Virtual Private Cloud (VPC)
Before we deploy anything in AWS, we must always begin with a Custom VPC. Regardless if this is a personal project or a POC to be deployed, the default VPC must not be used.
To deploy a VPC, login to your AWS console and search for VPC. VPC or Virtual Private Cloud is your own isolated network in the cloud. We can think of this as an empty subdivision lot that has been purchased in a remote area.
Click on your VPCs and click on Create VPC. Enter your desired VPC name and a CIDR block of your choice. You can use the same CIDR block that I used in the screenshot below. Add tags if preferred and click on Create VPC.
Internet Gateway (IGW)
After creating your own private network in the cloud, it is time to put your Internet Gateway. Internet Gateway is a fully managed resource from AWS and would automatically adjust its capabilities based on your sent and received traffic. Let's think of an IGW as the main gate of our empty subdivision - serving as our entry/exit point for our potential residents.
You can create an Internet Gateway through the VPC Console. Head to the left panel and click on Internet Gateway.
After creating an Internet Gateway, do not forget to attach it to your VPC. It is also important to know that an IGW is free!
Subnet
Now that our VPC (empty lot) and IGW (main gate) are ready, it is time to create our subnivium's streets - our subnets! A subnet, or a subnetwork, is a logical subdivision of an IP network. In analogy, this is a block or a street filled with houses (EC2 instances - we'll get there). This project will use 2 subnets - our Public Subnet and our Database Subnet. To create a subnet, click on Subnets on the left pane on the VPC console and click on Create subnet. Select the VPC we created since subnets will reside inside the VPC (just like how streets reside in a subdivision).
After this, we can proceed on naming and assigning an IPv4 CIDR Block on our Subnets. You can assign the same blocks that I used.
This will create our Public Subnet. But remember that we need another subnet for our Database. Click on Add new subnet to add another one!
After creating our second subnet, click on Create subnet. You're done! We have now 2 subnets to house our EC2 and RDS instance. It is also important to note that Subnets are free of charge!
Route Table
We have our subdivision (VPC) with its gates for entrance/exit (IGW), as well as our streets (Subnets), but how can a potential buyer (traffic) know the directions inside this massive land? The answer is street signages, or in an AWS environment, Route Tables. Route Tables contain routes that will dictate where traffic will flow from subnets to other subnets or IGWs and NAT Gateways.
To create a Route Table, click on Route tables on the left panel of the VPC Console. Select Create route table and give it a name and the VPC where we will be deploying this.
After creating a Route Table, we now have to edit the routes to give it a list of "directions" to follow. On the Routes tab, click on Edit routes. Add a new route that will forward all traffic (0.0.0.0/0) to our IGW. This means that everything associated with this Route Table will be directly in contact with our Internet Gateway, hence making this a Public Route Table. Everything associated with this Route Table will be publicly accessible from external resources/traffic.
After saving the changes in our Public Route Table, edit the Subnet Associations and associate our previously created Public Subnet.
Next, we will be creating another Route Table, this time to direct the traffic from our Database Subnet. Since this Route Table will not have a route going to an IGW (thus not publicly accessible), this will be considered as a Private Route Table associated with a Private Subnet (Database Subnet).
Let's start by creating a new Route Table for our Database Subnet. For now, let us leave the routes as is, and just associate our Database Subnet with this route table. This is basically not yet functioning since it has no route entries.
Conclusion
This concludes our network deployment for our project. Do remember that the 4 resources we created/provisioned are free of charge and will not incur any unintended costs! To summarize our executed actions:
We created a VPC - which is our isolated network in the cloud. We can think of this as our newly open (and empty) subdivision.
We deployed an Internet Gateway (IGW) on our VPC. This will allow us to have internet access into and out of our VPC. This will act as the main gate or entrance/exit of our subdivision.
We created Subnets which are the logical division of our network. This is also VPC-related and will act as the street or block of our subdivision.
We created Route Tables which were heavily related and associated with Subnets. This acts as the street signages and will dictate where traffic will be flowing inside our environment.
What's Next?
The next part will be the most exciting one! We will be deploying our EC2 Instance, our RDS Instance running MySQL, and finally deploy the WordPress Website! Stay tuned!
Top comments (3)
Grateful for this runbook, McLovin! I noticed though that this post should be first in the series, then the deployment of wordpress on EC2. But other than that, this series is very useful and handy :D
Thank you! I am yet to create a post about WordPress on EC2 - hopefully tomorrow during the holiday.
Amazing!!!!!!!!!!!!!!!!!!!