Explore
For Enterprise
Join for Free
Log In

Browse
Search
For Enterprise
Log In
Join for Free

Amazon Virtual Private Cloud (VPC) Part 1

Loading...

AWS Fundamentals: Going Cloud-Native

Amazon Web Services

4.7 (1,544 ratings) | 49K Students Enrolled

This course will introduce you to Amazon Web Services (AWS) core services and infrastructure. Through demonstrations you'll learn how to use and configure AWS services to deploy and host a cloud-native application. Early in the course, your AWS instructors will discuss how the AWS cloud infrastructure is built, walk you through Amazon Elastic Compute Cloud (Amazon EC2) and Amazon Lightsail compute services. They'll also introduce you to networking on AWS, including how to set up Amazon Virtual Public Cloud (VPC) and different cloud storage options, including Amazon Elastic Block Storage (EBS), Amazon Simple Storage Service (S3) and Amazon Elastic File Service (EFS). Later in the course you'll learn about AWS Database services, such as Amazon Relational Database Service (RDS) and Amazon DynomoDB. Your instructors will also walk you through how to monitor and scale you application on AWS using Amazon CloudWatch and Amazon EC2 Elastic Load Balancing (ELB) and Auto Scaling. Lastly, you'll learn about security on AWS, as well as how to manage costs when using the AWS cloud platform. In this course, you won't be required to complete hands-on exercises, but we strongly suggest you take advantage of the AWS Free Tier to follow along as the instructors demonstrate the AWS services. Class forums will also allow you to ask questions and interact with AWS training instructors. After completing this course, you'll have the basic fundamentals to get started on AWS. This course has been developed by AWS, and is delivered by AWS technical instructors who teach cloud computing courses around the globe.

Skills You'll Learn

Cloud Computing Security, AWS cloud, Cloud Storage, cloud networking, Cloud Computing

Reviews

4.7 (1,544 ratings)

5 stars
1,120 ratings
4 stars
344 ratings
3 stars
59 ratings
2 stars
11 ratings
1 star
10 ratings

DE

Jan 03, 2019

Good content and good detail for an overview course. There is enough information in theory and in practical configuration examples to provide a user with a real starting point.

MF

Aug 21, 2019

informative, well defined, very easy to understand, i would like to thank Amazon for designing this course really enhance the knowledge of the concerns.\n\nThank you\n\nFahar

From the lesson

Networking and Storage on AWS

In this Module you will learn about Networking and Storage on AWS.

Amazon Virtual Private Cloud (VPC) Part 110:54

Amazon Virtual Private Cloud (VPC) Part 212:26

Taught By

Allen Goldberg
Senior Technical Program Manager
Morgan Willis
Senior Technical Trainer
Blaine Sundrud
Senior Technical Trainer

Transcript

Welcome back, Blaine here. Today, we're going to start talking about networking on AWS and how the virtual private cloud, or VPC, is used to isolate your application from the millions, hundreds of millions of other applications all running on AWS as well. We're going to do it by showing you here on the board, as well as do some live demonstrations in a little bit, but I want us to understand what it is we're about to see before we get into technology itself. To understand VPC, we need to accept the fact that the point of VPC is to provide a frame, to provide a box that all of your application lives inside, and the idea is nothing comes in the box, nothing gets out of the box, without your specific permission, and whether you're filtering by network protocol, or port, or IP address, or by user or other information, you maintain complete control of all the assets inside your VPC. When you create a VPC, you also then divide the space inside the VPC into subnets. Now, in an on-premises world, subnets might be used to gather up servers or instances that need to talk quickly to each other. In the case of AWS, while you certainly could think of subnets the same way, from a functionality point of view, subnets are primarily used to determine access to gateways, to ingress/egress, as well as to isolate specific traffic that you don't want to talk to each other or do want to talk to each other. So, in this case, we've gone ahead, we can create a VPC, we create a subnet, and then when the time comes, we'll go ahead and launch an EC2 instance inside this subnet. I think we're just about ready to build it up to this point. To do that, I need help from my friend, Morgan. Are you ready, Morgan? Yes, I'm ready. You know, Morgan, this is an important lab. More than our other ones, I think we do this as a real lab. Are you ready for that? Does it look like I'm ready for a lab? Alright, now we're ready to do the lab. What we're going to build out in this lab, we're going to start by building out the VPC, and then we're going to build out the subnet, and we're going to keep adding more things as we go. To build the VPC, you only have to declare two specific things: what Region you're selecting, and remember we've already talked about the reasons why you might choose one Region over another, and then the IP range for the private IPs of everything that's going to run inside this VPC. Now, we're not going to go deep into what CIDR blocks are or why you might choose one IP range over another, those will be covered in different classes. But just in case you're interested, for this VPC, every private IP address in here we're going to set to start with 10.10, and then we're going to wildcard the last two octets or, in CIDR notation, we would call this 10.10.0.0/16. Once she makes the VPC, then Morgan's going to make the subnet. The subnet is a subset of the IP ranges for the VPC itself, and we're going to want more than just one subnet, so we're not going to use the full 10.10 and wildcard all of them, we're just going to wildcard the last octet. So, she's going to identify this as 10.10.1 and then wildcard only the last octet which, in IP CIDR notation, is a /24, meaning the first 24 bits are frozen. All right, Morgan, go ahead and build that out. Got it. All right. So we're going to hop into the console here and we're going to create one VPC with one subnet. So, if we're looking at the console, what we're going to do is go to VPC, click on this, and this brings us to our VPC dashboard. At this point, we can launch the VPC wizard, and we want to create a VPC with a single public subnet. We'll go ahead and click Select, and now we have to define our CIDR block or what Blaine defined as 10.10.0.0/16. So we're just going to go ahead and change this to be 10.10.0.0/16. We also have to give our VPC a name. This VPC is going to be used for our directory application. So, we're going to call this Directory VPC. Next, we have to give our public subnet a CIDR range. We define that as 10.10.1.0/24. The next thing we have to do is select an Availability Zone. You'll notice that we already are in the Oregon Region if you look up in the upper right-hand corner. So, I'm going go ahead and select us-west-2a, as my first Availability Zone. We'll leave the subnet name as Public subnet, and go ahead and just click Create VPC. We can now see that our VPC has been successfully created. Blaine, back to you. Great. Now, we're just about ready to go ahead and launch the EC2 instance in there, we've got one more thing we have to add to make all of this work, and that is you've got a VPC, but remember the VPC stops all traffic in and all traffic out, and if we're going to put a web server in there, well, that means nobody can talk to it. So, we have to add a gateway, and the gateway is called the internet gateway, or the IGW, the internet gateway. She's going to create the internet gateway, and attach it to the VPC and then she'll create a route table and associate that with the subnet, so that any communication that wants to talk to assets in this subnet, can come in and out of that IGW. Go ahead. All right, got it. So, what we're going to do now is we're going to create an internet gateway. We're going to create a route table, and then we're going to associate that route table with our public subnet. Again, this is going to allow our public subnet to accept traffic from the internet. So, if we look at the VPC dashboard again, the first thing we're going to do is create an internet gateway. Go to the left and select Internet Gateways. We already have some other things in here from previous projects, that's fine, we're going to go ahead and create a new one. So, we're going to say create internet gateway, and we're just going to give this a name. This is going to be our Directory Gateway, and then all we have to do is click Create. Now our internet gateway has been created, if we click Close, we'll come back to our main screen, and you can see we have a new Directory Gateway, and a state of it is detached. What we need to do is we need to attach this gateway to our directory VPC. So, select this, click Actions, and then click Attach to VPC. From here, we will select our directory VPC. We'll click Attach, and now, our directory gateway is attached to our VPC. What we need to do next is create a route table that allows that internet traffic to be routed to our public subnet. So, I'll go to the left and click Route Tables. From here, I will create a new route table. We'll give our route table a name, Public Route Table, and then we'll select our directory VPC, and then we'll click Create. All right. At this point, we can see our public route table has been created. We've selected it and down below, we can see we have one route in here that allows the local traffic. We need to edit this route table so we can allow public traffic from the internet. So, I'm going to select Edit. I'm going to edit this route table, add another route. This time I'm going to add a route for 0.0.0.0/0. This represents the traffic from the internet, and we will route that internet traffic to the directory gateway, which we created in our last step. From here, I'll click Save, and we're not done yet, we also have to associate this route table with our public subnet. So, I'll click on Subnet Associations and I will edit this, select our public subnet, and click Save. All right, simple enough. Now I've done everything manually here, but in a production environment, we would recommend that you do this programmatically. Blaine, what else do we got? All right, we're good. So, VPC we've got, subnet we've got, IGW we've got, and the IGW is now associated with this subnet. Now, all we have to do is launch the EC2 instance and we've seen that already. That's pretty simple. So, Morgan, when you're ready, go ahead and create an EC2 instance in the subnet. Right, Blaine, in the amount of time that you were talking, I already built out an EC2 instance, and I've already showed you guys how to do this. So, I'm just going to show you, I built out an EC2 instance. I'm going to click on Running Instances, we can see I already have it running, the status checks have passed. I'm just going to copy our public IP address and show you that we can get to our application. I've already populated our application with some data as well. All right, we're operational, our EC2 instances running. What else you got for me? There, we've seen it. She can now connect to it by going through the IGW. It's launched, we know what's happening, we have now completed the foundations of networking on AWS.

Explore our Catalog

Join for free and get personalized recommendations, updates and offers.

Coursera provides universal access to the world’s best education, partnering with top universities and organizations to offer courses online.

© 2019 Coursera Inc. All rights reserved.

Get it on Google Play

Coursera
About
Leadership
Careers
Catalog
Certificates
MasterTrack™ Certificates
Degrees
For Enterprise
For Government
For Campus

Community
Learners
Partners
Developers
Beta Testers
Translators

Connect
Blog
Facebook
LinkedIn
Twitter
Instagram
YouTube
Tech Blog

More
Terms
Privacy
Help
Accessibility
Press
Contact
Directory
Affiliates