Ketan's Blog
Creating VPC( Virtual Network) and setting up it's security groups and NACL

Creating VPC( Virtual Network) and setting up it's security groups and NACL

Ketan's photo
Ketan
·

3 min read

What is Amazon VPC?

Amazon Virtual Private Cloud (VPC) allows the users to use AWS resources in a virtual network. The users can customize their virtual networking environment as they like, such as selecting own IP address range, creating subnets, and configuring route tables and network gateways.

Now we will create VPC

  1. Login to your AWS console and search for VPC

  2. Click on create VPC and edit the VPC settings

  3. Resources to create: VPC and more

By selecting VPC and more AWS will create some default resources for you like public and private subnets, Route Tables and network connections

  1. IPv4 CIDR block is used to get the number of required IP addresses we want for our company keep it as default which will give you 65,536 IPs

  2. Number of Availability zones: 2

This is used to used to add different regions like us-east1a, us-east2b ,etc so that traffic can be divided easily but as it is a demo session we will keep it as two.

  1. You can choose Number of Private and public subnets as per your requirement

  2. Set rest of the things as default for now and click on create VPC

  3. Now you will all the configurations that will be happening while creating a VPC after that click on view VPC

Now we will create a new EC2 Instance because I want to place the EC2 Instance in the public subnet of the VPC and demonstrate security groups and Network ACLs as well.

  1. Search for EC2 Instance

  2. Give it a name, choose ubuntu as Amazon Machine image, and choose a key pair to securely login to your instance

  3. Now go to Network settings and click on Edit

  4. On the VPC section choose the VPC that you have been created just now

  5. Subnet section choose a public subnet of us-east1b region

  6. Enable auto-assign public IP

  7. Create security group

  8. Set rest of the things as default click on Launch instance

Now we will deploy a python application on our instance and play with security groups and NACL

For that first we will login into our EC2 Instance

ssh -i {key pair path} ubuntu@{public IP address of EC2 Instance}

Check if python3 install or not

python3

If it's installed you will see it's version as an output

Now we will run a server on port 8000

python3 -m http.server 8000

Now it is serving HTTP on port 8000

Go to your browser search for

http://{public IP address}:8000

You will not be able to access port 8000 as NACL is allowing all traffic to run on your instance but security groups are not allowing all traffic

Hence the first layer(NACL) of defence is clear but the last layer i.e security groups is making problem

Go to your EC2 Instance and then click on security

Now click on security groups , then click edit inbound rules

Click on Add rule, choose type as custom TCP and port as 8000 and source to be Anywhere-IPv4

Click on save rules and go to your browser this time you will be able to run port 8000

Now what if you have enabled port 8000 but your company strongly restricts port 8000 to be run on your organisation.

Hence in that case we will edit NACL to not allow port 8000 and also you can set up rule number which will define your priority to access ports

That's a wrap.....

AWSvpcTrainWithShubhamWeMakeDevs Abhishek Veeramalla