We will create two sub nets.
01:07
One sub net will be a public or Internet facing sub net.
01:12
The second will be in a private sudden. It
01:15
we will create two e c two instances
01:19
and place one of them in the public sub net
01:22
and the other in the private.
01:23
We will also create two security groups,
01:26
a route table
01:29
and an Internet gateway.
01:32
We will also create a
01:33
network access control list and Nat Gateway.
01:38
We haven't discussed nap gateways yet, but essentially the Nat Gateway will permit out private Web server to update itself over the Internet. So stay tuned.
01:51
So let's log into the AWS console and type V P. C in the search bar
01:57
that will take us to the VPC dashboard,
02:01
then click VPC.
02:08
We should only have our default VPC available.
02:14
Let's click. Create VPC.
02:17
I will give the VPC the name of cyber ery and the score custom underscore VPC.
02:29
I will use the 10.0 dot 0.0 slash 16 cider
02:34
that gives us the most possible I P addresses.
02:44
I will select the Amazon I. P V six option
02:46
to provide us with the I. P V six addresses.
02:53
Tendency. You can leave as default. The other option is dedicated, which means
02:58
that we would have our own dedicated hardware which were very expensive,
03:01
then click create.
03:06
So now our custom VPC has been created,
03:08
but we still have a lot to configure
03:10
Quick, close
03:15
I like to filter on just our V p c to keep it clear.
03:25
So you see that r V P. C has been created
03:29
with the 10.0 dot 0.0 cider and a slash 16 17 mask.
03:34
Next we click sub nets.
03:42
We will create our public sub net first.
03:46
I like to name my tag to reflect the I P address and availability zone that it will reside in.
03:55
We attached the sub net to our custom VPC
04:02
availability zone will be us East dash one, eh?
04:15
And this will be the tin 0.0 dot Tenn 0.0 slash 24 7 it
04:25
Quick, create.
04:30
Now we see that our public sub net has been created.
04:32
I will filter in R V P C to clean the screen up some.
04:45
Now let's create our private sub net
04:47
Same process here, except this subject will be 10.0 dot 20.0 slash 24.
04:59
Attach it to our custom. VPC
05:02
and the availability zone will be
05:04
us dash east Dash one B
05:19
and now we see that are private sub net has been created.
05:28
We see that each sub net has 251 i p addresses available.
05:33
Next click Internet gateways
05:38
create Internet Gateway.
05:40
I will name this cyberia. I'm score custom on score VPC
05:48
Click create.
05:50
They will need to attach our gateway to our V P. C.
05:55
So under actions select
05:58
attached to V P. C.
06:00
Then select the only choice which is our custom. Vpc
06:05
quick attach
06:13
Now click route tables.
06:18
One route table was created by a WS for custom. Vpc.
06:23
It's called the main route table.
06:32
I will just the screen so that you could see the options below.
06:42
So the rallying table the AWS created for us is Internet facing.
06:46
This means that we could be potentially exposing our sub nets to the Internet.
06:50
Our design calls for us to only have the public sub net
06:55
Internet facing, so we will need to create a new route table
07:00
quick, create round table.
07:03
We will call this cyber and score custom on score a route on the score table
07:14
and attach it to our V P. C.
07:24
Now we need to create a new default route
07:27
that point to our Internet gateway.
07:31
So routes
07:32
then edit routes
07:36
we will add to default routes one for I P before
07:41
and the other for I. P V six
07:47
and our Internet gateway will be the target for both.
08:05
Then save the routes,
08:09
then click close.
08:11
Next, we will need to associate our public sub net with the default routes that point to our custom Internet gateway.
08:18
So
08:20
quick, the round table tab.
08:22
Then edit Route Table Association.
08:26
Let's select our custom Roundtable,
08:37
then save.
08:37
So
08:39
now our public submit should have Internet access.
08:45
One last thing.
08:48
Let's set it up so that our public I p automatically assigns a public i p address to any of the easy to instance
08:56
that we launch from within the public. Seven It
08:58
then save
09:13
everyone. Great job. So far,
09:15
we have already built major portions of our V P C to include the sub nets route table and Internet Gateway.
09:22
Let's take a break and return to part two of the lab.
09:24
We will launch our E C two instances and create our security groups
Up Next