🌎Create a New VPC Connection

Introduction

What is VPC

Amazon Virtual Private Cloud (VPC) is a cloud service provided by Amazon Web Services (AWS) for creating and managing virtual networks in the AWS cloud environment. With Amazon VPC, you can logically isolate computing resources, such as virtual machines (Amazon EC2), and other services within a virtual network that is completely isolated from the internet or public network. The virtual network created is very similar to the traditional network you operate in an on-premises data center, with the benefit of using scalable AWS infrastructure.

Toppologi

Configuration AWS

Create a New VPC

Choose: VPC Only
Name tag : VPC-Jakarta
IPv4 CIDR : 10.10.0.0/16

Create Subnet

Public Subnet

#Public Subnet#
VPC ID : VPC-Jakarta
Subnet name : pub-subnet-jakarta
Availibility Zone : us-east-1a
IPv4 CIDR : 10.10.1.0/24

Private Subnet

#Private Subnet#
VPC ID : VPC-Jakarta
Subnet name : priv-subnet-jakarta
Availibility Zone : us-east-1a
IPv4 CIDR : 10.10.2.0/24

Edit Public Subnet

Enable auto-assign public IPv4 address : yes
Enable resource name DNS A record on launch : yes

Create Internet Gateway

Name tag : IGW-VPC-Jakarta
"Attach to VPC-Jakarta"

Create NAT Gateway

Name : NGW-VPC-Jakarta
Subnet : pub-subnet-jakarta
Connectivity type : Public

"Allocate Elastic IP"

Create Routes Table

Public Routes Tables

#Public Routes Table#
Name : pub-route-jakarta
VPC : VPC-Jakarta

Private Routes Tables

#Private Routes Table#
Name : priv-route-jakarta
VPC : VPC-Jakarta

Edit Routes Tables

Public Rotes Tables

#Public Routes Table#
10.10.0.0/16 : Local
0.0.0.0/0 : Internet Gateway

Private Routes Tables

#Private Routes Table#
10.10.0.0/16 : Local
0.0.0.0/0 : NAT Gateway

Edit Subnet Associations

#Public#
Explicit subnet associations : pub-subnet-jakarta

#Private#
Explicit subnet associations : priv-subnet-jakarta

Create Security Group

Bastion Host

Name : SG-BastionHost
VPC : VPC-Jakarta
Inbound Rules :
    - SSH | Any Where (IPv4)
Outbound Rules : 
    - All Trafic | Any Where (IPv4)

WebServer

Name : SG-WebServer
VPC : VPC-Jakarta
Inbound Rules :
    - SSH | Custom : SG-BastionHost
    - HTTP | Any Where (IPv4)
    - HTTPS | Any Where (IPv4)
Outbound Rules : 
    - All Trafic | Any Where (IPv4)

Database

Name : SG-DBServer
VPC : VPC-Jakarta
Inbound Rules :
    - SSH | Custom : SG-BastionHost
    - MySQL/Aurora | Custom : SG-WebServer
Outbound Rules : 
    - All Trafic | Any Where (IPv4)

Create EC2 Instance

Bastion Host

#Bastion Host#
Name : Bastion Host
OS : Ubuntu 22.04
Instance type : t2.micro
Key pair : vockey (.pem)
Network Setting : klik Edit
	VPC = VPC-Jakarta
	Subnet = pub-subnet-jakarta
	Auto-assign public IP : enable
	Security Group : SG-BastionHost
Storage / EBS : 8GB

WebServer

#WebServer#
Name & Tag : WebServer
OS : Debian 12
Instance type : t2.micro
Key pair : vockey (.pem)
Network Setting : klik Edit
	VPC = VPC-Jakarta
	Subnet = pub-subnet-jakarta
	Auto-assign public IP : enable
	Security Group : SG-WebServer
Storage / EBS : 10GB

Database

#Database#
Name & Tag : DBInstance
OS : Debian 12
Instance type : t2.micro
Key pair : vockey (.pem)
Network Setting : klik Edit
	VPC = VPC-Jakarta
	Subnet = priv-subnet-jakarta
	Auto-assign public IP : disable
	Security Group : SG-DBServer
Storage / EBS : 10GB
InstanceIP PublicIP Private

Bastion Host

3.82.107.26

10.10.1.198

Web Server

52.91.87.14

10.10.1.85

DBInstance

-

10.10.2.107

How to Connect SSH

  1. Open GitBash

  2. cd Downloads/

  3. ssh-agent bash

  4. ssh-add labsuser.pem

ssh -A -i labsuser ubuntu@<ip-addr-pub-bastion>

Jump SSH to WebServer/DBInstance

From Bastion-Host

ssh admin@<ip-addr-priv-webserver>
ssh admin@<ip-addr-priv-dbinstance>

Reference

PreviousAdd a New Host For Monitoring ZabbixNextWebsite Dynamic With PHP and MySQL Database

Last updated