Practice

AWS Region

Let’s commence with a selection of the AWS region to operate in. In the top right corner of the AWS Management Console, you can choose a region. At this point, it does not really matter which region you choose (as discussed earlier, it may for your organisation). However, it is important to note that you will always only view resources launched in the currently selected region.

2. Elastic IP

The next step is the allocation of an elastic IP address. For that purpose, go into the AWS Management console, and find the VPC service. In the left menu bar, under the Virtual Private Cloud section, you should see the Elastic IPs link. There you can allocate a new address owned by yourself or from the pool of Amazon’s available addresses.

Figure 5

3. Availability Zone A Configuration

Next, let’s create our VPC and subnets. For now, we are going to set up only Availability Zone A and we will work on High Availability after the creation of the VPC. So go again into the VPC service dashboard and click the Launch VPC Wizard button. You will be taken to the screen where you can choose what kind of a VPC configuration you want Amazon to set you up with. In order to match our target architecture as closely as possible, we are going to choose VPC with Public and Private Subnets.

Figure 6

The next screen allows you to set up your VPC configuration details such as:

name,

CIDR block,

details of the subnets:

— name,

— IP address range,

— a subset of the VPC CIDR range,

— availability zone,

As shown in the architecture diagram (fig. 1), we need 4 subnets in 2 different availability zones. So let’s set our VPC CIDR to 10.0.0.0/22, and have our subnets as follows:

public-subnet-a: 10.0.0.0/24 (zone A)

private-subnet-a: 10.0.1.0/24 (zone A)

public-subnet-b: 10.0.2.0/24 (zone B)

private-subnet-b: 10.0.3.0/24 (zone B)

Set everything up as shown in figure 7.

Figure 7

The important aspects to note here are the choice of the same availability zone for public and private subnets, and the fact that Amazon will automatically set us up with a NAT gateway for which we just need to specify our previously allocated Elastic IP Address. Now, click the Create VPC button, and Amazon will configure your VPC.

4. NAT Gateway - AZ A

When the creation of the VPC is over, go to the NAT Gateways section, and you should see the gateway created for you by AWS. To make it more recognisable, let us edit its Name tag to nat-a.

Figure 8

5. Route Tables - AZ A

Amazon also configured Route Tables for your VPC. Go to the Route Tables section, and you should have there two route tables associated with your VPC. One of them is the main route table of your VPC, and the second one is currently associated with your public-subnet-a. We will modify that setting a bit.

First, select the main route table, go to the routes tab and click Edit routes. There are currently two entries. The first one means Any IP address referencing local VPC CIDR should resolve locally and we shouldn’t modify it. The second one is pointing to the NAT gateway, but we will change it to configure the Internet Gateway of our VPC in order to let outgoing traffic reach the outside world.

Figure 9

Next, go to the Subnet Associations tab and associate the main route table with public-subnet-a. You can also edit its Name tag to main-rt. Then, select the second route table associated with your VPC, edit its routes to route every outgoing Internet request to the nat-a gateway as shown in figure 10. Associate this route table with private-subnet-a and edit its Name tag to private-a-rt.

Figure 10

6. Availability Zone B Configuration

Well done, availability zone A is configured. In order to provide High Availability, we need to set everything up in the second availability zone as well. The first step is the creation of the subnets. Go again to a VPC dashboard in the AWS management console and in the left menu bar find the Subnets section. Now, click the Create subnet button and configure everything as shown in figures 11 and 12.

public subnet b

Figure 11

private subnet b

Figure 12

7. NAT Gateway - AZ B

For availability zone B we need to create the NAT gateway manually. For that, find the NAT Gateways section in the left menu bar of the VPC dashboard, and click Create NAT Gateway. Select public-subnet-b, allocate EIP and add a Name tag with value nat-b.

8. Route tables - AZ B

The last step is the configuration of the route tables for the subnets in availability zone B. For that, go to the Route Tables section again. Our public-subnet-b is going to have the same routing rules as the public-subnet-a, so let’s add a new association to our main-rt table for public-subnet-b. Then, click the Create route table button, name it private-b-rt, choose our VPC and click create. Next, select the newly created table, associate it with private-subnet-b, and Edit its routes by analogy with the private-a-rt table. The difference is that instead of directing every outside going request to nat-a gateway route it to nat-b (fig. 13).

Figure 13

In the end, you should have three route tables associated with your VPC as shown in figure 14.