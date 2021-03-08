- [Instructor] Hello everyone. In this video we are going to create a VPC, create four subnets, create a route table for the public subnets, and then we will attach an internet gateway to the VPC and then relaunch the employee directory application in the new VPC. So you can first see that I am in the VPC dashboard here, and I'm going to click on Create VPC. Now I want to select, this is a wizard that's going to help you create your VPCs, your subnets, things like that. I'm gonna create just the VPC for now. So I'm gonna select VPC only, and then I'm gonna give this VPC a name. Let's call it app-vpc. And then I want to enter in the CIDR range for this VPC. So to do that, I'm going to give the CIDR range to be 10.1.0.0/16. And then I'm going to scroll down and click Create VPC. Now we have our VPC, the next thing that I want to do is to create the subnets. So now I'm gonna select the subnets on the left-hand navigation and then I'm gonna click Create subnet. And then we'll select a VPC for this. And we will select the VPC we just created, app-vpc. And now for our first subnet. We'll give this a name, Public Subnet 1. And then we'll select the availability zone which will be us-west-2a. And then we'll give this a CIDR range which is gonna be 10.1.1.0/24. And then we can go ahead and add our next subnet. So we're gonna have a public and a private subnet in each availability zone. So we'll create our private one next. So Private Subnet 1, availability zone, same one us-west-2a. And then providing the CIDR range, we'll say this is 10.1.2.0/24. And now we can add our subnets into the other availability zone. So this one is gonna be Public Subnet 2. And let's say this time, we wanna put it in us-west-2b. And then for the subnet range we can say 10.1.3.0/24. And then finally we'll create one more subnet which will be our Private Subnet 2. And then selecting the availability zone we'll say is us-west-2b, and we'll give this the CIDR range of 10.1.4.0/24. So you can see that we have, if I scroll back up to the top, you can see we have four different subnets being created with non-overlapping CIDR ranges. All of those CIDR ranges being a subset of the CIDR range that we created for our VPC. So we have 10.1.1.0, 10.1.2.0, 10.1.3.0 and 10.1.4.0. All right, now we can go ahead and click Create subnet and that will create all four. All right, so now we have four subnets, Public Subnet 1 and 2, and Private Subnet 1 and 2. Next what I wanna do is create an internet gateway. So I will select internet gateways in a left-hand navigation and then click Create internet gateway. We'll give this a name. Let's say it's app-igw and then click Create internet gateway. Then we can go back to the internet gateways page where we can view all of our internet gateways. We currently have one internet gateway attached to our default VPC. What we wanna do is select the new internet gateway that we just created, and we want to attach this to a VPC. And then we'll select our app VPC and then click Attach to internet gateway. For internet gateways and one internet gateway can only ever be attached to one VPC. So it's a one-to-one relationship there. All right, next what we need to do is configure our route tables. So to do that I'm going to click route tables in the left-hand navigation. And you can see that we have two route tables already. We have the main route tables for both of our VPCs, our default VPC, and our app-vpc, which we can scroll to the right and expand this and read that VPC. There's for our app-vpc. So now scrolling back over, I'm going to click create route table and then we'll give this route table a name. We'll save public-route-table. And then I want to associate this with our app-vpc and then click Create route table. So now we have a route table that's been created but we want to now add a route that will allow any subnet that has this route table associated with it. We want to add a route that will allow traffic from the internet, 0.0.0.0/0. To where? The internet gateway. And the internet gateway we wanna choose the one that we just created and then we'll click Save changes. Now, scrolling back down, we are not done yet. Now what we have to do is associate these subnets with this route table. So I'll click Subnet associations and then scrolling down, we can see we currently have this associated with no subnets. I'm gonna click Edit subnet associations and then I'm gonna select our first two public subnets only. So there's nothing inherently about a subnet that makes it public or private. The only thing that makes it public or private is whether or not it has a route table association that includes a route from that subnet to the internet gateway. All right, so we'll go ahead and click Save associations here. And then we can scroll back down, click on the subnet association's tab, and we can now see that we have our two public subnets associated with this route table. And then again, reviewing the routes, clicking back on the routes tab. We can see we have our local route and we have our route to the internet through the internet gateway. So now the last step here is let's go ahead and relaunch our employee directory application. So I'm gonna navigate over to the EC2 console. And then from here I'm gonna click on the instances link, which we can see that we have our employee directory application still running. And if I select this, I can scroll down and I can see where this is running, which is our default VPC. So what I'm gonna do is I'm gonna keep this checked and then I'm gonna select actions and then Image and templates. And then I wanna select Launch more like this. And what this does is it brings you to a page that has a lot of the configurations for that original instance prepopulated over here, so you don't have to go through and reselect all of the configurations. So we can see that we have Employee Directory App prepopulated. I'm gonna just gonna go ahead and call this Employee Directory App 2. We can see we have the Linux 2 AMI selected here and we also have out t2.micro selected. For the key pair, we do have to select that we want to proceed without a key pair again. And then here under network settings this is where we're gonna make most of our changes. We're going to select the new app-vpc that we just created, and then we're going to select what public subnet we want to launch into, Public Subnet 1 or Public Subnet 2. We're gonna go ahead and select Public Subnet 1. And then we're also ensuring that this auto-assigned public IP is set to enable which it is. Now scrolling down, you can see that we can select our security group. Currently we have the security group that was created previously associated with this instance and it's giving us an error saying that we can't use the security group with this subnet. That's because the security group is tied to the VPC. So we need to create a new security group that will be associated with this new VPC, not the default VPC. So what we wanna do here is click Create security group and then we will leave the default for the name and we'll do the same thing that we did when we created our original security group, which is we want to allow both HTTP traffic on port 80 from the internet and adding a second rule, we want to allow HTTPS traffic on port 443 from anywhere. Now scrolling down, we can scroll down to the advanced details and expand this here. We can see that the role has been prepopulated, so that's great. And then if we scroll down some more, let's take a look at that user data. We can see that this also is prepopulated. So now we can click Launch instance. We can click on the instance ID, see that this is in the pending state. And so now we'll wait a few minutes and come back and try to access it through this public IP address. And if we can access it, that means that all of our network configurations were configured correctly. Okay, so now we are back and we can see that the instances in the running state. If we copy this IP address and then I'm going to paste it into a new tab off screen, drag this tab over, we can see that we can now access the Employee Directory application at the IP address of the new instance that was launched into our new app-vpc.