Create Custom VPC with the Public and Private Subnet

In this post, we will cover:

1. How to create a New VPC?
2. How to create an Internet Gateway and attach it to the newly created VPC?
3. How to Create a Public route table and add the Internet Gateway route to Public Route Table?
4. How to Create two public and two private subnets and associate public subnets to public RT and private subnets to private RT?
5. How to create or modify a Private RT?
6. How to create a NAT gateway, and add a NAT gateway route to Private RT?
7. How to modify auto-assign IP settings for public subnets?
8. How to associate public subnets with public RT?
9. How to associate Private subnets with private RT?

If you are not clear with VPC architecture and its components, I would recommend you to go through this post.

To make you understand better, Our final VPC will be looks like below.

We will create a VPC with CIDR block 10.0.0.0/24, it supports 32–24=8 and ²⁸= 256 IP addresses (for addresses 10.0.0.0–10.0.0.255)

• VPC CIDR will be divided into four subnets and each subnet have 64 IP addresses.
• First public subnet has CIDR 10.0.0.0/26 (for addresses 10.0.0.0–10.0.0.63)
• Second public subnet has CIDR 10.0.0.64/26 (for addresses 10.0.0.64–10.0.0.127).
• The third private subnet has CIDR 10.0.0.128/26 (for addresses 10.0.0.128–10.0.0.191).
• Forth private subnet has CIDR 10.0.0.192/26 (for addresses 10.0.0.192–10.0.0.255).

Sign in to the AWS Management Console and Search VPC service

Step1: Click on the “Create VPC” appearing on the left side of the console.

Create VPC

VPC CIDR

• Provide the Name tag: It is the name of the VPC that you give to your VPC. Suppose I have given the name “CustomVPC-A”.
• We can also put the VPC naming convention such as ProjectName-VPC-ENV example MyProjectVPCProd or MyProject-vpc-prod.
• IPv4 CIDR block: Provide the address block as 10.0.0.0/24.
• Tenancy -We make it a Default, Shared tenancy is the default tenancy in a VPC.

VPC created

VPC has been created.

Step2: To create an Internet Gateway, click on the Create Internet Gateway.

Create IG

Create IG

• Name tag: It is the name of the Internet Gateway, I have given the name “CustomeIG”.

Attach the Internet Gateway to VPC.

Attach to VPC

Click on Attach to VPC and select the VPC which we have created.

Internet Gateway Attachment to the VPC

Internet Gateway Attached to the VPC.

Internet Gateway Attached to the VPC

If a VPC does not have an Internet Gateway, then the resources in the VPC cannot be accessed from the Internet.

Step3: Create a Public Route table, click on Create route table

Create a Public Route table

Provide the name of the route table and select your VPC as shown below, also can give the tag name.

Create a Public Route table

Public Route created.

Public Route created.

To Add Internet gateway to the Public route table, Select PublicRT, Click on a route, and the Edit routes

Add Internet gateway to the Public RT

Click Add Route and Enter the Destination(0.0.0.0) and select IG-id as Target and “Save Routes”.

Add Internet gateway to the Public route table

Added Internet gateway to the Public route table

Added Internet gateway to the Public route table

Step4: Create a public subnet, go to the Subnet section and click on the Create subnet.

Select VPC, give the name of the subnet, CIDR of the subnet, and availability zone, and click on the Create subnet.

publicsubnet-01

The first public subnet has been created.

PublicSubnet-01

Repeat the same step for the second Public subnet.

PublicSubnet-02

We have created two public subnets

PublicSubnets

We should have 64 IPs for each subnet but Amazon always reserves 5 IP addresses, the first four (4) IP addresses, and the last one (1) IP address for networking purposes.

Let’s repeat the same step for creating two private subnets

For private subnet-1

PrivateSubnet-01

For private subnet-2

PrivateSubnet-01

Finally, we have created all subnets

All subnets

Step5: When we create VPC, one a Route Table automatically gets created. Either we can use this route table as PrivateRT or can create another route.

Let’s give the name of the Route table and use it in this VPC.

PrivateRT

Step6: Create NAT gateway, go to the NAT gateways section and click on the Create NAT gateway.

Nat Gateway

Provide the name of the Nat, choose any public subnet, select Public, click on the Allocate Elastic IP and then click on the Create NAT gateway.

Nat Gateway configurations

Nat has created and it’s ready to use.

Nat Gateway

To attach this NAT to the Private RT, select PrivateRT, click Routes, and click on the Edit routes.

Attach this NAT to the Private RT

Enter the Destination(0.0.0.0) and select NAT-id as Target and “Save Routes”.

Attach this NAT to the Private RT

NAT is added to the private RT.

Attached this NAT to the Private RT

Step7: Ec2 Instance should have a public IP when launching in the public subnet for this, select subnet then click on the Actions drop-down menu and then click on the Modify auto-assign IP settings.

Modify auto-assign IP settings

checkmark on Enable auto-assign public IPv4 address and Click on Save.

Enable auto-assign public IPv4 address

Repeat the same action for the second public subnet only.

Step8: To associate the public subnet to the PublicRT, select the PublicRT, click on Subnet association and click on the EDIT subnet associations.

public subnets associations

Select both public subnets and click on Save associations.

public subnets associations

The public subnets are associated with public RT.

public subnets associated

Step8: To associate the private subnet to the PrivateRT, select the PrivateRT, click on Subnet association and click on the EDIT subnet associations.

private subnets associations

Select both private subnets and click on Save associations.

private subnets associations

The private subnets are associated with private RT.

private subnets associated

Important points to remember:

• When you create a VPC, a default route table, Network Access Control List, and default security group are automatically created but It won’t create any subnets, nor it will create a default internet gateway.
• We have not covered all VPC components in this post.
• Us-east-2a in your AWS account can be completely different. I have chosen the Ohio region.
• Amazon always reserves 5 IP addresses — the first four (4) IP addresses and the last one (1) IP address of every subnet for IP networking purposes.
• You must keep only one internet gateway per VPC.
• This VPC is recommended when there is no requirement for a private subnet and can be used for a small range of CIDR.