Welcome back, Blaine here. Today, we're going to start talking about networking on AWS and how the virtual private cloud, or VPC, is used to isolate your application from the millions, hundreds of millions of other applications all running on AWS as well. We're going to do it by showing you here on the board, as well as do some live demonstrations in a little bit, but I want us to understand what it is we're about to see before we get into technology itself. To understand VPC, we need to accept the fact that the point of VPC is to provide a frame, to provide a box that all of your application lives inside, and the idea is nothing comes in the box, nothing gets out of the box, without your specific permission, and whether you're filtering by network protocol, or port, or IP address, or by user or other information, you maintain complete control of all the assets inside your VPC. When you create a VPC, you also then divide the space inside the VPC into subnets. Now, in an on-premises world, subnets might be used to gather up servers or instances that need to talk quickly to each other. In the case of AWS, while you certainly could think of subnets the same way, from a functionality point of view, subnets are primarily used to determine access to gateways, to ingress/egress, as well as to isolate specific traffic that you don't want to talk to each other or do want to talk to each other. So, in this case, we've gone ahead, we can create a VPC, we create a subnet, and then when the time comes, we'll go ahead and launch an EC2 instance inside this subnet. I think we're just about ready to build it up to this point. To do that, I need help from my friend, Morgan. Are you ready, Morgan? Yes, I'm ready. You know, Morgan, this is an important lab. More than our other ones, I think we do this as a real lab. Are you ready for that? Does it look like I'm ready for a lab? Alright, now we're ready to do the lab. What we're going to build out in this lab, we're going to start by building out the VPC, and then we're going to build out the subnet, and we're going to keep adding more things as we go. To build the VPC, you only have to declare two specific things: what Region you're selecting, and remember we've already talked about the reasons why you might choose one Region over another, and then the IP range for the private IPs of everything that's going to run inside this VPC. Now, we're not going to go deep into what CIDR blocks are or why you might choose one IP range over another, those will be covered in different classes. But just in case you're interested, for this VPC, every private IP address in here we're going to set to start with 10.10, and then we're going to wildcard the last two octets or, in CIDR notation, we would call this 10.10.0.0/16. Once she makes the VPC, then Morgan's going to make the subnet. The subnet is a subset of the IP ranges for the VPC itself, and we're going to want more than just one subnet, so we're not going to use the full 10.10 and wildcard all of them, we're just going to wildcard the last octet. So, she's going to identify this as 10.10.1 and then wildcard only the last octet which, in IP CIDR notation, is a /24, meaning the first 24 bits are frozen. All right, Morgan, go ahead and build that out. Got it. All right. So we're going to hop into the console here and we're going to create one VPC with one subnet. So, if we're looking at the console, what we're going to do is go to VPC, click on this, and this brings us to our VPC dashboard. At this point, we can launch the VPC wizard, and we want to create a VPC with a single public subnet. We'll go ahead and click Select, and now we have to define our CIDR block or what Blaine defined as 10.10.0.0/16. So we're just going to go ahead and change this to be 10.10.0.0/16. We also have to give our VPC a name. This VPC is going to be used for our directory application. So, we're going to call this Directory VPC. Next, we have to give our public subnet a CIDR range. We define that as 10.10.1.0/24. The next thing we have to do is select an Availability Zone. You'll notice that we already are in the Oregon Region if you look up in the upper right-hand corner. So, I'm going go ahead and select us-west-2a, as my first Availability Zone. We'll leave the subnet name as Public subnet, and go ahead and just click Create VPC. We can now see that our VPC has been successfully created. Blaine, back to you. Great. Now, we're just about ready to go ahead and launch the EC2 instance in there, we've got one more thing we have to add to make all of this work, and that is you've got a VPC, but remember the VPC stops all traffic in and all traffic out, and if we're going to put a web server in there, well, that means nobody can talk to it. So, we have to add a gateway, and the gateway is called the internet gateway, or the IGW, the internet gateway. She's going to create the internet gateway, and attach it to the VPC and then she'll create a route table and associate that with the subnet, so that any communication that wants to talk to assets in this subnet, can come in and out of that IGW. Go ahead. All right, got it. So, what we're going to do now is we're going to create an internet gateway. We're going to create a route table, and then we're going to associate that route table with our public subnet. Again, this is going to allow our public subnet to accept traffic from the internet. So, if we look at the VPC dashboard again, the first thing we're going to do is create an internet gateway. Go to the left and select Internet Gateways. We already have some other things in here from previous projects, that's fine, we're going to go ahead and create a new one. So, we're going to say create internet gateway, and we're just going to give this a name. This is going to be our Directory Gateway, and then all we have to do is click Create. Now our internet gateway has been created, if we click Close, we'll come back to our main screen, and you can see we have a new Directory Gateway, and a state of it is detached. What we need to do is we need to attach this gateway to our directory VPC. So, select this, click Actions, and then click Attach to VPC. From here, we will select our directory VPC. We'll click Attach, and now, our directory gateway is attached to our VPC. What we need to do next is create a route table that allows that internet traffic to be routed to our public subnet. So, I'll go to the left and click Route Tables. From here, I will create a new route table. We'll give our route table a name, Public Route Table, and then we'll select our directory VPC, and then we'll click Create. All right. At this point, we can see our public route table has been created. We've selected it and down below, we can see we have one route in here that allows the local traffic. We need to edit this route table so we can allow public traffic from the internet. So, I'm going to select Edit. I'm going to edit this route table, add another route. This time I'm going to add a route for 0.0.0.0/0. This represents the traffic from the internet, and we will route that internet traffic to the directory gateway, which we created in our last step. From here, I'll click Save, and we're not done yet, we also have to associate this route table with our public subnet. So, I'll click on Subnet Associations and I will edit this, select our public subnet, and click Save. All right, simple enough. Now I've done everything manually here, but in a production environment, we would recommend that you do this programmatically. Blaine, what else do we got? All right, we're good. So, VPC we've got, subnet we've got, IGW we've got, and the IGW is now associated with this subnet. Now, all we have to do is launch the EC2 instance and we've seen that already. That's pretty simple. So, Morgan, when you're ready, go ahead and create an EC2 instance in the subnet. Right, Blaine, in the amount of time that you were talking, I already built out an EC2 instance, and I've already showed you guys how to do this. So, I'm just going to show you, I built out an EC2 instance. I'm going to click on Running Instances, we can see I already have it running, the status checks have passed. I'm just going to copy our public IP address and show you that we can get to our application. I've already populated our application with some data as well. All right, we're operational, our EC2 instances running. What else you got for me? There, we've seen it. She can now connect to it by going through the IGW. It's launched, we know what's happening, we have now completed the foundations of networking on AWS.