Dushyant Kumar's Blog
AWS PROJECT: Setup VPC with Public - Private Subnet in Production

AWS PROJECT: Setup VPC with Public - Private Subnet in Production

Dushyant Kumar's photo
Dushyant Kumar
·

6 min read

Table of contents

🌟Introduction

🔥 About the project:

✅ This example demonstrates how to create a VPC that you can use for servers in a production environment.

✅ To improve resiliency you deploy the server in two availability zones by using an auto scaling group and an application load balancer.

✅ For additional security you deploy the server in private subnets. The server receives requests through the load balancer.

✅ The server can connect to the internet by using a NAT gateway. To improve resiliency you deploy the NAT gateway in both availabilty zones.

✅ Run two Python servers to check how the load balancer redirects the traffic on both instances, these instances running in a private subnet.

🔥 Overview:

✅ The VPC has public subnets and private subnets in two availability zones.

✅ Each public subnet contains a NAT gateway and a load balancer node.

✅ The server run in the private subnet are launched and terminated by using an auto-scaling group and receive traffic from the load balancer.

✅ The servers can connect to the internet by using the NAT gateway.

🌟Follow these steps to perform this project

🔱TASK 1: Setup your VPC

✔Step 1: Go to AWS Console and search VPC

✔Step 2: Create VPC

✔Step 3: Go with PVC and more.

✔Step 4: Select no of AZ, Public-Private Subnet, Netgateway and VPC endpoint

✔Step 5: Preview your VPC Flow Diagram

✔Step 6: Your VPC Workflow

✔Step 7: Your VPC Final Output

🔱Task 2: Create Launch Template before AutoScaling Group

✔Step 1: Now click on EC2, and let's go for Auto Scaling group

✔Step 2: Create Launch Template for Auto Scaling group

You just have to mention what is the name of this launch template and after that give the same template version description about it.

✔Step 3: Select your OS image

Then scroll down to the application and os images (Amazon Machine Image) required and select Browse more AMIs and select Ubuntu.

✔Step 4: Select your Instance type and Key-pair

Then go to the instance type and select t2.micro free tier eligible. After that select the key pair (login) or you can create new pair.

✔Step 5: Select your Network settings

The next step is the networking setting there is a firewall (security group), select create a security group and provide the name of the security group and give a description.

✔Step 6: Create Security group rules

In the type section, we have to set up inbound security rules such as ssh and in the source type section select anywhere.

✔Step 7: Check your Launch Template

click on create launch template and finally, you check your launch template.

🔱Task 3: Create AutoScaling Group

✔Step 1: Now click on EC2, and let's go for Auto Scaling group

Click on Create an auto-scaling group

✔Step 2: Choose Launch Template for ASG

Go to the previous tab choose the launch template or configuration and give the name to the auto-scaling group and select the launch template that you just created after that click on next.

✔Step 3: Choose instance launch options

Select VPC, private subnet with availability zone.

✔Step 4: Configure Advanced options with a health check

✔Step 5: Configure group size and scaling policy

In the group size optional section select desired capacity 2 and maximum capacity 4.

✔Step 6: Check your ASG

✔Step 7: Two instances running

These two instances are running in a private subnet with a private ipv4 address.

🔱Task 4: Create Bastion/Jump (Server or Host) and Run Python Server on Private Subnet Instance -1

✔Step 1: Now launch a Bastion host

Select an instance type (t2.micro) and key-pair.

✔Step 2: Select your Network settings

The next step is the networking setting there is a firewall (security group), select create a security group and provide the name of the security group and give a description.

Select the vpc you create, a public subnet with an availability zone, enable auto-assign public IP, etc.

✔Step 3: SCP a private key of a private subnet instance

Use this command to copy a private key (ex key. pem) of a private subnet instance, and copy this private key to the bastion host/machine/server.

scp -i <path_with_bastion-host_key> <path_with_private-subnet-instance_key> user_name@<public-ip-bastion-host>:/home/ubuntu

✔Step 4: SSH Bastion Host/Server

ssh-i <path_with_bastion-host_key> user_name@<public-ip-bastion-host>

✔Step 5: SSH Private Subnet Instance

ssh-i <path_with_private-subnet-instance_key> user_name@<private-ip-private-subnet-instance>

✔Step 6: Checking Connectivity of Private Subnet Instance

✔Step 7: Setup Python HTTP Server

After that create a file in the terminal vim index.html and run the following command.

<!DOCTYPE html>
<html>
<body>

<h1>My MY AWS VPC Project in private subnet ap-south-1a</h1>

</body>
</html>

python3 -m http.server 8000

🔱Task 5: Create a Load Balancer

✔Step 1: Select which type of LB you want

Search ec2 and scroll down and select the load balancer. click on an application load balancer and click on create button.

✔Step 2: Enter basic configuration

After that in basic configuration go to the load balancer name and provide a name.

✔Step 3: Network Mapping

Go to the network mapping section and in that select the vpc that you have just created. Select both the availability zones it should be public.

✔Step 4: Add Security Group and Listeners

Go to the security groups section and select the security groups that you just created, listeners and routing section.

✔Step 5: Create a Target Group

Go to the target group name and provide a group name and select port 8000 with a health check.

In available instances and select two instances that you created do not select bastion-host instance.

✔Step 6: Check Target Group

✔Step 7: Check the Load Balancer

✔Step 8: Troubleshooting Listener Error

Go to the security group and click on the security group id.

✔Step 9: Solved Listener Error

✔Step 10: Access your Private Subnet Instances

Then copy this DNS name and search in your browser.

SERVER 1 OUTPUT

SERVER 2 OUTPUT

🔱Task 6: Setup Server 2 in Private Subnet (ap-south-1b)

Repeat TASK 4 (Create Bastion/Jump Server in the public subnet of ap-south-1b).

✔Step 1: SCP a private key of a private subnet instance

Use this command to copy a private key (ex key. pem) of a private subnet instance, and copy this private key to the bastion host/machine/server.

scp -i <path_with_bastion-host_key> <path_with_private-subnet-instance_key> user_name@<public-ip-bastion-host>:/home/ubuntu

✔Step 2: SSH Bastion Host/Server

ssh-i <path_with_bastion-host_key> user_name@<public-ip-bastion-host>

✔Step 3: SSH Private Subnet Instance

ssh-i <path_with_private-subnet-instance_key> user_name@<private-ip-private-subnet-instance>

✔Step 4: Checking Connectivity of Private Subnet Instance

✔Step 5: Setup Python HTTP Server

<!DOCTYPE html>
<html>
<body>

<h1>MY AWS VPC Project in private subnet ap-south-1b</h1>

</body>
</html>

python3 -m http.server 8000

🔱Checking Output of Both the Servers

\...................................................................................................................................................

The above information is up to my understanding. Suggestions are always welcome. Thanks for reading this article.😊

#cloud computing #aws #vpc #Devops #TrainWithShubham #90daysofdevopsc #happylearning

Follow for many such contents:

LinkedIn: linkedin.com/in/dushyant-kumar-dk

Blog: dushyantkumark.hashnode.dev

AWSvpcDevopsTrainWithShubham#90daysofdevops
Â