VPC at a high level, you can think, it is a logical container that separates resources you create from other customers within the Amazon Cloud. It is you defining a network of your own within Amazon. You can think of a VPC like an apartment where your furniture and items are analogous to databases and instances. The walls of your apartment isolate and protect your things from being accessible from other tenants of the apartment complex.
Subnets would then be analogous to the different rooms in your apartment. They are containers within your VPC that segment of a slice of the CIDR block you define in your VPC. Subnets allow you to give different access rules and place resources in different containers where those rules should apply. You wouldn’t have a big open window in your bathroom on the shower wall so people can see you naked, much like you wouldn’t put a database with secretive information in a public subnet allowing any and all network traffic. You might put that database in a private subnet (i.e. a locked closet).
Let's try to create Subnet:
Step: 1 Create VPC as below:
Route tables, NACLS, security groups are created by default after the creation of VPC
Step: 2 After this Create Subnet:
Step: 3 After this create Internet gateway “MyIGW” and attach your VPC
Step:4 Then go-to root tables, create root table
Step: 5 Then we need to enable internet access.
Step: 6 After this subnet association
Step: 7 After this go to Subnets and make your public subnet as auto-assign public IP
Step: 8 After this, we launch a public subnet and private subnet. After this go the subnet window and make 10.0.1.0 –us east-1a as a public subnet
Step: 9 After this launch EC2 instances, in the configuration instance tab, Choose your VPC in-network, choose your public subnet.
Step: 10 After this create a new security group” Web-DMZ”, ssh and HTTP. Choose a new key pair.
Step: 11 Launch the second instance with 10.0.2.0 and select default security grp and choose the new key pair.
Step: 12 After this connect to public machine and try to check if it is internet connected.
Step: 13 After this rename your private instance to MY-SQL, and go to security grps and create new security grp named”MyRDS-SG”, add yor VPC.
Step: 14 Add SSH, MySQL/Aurora, https, HTTP, all ICMP ipv4. Add for all protocols add CIDR as 10.0.1.0/24
Step: 15 After this associate it to the private instance and ping private IP from the public console.
Step: 16 After this test connectivity.
[ec2-user@ip-10–0–1–167 ~]$ vi mykey.PPK
[ec2-user@ip-10–0–1–167 ~]$ chmod 400 mykey.ppk
[ec2-user@ip-10–0–1–167 ~]$ ssh ec2-user@<private_ip_address> -i mykey.ppk
After connectivity, elevate privileges and check for command yum update -y
Step: 17 After this create NAT instance(select it form community AMIs), for public instance(10.0.1.0 –us-east-1a) and also selecting your own VPC, security grp will be MyWEBDMZ(http, https and ssh). Download new key.
Step: 18 After this go to your NAT instance and in actions>>networking>>change source and destination checks (disable)
Step: 19 After goto route tables, add route by selecting a default root table created by NAT:
Step: 21 After this connect to private IP from public console with the command
ssh firstname.lastname@example.org -i mykey.ppk
and then run sudo su and yum update –y