DTT

How to create a VPC with Public and Private Subnets

Published: January 18, 2019 (Updated: Jan 18, 2019)
#AWS #VPC #NAT Gateway

Enjoying this content? Subscribe to the Channel!

Mastering AWS VPC: Setup Public & Private Subnets with a NAT Gateway (Step-by-Step Guide)

Welcome to Darren’s Tech Tutorials! Setting up a secure and scalable network infrastructure is foundational in AWS, and the Virtual Private Cloud (VPC) is where it all begins.

A common requirement for modern applications is a network that allows certain resources (like web servers) to be public-facing while keeping critical infrastructure (like databases and application servers) safely tucked away in a private subnet. But even private resources sometimes need to reach the internet for updates or patches. That’s where the NAT Gateway comes in!

In this comprehensive guide, we’re going to walk through the exact steps required to quickly create a robust VPC featuring both Public and Private Subnets, fully equipped with a NAT Gateway for outbound connectivity.

The Power of the NAT Gateway

Before diving into the console, it’s helpful to understand the architecture.

  • Public Subnet: Resources here have a direct path to the Internet via an Internet Gateway (IGW). They are reachable from the public internet (useful for load balancers or jump boxes).
  • Private Subnet: Resources here are isolated from the internet.
  • NAT Gateway (Network Address Translation): Placed in the Public Subnet, the NAT Gateway allows resources in the Private Subnet to initiate outbound connections to the internet (e.g., downloading software updates) without allowing any inbound traffic initiated from the internet.

Let’s get started!

Step 1: Preparing for NAT — Provisioning an Elastic IP

A NAT Gateway needs a static, dedicated public IP address to function correctly. This is provided by an Elastic IP (EIP) address.

  1. Navigate to the AWS Console: Log in to your AWS account.
  2. Locate Elastic IPs: In the services search bar, type ‘VPC’ and then select ‘Elastic IPs’ from the left navigation pane.
  3. Allocate a New Address: Click the ‘Allocate Elastic IP address’ button. You can accept the default settings (Amazon’s pool of IPv4 addresses).
  4. Confirm Allocation: Click ‘Allocate’.

Pro Tip: Note the Allocation ID of your new Elastic IP. We will attach this dedicated IP to our NAT Gateway during the wizard process.

Step 2: Launching the AWS VPC Wizard for Quick Setup

While you can manually create every piece of your VPC, the AWS VPC wizard is the fastest and most reliable way to establish the necessary components (Internet Gateway, Route Tables, Subnets, and NAT Gateway) instantly.

  1. Navigate to the VPC Dashboard: In the AWS console, go to the VPC service.
  2. Start the Wizard: Click the ‘Create VPC’ button and select the option: VPC and more. (This is the modern version of the old ‘VPC with Public and Private Subnets’ option.)
  3. Select the Configuration: Ensure the resource creation option is set to VPC with public and private subnets.

Step 3: Defining Network Ranges and Subnet Configuration

The wizard will now ask you to define the address space for your new network.

  1. Define the VPC CIDR Block: This defines the total address range for your entire VPC. The common default is 10.0.0.0/16, which provides over 65,000 internal IP addresses. You can adjust this if necessary, but the default is usually fine for a standard lab environment.
  2. Define Subnet Ranges: You will define the specific CIDR blocks for your Public and Private Subnets. The wizard defaults usually break the /16 into smaller /24 blocks (e.g., Public Subnet 1: 10.0.1.0/24, Private Subnet 1: 10.0.2.0/24).
  3. Choose Availability Zones (AZs): We recommend selecting at least two AZs for redundancy. The wizard will create corresponding public and private subnets in each AZ you select.

Step 4: Configuring and Integrating the NAT Gateway

This is the crucial step where we connect the NAT functionality.

  1. Select NAT Gateway Option: Ensure the configuration drop-down is set to ‘One NAT gateway per AZ’ or ‘One NAT gateway’. For most simple labs, ‘One NAT gateway’ is sufficient.

  2. Attach the Elastic IP: When prompted for the Elastic IP allocation, select the EIP you provisioned back in Step 1. This ties your dedicated public IP to the NAT service.

  3. Review and Create: Review the summary. The wizard will automatically configure:

    • The Internet Gateway (IGW).
    • Route tables linking the Public Subnets to the IGW.
    • Route tables linking the Private Subnets to the newly created NAT Gateway.

  4. Click ‘Create VPC’.

In just a few minutes, AWS will provision all the components, and you will have a fully functional, secure network architecture ready to host your next application!

Conclusion: You Have Mastered Your AWS Network!

Congratulations! You have successfully deployed a sophisticated AWS VPC using the wizard, ensuring that your public-facing resources are accessible and your critical backend services have secure, isolated outbound internet connectivity via the NAT Gateway.

This setup is the backbone of most professional cloud environments, and mastering this skill is essential for any AWS professional.

Ready to see this entire process in action? Be sure to check out our accompanying video tutorial for a full visual walkthrough!

Do you have questions about custom CIDR blocks or deploying resources into your new subnets? Drop a comment below!

If you found this guide helpful, please give the video a like and subscribe to Darren’s Tech Tutorials for more clear, actionable guides to help you master the cloud!

A full text tutorial with additional detail can be found here:

https://darrenoneill.eu/?p=1078