Amazon Virtual Private Cloud (VPC) is a cloud service provided by Amazon Web Services (AWS) for creating and managing virtual networks in the AWS cloud environment. With Amazon VPC, you can logically isolate computing resources, such as virtual machines (Amazon EC2), and other services within a virtual network that is completely isolated from the internet or public network. The virtual network created is very similar to the traditional network you operate in an on-premises data center, with the benefit of using scalable AWS infrastructure.
Toppologi
Configuration AWS
Create a New VPC
Choose: VPC Only
Name tag : VPC-Jakarta
IPv4 CIDR : 10.10.0.0/16
Create Subnet
Public Subnet
#Public Subnet#
VPC ID : VPC-Jakarta
Subnet name : pub-subnet-jakarta
Availibility Zone : us-east-1a
IPv4 CIDR : 10.10.1.0/24
Private Subnet
#Private Subnet#
VPC ID : VPC-Jakarta
Subnet name : priv-subnet-jakarta
Availibility Zone : us-east-1a
IPv4 CIDR : 10.10.2.0/24
Edit Public Subnet
Enable auto-assign public IPv4 address : yes
Enable resource name DNS A record on launch : yes
Create Internet Gateway
Name tag : IGW-VPC-Jakarta
"Attach to VPC-Jakarta"
Create NAT Gateway
Name : NGW-VPC-Jakarta
Subnet : pub-subnet-jakarta
Connectivity type : Public
"Allocate Elastic IP"
Create Routes Table
Public Routes Tables
#Public Routes Table#
Name : pub-route-jakarta
VPC : VPC-Jakarta
Private Routes Tables
#Private Routes Table#
Name : priv-route-jakarta
VPC : VPC-Jakarta
Edit Routes Tables
Public Rotes Tables
#Public Routes Table#
10.10.0.0/16 : Local
0.0.0.0/0 : Internet Gateway
Private Routes Tables
#Private Routes Table#
10.10.0.0/16 : Local
0.0.0.0/0 : NAT Gateway
Name : SG-BastionHost
VPC : VPC-Jakarta
Inbound Rules :
- SSH | Any Where (IPv4)
Outbound Rules :
- All Trafic | Any Where (IPv4)
WebServer
Name : SG-WebServer
VPC : VPC-Jakarta
Inbound Rules :
- SSH | Custom : SG-BastionHost
- HTTP | Any Where (IPv4)
- HTTPS | Any Where (IPv4)
Outbound Rules :
- All Trafic | Any Where (IPv4)
Database
Name : SG-DBServer
VPC : VPC-Jakarta
Inbound Rules :
- SSH | Custom : SG-BastionHost
- MySQL/Aurora | Custom : SG-WebServer
Outbound Rules :
- All Trafic | Any Where (IPv4)
Create EC2 Instance
Bastion Host
#Bastion Host#
Name : Bastion Host
OS : Ubuntu 22.04
Instance type : t2.micro
Key pair : vockey (.pem)
Network Setting : klik Edit
VPC = VPC-Jakarta
Subnet = pub-subnet-jakarta
Auto-assign public IP : enable
Security Group : SG-BastionHost
Storage / EBS : 8GB
WebServer
#WebServer#
Name & Tag : WebServer
OS : Debian 12
Instance type : t2.micro
Key pair : vockey (.pem)
Network Setting : klik Edit
VPC = VPC-Jakarta
Subnet = pub-subnet-jakarta
Auto-assign public IP : enable
Security Group : SG-WebServer
Storage / EBS : 10GB
Database
#Database#
Name & Tag : DBInstance
OS : Debian 12
Instance type : t2.micro
Key pair : vockey (.pem)
Network Setting : klik Edit
VPC = VPC-Jakarta
Subnet = priv-subnet-jakarta
Auto-assign public IP : disable
Security Group : SG-DBServer
Storage / EBS : 10GB
