A-Z of AWS VPC and other services - with Terraform
This blog is going to be an end-to-end guide for AWS VPC networking. I understand there are a lot of AWS services you need to take care of at the time of setting up networking. It can be overwhelming but this will help you understand exactly what is needed for the kickstart.
The services/concepts we are going to understand are:
AWS VPC
CIDRs
Subnets (Public and Private)
Internet Gateway
Elastic IP
NAT Gateway
Route table and association with subnets
Some other additional concepts:
Network ACL
Security Groups
VPC peering
VPC Flow logs
VPC endpoints
VPC
AWS has regions (us-east-1, ap-south-1 etc)
Each region can have upto 5 VPCs
VPC is like owning a part of data center (or similar to renting out a virtual server)
A VPC is your own private network where you can manage all your web servers, applications, databases, etc. Every service created on AWS has to be part of a VPC. Even the services that you create without adding them to an existing VPC are automatically added to the default VPC created by AWS.
Each region have AZs (availability zones), for example, AZs in us-east-1 are us-east-1a, us-east-1b, us-east-1c. VPCs are spread across AZs
CIDRs
This helps us define an IP address range in your VPC. It consists of two components:
Base IP: 192.10.0.0, 172.0.0.0, etc.
Subnet Mask: /16, /24, etc
High value subnet mask with fewer IP addresses. The lower the value of the subnet mask, the more IP addresses there are.
Terraform to create AWS VPC
Subnets (Public and Private)
Subnets are part of your VPC’s CIDRs IP address range. Each subnet is associated with a particular availability zone (AZ) within an AWS region. When you create subnets in your VPC, you can choose to make them either public or private.
Public subnet: The subnet that is connected to the Internet Gateway (IGW) is nothing but the public subnet.
Private subnet: The subnet that is not connected to the Internet Gateway (IGW) is nothing but the private subnet.
Terraform to create AWS VPC
Internet Gateway
It allows resources in a VPC to connect to the internet.
It doesn’t come with VPC, it needs to be created separately.
1 IGW can be attached to the 1 VPC.
Internet gateways on their own don't allow Internet access.
Route tables must be edited with IGW.
Elastic IP
An Elastic IP address is a static, public IPv4 address designed for dynamic cloud computing.
You can associate an Elastic IP address with any instance or network interface in any VPC in your account.
NAT Gateway
NAT Gateway is used to enable instances present in a private subnet to help connect to the internet or AWS services.
It is present in public subnets.
Need to setup NAT gateway if subnets are present in multiple AZs
The elastic IP address is associated with a NAT gateway
Route table
Each subnet in your VPC is associated with a route table that tells it how to handle traffic.
A route table is like a set of directions that tells data packets where to go based on their destination IP address.
Create Route table using terraform
Associate Route table with subnets
How to differentiate between public and private subnet
The subnet you attached to the internet gateway (IGW) is a public subnet and the one that doesn't have an IGW is a private subnet.
Some additional concepts like VPC peering, VPC endpoint etc will be discussed in some other blog.
Tags
Enjoyed the blog? If so, you'll appreciate collaborating with the minds behind it as well.
Last updated
