Open in app

Sign in

Write

Sign in

How to set-up a customVPC for your AWS project and Deploy EC2 instances with Private and Public Subnets

GABRIEL OKOM
10 min readApr 19, 2024

--

How to Deploy an AWS EC2 Instances with a custom VPC

This project is aimed at showing how to use Virtual Private Cloud to deploy an EC2 instance, it focuses more on the networking aspect of the deployment as it is an essential criteria in cloud computing. A VPC generally helps to secure your resources by keeping them within a secured network space.

A VPC is completely private, great for security but terrible for your web application, so it is imporant to understand its concept well enough to enable DevOps Engineer manage their application deployments.

Brief Steps Overview

  1. Create a VPC
  2. Create a public and private subnet
  3. Create a security group for http and ssh open ports
  4. create internet gateway > attach it to the vpc > create a route table > edit the route table and create a new route to allow all traffic, then attach the “route table” to the public gateway > go to subnets, edit the route table association from the default to the newly created public subnet
  5. Create an EC2 instance

Some Tools and Services used in this project > EC2 instance, Internet Gateway, Network Security Group, Route Table, VPC etc

Step 1: Create a VPC

To create the VPC; search on the console search for VPC > type in the name of your VPC > choose an IPv4 CIDR block of “10.1.0.0/16”. This VPC will be used when creating our Network Security Group (NSG) and EC2 instances for kubernetes, all our resources MUST fall within this IP range.

We now create the public subnet: type in anyname for the public subnet > select your VPC CIDR block range > type in your subnet IP range (Note: Make sure it is within your VPC IP range) > Leave everything as default

To create the Private Subnet: we repeat the same process above. > Click on “Create Subnet”

Step 2: Create a Network Security Group with open ports

Open ports allows us to access our services; In networking, an NSG (Network Security Group) is a security feature commonly used in cloud environments like Azure or AWS. NSGs act as a virtual firewall, allowing you to control inbound and outbound traffic to and from virtual machines, subnets, or other resources within your network.

From the left menu pane, click on “security groups” > Create security groups > type in the name of your NSG > Type in a description for your NSG > From the drop-down select your VPC

In most cases, your “inbound rule” section should be empty; go ahead and create some rules.

We will be creating specific rules that allows such inbound traffic as shown below. In the “Source section” select the “Anywhere ipv4” to allow all traffic from all IPs (0.0.0.0/0) in our public subnet.

Step 3: Create an Internet Gateway:

In a simple term; an internet gateway as its name implies helps to provide access to the internet. When we create an EC2 instance, although the pors are open we will still not be able to access it from our own computer or anywhere except its ports are exposed to the internet; this is the job of the Internet Gateway.

in the left pane menu; click on “internet gateways” > Click on “create internet gateway” > type in a name in the “name tag” section > leave everything else in default and click create

Now that we have created our internet gateway, we need to tell it which IP range it should look out. to do this…

Click on the newly internet gateway > in the “Actions” button drop-down menu > Click on “Attach to VPC”

When this is done, click on the menu to select your VPC > Click “Attach”

Confirm if it has been attached by checking its state

Step 4: Create a Route Table

After creating a Network Security Group (NSG), you still need to create and configure a routing table in your network infrastructure. While NSGs primarily focus on filtering traffic based on network security rules (such as allowing or denying traffic based on source or destination IP addresses, ports, or protocols), routing tables handle the actual routing of network traffic within your network. Its primary purpose is to determine the best path for forwarding network traffic

In the left pane menu, click on “route tables” > click on “create route table” > type in a name > select your VPC from the menu > then; Create.

The route table helps to determine the best path to forward our traffic, to do this we need to tell it the paths we have available which is the “private and public subnets” we created earlier. To do this, first we need to expose it to the internet by attaching the route table to the “internet gateway” we have created. Secondly, we tell it which of the subnets we want to expose to the internet which is the “public subnet”.

a. in the left pane menu, click on route table > click on “Routes” > then click on “Edit routes”.

In the edit route page > click on “Add route” > Add a destination IP range of 0.0.0.0/0 > Select the “internet gateway” created earlier as shown > Save the changes

b. Click on subnets > click on the “public subnet” > scroll down; click on “route table” > then “Edit route table association”

In the “Edit route table association” page > select the route table created earlier > then, Save (this exposes any resources within the public IP range to the internet, we can then be able to access this resources from our own machine.)

Step 5: Create an EC2 Instance

We will be creating two (2) EC2 instances with a Master and Worker Node using an Ubuntu base image, the size and volume will be slightly high to accomodate a kubernetes installation. The reason for this, is to setup the next kubernetes project which I will be posting shortly. Please feel free to use a smaller size, instance type and instance number here if you are following up. If you are here from the kubernetes project, then continue with the same configuration.

To launch an EC2 instance, search for “EC2” in the AWS console > click on launch instance.

In the “Names and Tags” section; type in the name of the instance and the number of instances to be deployed which is “2”.

In the “Application and OS Image” section; select the “ubuntu” as the base OS > in the drop down menu for AMI, select the “20.04 LTS” volume type, as shown below.

for the Machine image (AMI), click the drop down menu and select the “Ubuntu Server 20.04 LTS”. Optionally, you can leave the architecture to its default 64-bit(x86).

In the instance type; select the “t2 medium” with 4gb memory.

Create a key-pair, we need this key to be able to login to our machine.

Type in the key details as preffered.

After creating the key > Save this key in any location in your host machine.

In the network settings; Click on “Edit” > enable pubic IP settings > click on “Select existing security group” > in the drop down menu choose the NSG created earlier in “Step 1”

Our public subnet should be selected by default, if not select it > select the vpc created earlier > leave every other thing as default and create it

Finally; In “Configure storage” type in the value “20”. This will give our kubernetes cluster the minimum required 20gb storage > Click “Launch Instance” to deploy the k8s cluster.

Click on “instances” to confirm the machine state. Below, we have 2 (two) running EC2 instance.

Rename the instances. to “k8s-master” and “k8s-Worker”. You can use “k8s-Slave” depending on your preferrence.

After the rename, I will be using an app named “MobaXterm” to gain access into the instances

Step 6: SSH into the instance

You can use any of your preffered method to gain access to the instances, we will be using “MobaXterm”. It can be downloaded by clicking here . You can also use “puTTy”, git bash or a

copy the “public ip address” of the “k8s-Master” by clicking on the instance id > create a new session in your newly installed MobaXterm app. > click SSH > in “remote host” paste the ip address of the “k8s-master” > check the box and insert the “username” to be used by the machine; type “ubuntu” in the given field > click on “advanced ssh settings” ; in “private key” field import your “key-pair” which was downloaded during the creation of our EC2 instance. > Leave everythin as default and click “ok” to launch the instance.

(the gif below shows you how to get this done, meanwhile; make sure to copy the public ip address of the instance and not its private ip address)

Right click on the “k8s-master” and select “duplicate session”; change the ip address to that of the “k8s-worker”. or (repeat the previous step to create a new session and import the keys to the k8s-worker).

You can right click on the instances; to edit their names.

We should now have our two (2) sessions of the instances ready as shown.

Install Nginx on the instance and test it

Click on the “k8s-Master” > create a folder for the script > move into the folder

mkdir nginx_script   #creates the folder   
cd nginx_script      #move into the folder

We will be making use of scripting to install “nginx”; to do this we first need to open an editor and write the script inside it. The name of our script will be named “nginx-script.sh”.

vi nginx-script.sh  #opens an editor and names the file "nginx-script.sh"

Type in the below script

#!/bin/bash

# Update package index
sudo apt update

# Install Nginx
sudo apt install -y nginx

# Start Nginx service
sudo systemctl start nginx

# Enable Nginx to start on boot
sudo systemctl enable nginx

# Check Nginx status
sudo systemctl status nginx

Use “:wq!” to save and exit the vim editor.

This is a sample image of what I did.

Next; we have to run the script. Before we do this, we have to make sure the file is executable.

Note: If you don’t do this, you may not be able to run the script

chmod +x nginx-script.sh       #changes the file permission and makes it executable

ls -al                          #View the file permission

Run the script

./nginx-script.sh

Our nginx service is now active and running

Optionally, you can confirm the nginx webpage

Congrats !!

You have completed this project.

Optionally;

Step 6: Confirm connection between the Private and Public Subnets within the VPC

Task:

  • Create an EC2 instance that uses the private subnet > in the same “create EC2” page, create a new security group with an open SSH port 22 and/or HTTP port 8080, allow traffic from our VPC on 10.1.0.0/16 > Launch the instance > using SSH or curl from the public EC2 instance; try to connect to the private EC2 instance (you can also try to PING the private instance from the public instance).

Please leave a comment or send an email if you tried the task or have any issues or concerns completing this project.

#devops #devopsengineer #awsdevopsengineer #azuredevopsengineer #devopstickets #devopstask #devopsprojects #awsproject #vpc #aws #GabrielOkom

Reference:

Sam Meech-Ward > AWS VPC & Subnets For Beginners

DevOps
Devops Engineer
Projects
AWS
Awsdevopsengineer

--

--

GABRIEL OKOM

Written by GABRIEL OKOM

42 Followers

MSc Cyber Security and Computer Forensics | Certified DevOps Engineer

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams