As developers, our main focus is on building things.
Then, once development is finished, we need to put that app somewhere on the internet so it is publicly accessible.
If you’re working on a team it might not be a problem, as there might be someone in operations that can handle this task.
But if you’re on your own, or maybe this is the first time you’re using the cloud, it can get pretty confusing. There are so many terms that we didn’t even know existed.
In this piece, we’ll talk about AWS in particular, as it is very popular.
Get Your App Running in AWS Cloud
EC2 is a virtual computing environment. It is more or less the same as your laptop that you’re probably using right now.
The overview says:
Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define.
Or, put simply, VPC lets you manage your AWS resources from the network perspective.
In this post, I will explain the building blocks which make up a VPC whilst giving you an explanation for every component of it.
I won’t cover everything about networking as I assume that you already know how the basics of IP addresses work and the difference between public and private IPs.
By the end of this post, you will have a running EC2 instance that you can connect via SSH to prove that it is accessible from the internet.
By default, AWS already provides you with a default VPC in each region after you create an account. Those default VPCs will suit most of your needs, but you still need to understand how it works.
Creating a VPC
Let’s name it
What is the IPv4 CIDR block?
It is an abbreviation for Classless Inter-Domain Routing.
This is how you’ll want to specify a range of IPs.
The notation is
Let’s take our example
The important part here is the number 16. This is what determines what your IP range is.
The IP here is IPv4. It consists of 32-bits and is grouped by eight bits (octet) at a time, separated by dot. So if you convert, for example, a 255.255.255.255 IP address, you get
11111111.11111111.11111111.11111111 in binary format.
If you don’t know how to read binary digits, I encourage you to learn it first.
In our example
10.0.0.0, you get
Then we have the number 16, that acts as a mask that’s represented by numbers of “1” from left to right to form an IP address format. The result is
Those places with 0’s on the mask are available for you to use inside your network. That means, if you have all the remaining bits in the last two octets to use for your network, if the mask is 24 or
11111111.11111111.11111111.00000000, you only get the last octet.
So your IP will range from
00001010.00000000.11111111.11111111, or in decimals
As the name implies, in order for your VPC to have access to the Internet, you have to attach an Internet gateway to it. Let’s create an Internet gateway and name it
A subnet is a logical group of a networks which differ depending on the requirements.
Subnetting let us break a network into smaller parts. Think of it as a network in a huge building with 100 different companies and 100 divisions each, each with network groups.
An example of a subnet is a range from 192.168.1.1 to 192.168.1.255.
You must also specify the CIDR block for each subnet.
Let’s create three subnets,
private1, as we will create two public subnets and one private subnet.
A public subnet means that the subnet will have access to the internet, while a private subnet will not have access to the internet. I will explain how to do that later.
Let’s create a subnet with the selection of VPCs that we created earlier.
Notice that this time we specify the mask “24”.
A 24 mask converted to binary is
11111111.11111111.11111111.00000000. So, the first three octets are already reserved and the only space we have is the last octet.
So, if we create our subnet equally we end up having
Network Access Control List
NACL lets you specify the rules for inbound and outbound traffic of your network.
Inbound means traffic that’s coming in, while outbound means traffic that goes out.
You will be able to set any rule for your network, based on the protocol type such as HTTP, TCP, UDP, etc., and the port numbers.
Give every rule a number, evaluated from lowest to highest.
Let’s create one and name it
By default, all traffic is allowed. For the purpose of this course, let’s leave it as it is. However, I encourage you to not do this in a production environment.
In the “subnet associations tab”, click “edit subnet associations” and add the subnets that you created before.
This works like routing does in an app. For example, if the IP destination is 10.0.0.14, then route it to service-a, it’s that simple.
Let’s create two route tables and named them
RT1, open the “routes tab” and click “edit routes”. Add the route with the destination of
0.0.0.0/0 with the target being the internet gateway we created.
What this means, is that the
0.0.0.0/0 means to direct other traffic to the Internet gateway so it can access the internet. Click “save routes” and then move to the “subnet association tabs”.
Click “edit subnet associations” and add the two subnets named
public2 that you created before.
This is how to make a subnet public; associate it with a route table that has its destination to an internet gateway.
RT2, edit it so it is associated with the subnet
private1 for it to be private.
Launching an EC2 Instance
Finally, let’s test that our network is working properly.
Launch an EC2 instance — use the “t2.micro” instance type as it is free tier eligible.
Go to step #3 to configure the instance. This is where we configure the network this instance is going to use.
Select the VPC and one of the public subnets we just created. Then, go to step #6 to configure the security group and enable the auto-assign public IP.
The security group lets us configure the inbound and outbound traffic, but at instance level, while NACL is at network level.
This time, we will only allow for SSH connections with port 22 from all sources of incoming IPs.
Click “Review and Launch” and launch your instance, but don’t forget to download the key-pair — the instance will take some time to provision.
Once it is done, let’s connect to it using SSH. Click on the instance and click “connect” at the top of the table. It will give you the instructions to connect using SSH.
Follow the instructions and… voila!
You now have an EC2 instance that is connected to the internet and you know every step of its process.
After this, you can install your application and make it accessible through the browser easily, by adding more rules to the security group to open HTTP port 80.
There’s a lot more to learn about VPCs — try changing the configuration that we created and see what happens, such as deleting the internet gateway from the route table, changing the rule at the NACL, etc.
I hope you enjoyed this piece!