Build a VPC and Launch a Web Server

Task 1: Create your VPC

In this task, I used the VPC Wizard to create a VPC, an internet gateway, and two subnets in a single Availability Zone. An internet gateway is a VPC component that allows communication between instances in your VPC and the internet.

After creating a VPC, I added subnets. Each subnet resides entirely within one Availability Zone and cannot span zones. If a subnet's traffic is routed to an internet gateway, the subnet is known as a public subnet. If a subnet does not have a route to the internet gateway, the subnet is known as a private subnet.

The wizard also created a NAT gateway, which is used to provide internet connectivity to EC2 instances in private subnets.

Here's what I did:

1. At the upper-right of these instructions, I chose AWS. The AWS Management Console opened in a new tab.
2. Once I was in the AWS console, I typed and searched for VPC in the search bar at the top. Selected VPC from the list.
3. I was now in the Amazon VPC dashboard. I used the Amazon Virtual Private Cloud (Amazon VPC) service to build my VPC.
4. I chose Create VPC and configured the following options:
   • Resources to create: Chose VPC and more
   • Name tag auto-generation: UnChecked the box Auto-generate
   • IPv4 CIDR: Entered 10.0.0.0/16
   • IPv6 CIDR block: Chose No IPv6 CIDR block
   • Tenancy: Chose Default
   • Number of Availability Zones (AZs): 1
   • Number of public subnets: 1
   • Number of private subnets: 1
5. I expanded Customize subnets CIDR blocks and configured:
   • Public subnet CIDR block in us-west-2a: 10.0.0.0/24
   • Private subnet CIDR block in us-west-2a: 10.0.1.0/24
   • NAT gateways: Chose In 1 AZ
   • VPC endpoints: Chose None
6. On the Preview pane, I named the resources as follows:
   • VPC: Lab VPC
   • Subnets (2):
     • First box, Public subnet one without name tag: Public Subnet 1
     • Second box, Private subnet one without name tag: Private Subnet 1
   • Route tables (2):
     • First box, Public route table without name tag: Public Route Table
     • Second box, Private route table without name tag: Private Route Table
7. I chose Create VPC.
8. On the next screen, I saw a Success message displayed with VPC details.
9. I chose View VPC.
10. Lab VPC details were displayed as per my configuration.

Task 2: Create additional subnets

In this task, I created two additional subnets in a second Availability Zone. This option is useful for creating resources in multiple Availability Zones to provide high availability.

1. In the left navigation pane, I chose Subnets.
2. To configure the second public subnet, I chose Create subnet and configured the following options:
   • VPC ID: From the dropdown list, I chose Lab VPC
   • Subnet name: Entered Public Subnet 2
   • Availability Zone: No preference
   • IPv4 CIDR block: Entered 10.0.2.0/24
3. I chose Create subnet.

The subnet now has all IP addresses starting with 10.0.2.x.

4. To configure the second private subnet, I chose Create subnet and configured the following options:
   • VPC ID: From the dropdown list, I chose Lab VPC
   • Subnet name: Entered Private Subnet 2
   • Availability Zone: No preference
   • IPv4 CIDR block: Entered 10.0.3.0/24
5. I chose Create subnet.

The subnet now has all IP addresses starting with 10.0.3.x.

Task 3: Associate the subnets and add routes

1. In the left navigation pane, I chose Route Tables.
2. I chose Public Route Table.
3. In the lower pane, I chose the Subnet associations tab.
4. Under Subnets without explicit associations, I chose Edit subnet associations.
5. I selected the check box for Public Subnet 2.
6. I chose Save associations.
7. I then configured the route table that is used by the private subnets by choosing Private Route Table.
8. In the lower pane, I chose the Subnet associations tab.
9. Under Subnets without explicit associations, I chose Edit subnet associations.
10. I selected the check box for Private Subnet 2.
11. I chose Save associations.

My VPC now had public and private subnets configured in two Availability Zones. I had completed the creation of the networking resources and routing components and attachment of these resources that make the VPC functional as a network.

Task 4: Create a VPC security group

In this task, I created a VPC security group, which acts as a virtual firewall for my instance. When you launch an instance, you associate one or more security groups with the instance. You can add rules to each security group that allow traffic to or from its associated instances.

1. In the left navigation pane, I chose Security Groups.
2. I chose Create security group.
3. I configured the security group with the following options:
   • Security group name: Entered Web Security Group
   • Description: Entered Enable HTTP access
   • VPC: Chose Lab VPC
4. Under Inbound rules, I chose Add rule.
5. I configured the following options:
   • Type: Chose HTTP
   • Source: Chose Anywhere IPv4
   • Description: Entered Permit web requests
6. I chose Create security group.

I planned to use this security group in the next task when launching an EC2 instance.

Task 5: Launch a web server instance

In this task, I launched an EC2 instance into the new VPC. I configured the instance to act as a web server.

1. On the AWS Management Console, in the Search bar, I entered and chose EC2 to go to the EC2 Management Console.
2. In the left navigation pane, I chose Instances.
3. I chose Launch instances and configured the following options:
4. In the Name and tags section, I entered Name: Web Server 1.
5. In the Application and OS Images (Amazon Machine Image) section, I configured the following options:
   • Quick Start: Chose Amazon Linux
   • Amazon Machine Image (AMI): From dropdown, Chose Amazon Linux 2 AMI (HVM)
6. In the Instance type section, I chose t3.micro.
7. In the Key pair (login) section, I chose vockey.
8. In the Network settings section, I chose Edit and configured the following options:
   • VPC - required: Chose Lab VPC
   • Subnet: Chose Public Subnet 2
   • Auto-assign public IP: Chose Enable
   • Firewall (security groups): Chose Select existing security group
   • I chose Web Security Group
9. I expanded Advanced details.
10. Under User data, I copied and pasted the following code:

        #!/bin/bash
        #Install Apache Web Server and PHP
        yum install -y httpd mysql php
        #Download Lab files
        wget https://aws-tc-largeobjects.s3.us-west-2.amazonaws.com/CUR-TF-100-RESTRT-1/267-lab-NF-build-vpc-web-server/s3/lab-app.zip
        unzip lab-app.zip -d /var/www/html/
        #Turn on web server
        chkconfig httpd on
        service httpd start
        

11. I chose Launch instance.
12. To display the launched instance, I chose View all instances.
13. I waited until the Web Server 1 showed 2/2 checks passed in the Status check column.

This took a few minutes. To update the page, I chose refresh at the top of the page.

14. I then connected to the web server running on the EC2 instance:
    • I selected the check box for the instance, and chose the Details tab
    • I copied the Public IPv4 DNS value
    • I opened a new web browser tab, pasted the Public IPv4 DNS value, and pressed Enter

The end product was the delivery of the exact customer request: a fully functional VPC with its resources (network and security) and a web server.