VPC - Virtual Private Cloud

OSI model consists of 7 layer :


1. Physical layer - Raw bits transfered over cable via electrical signals.

2. Data link - Switches direct these electrical signals. They use MAC address to identify the next destination. 

3. Network layer - Routers receive frames from Data link layer and directs them to the destination based on the address defined in the frame. They use IP (Internet protocol) to identify the next destination. ICMP, ARP are example protocols work on this layer.

4. Transport layer - This layer manages delivery and error checking. TCP,UDP are the examples of protocols work on this layer.

5. Session layer - This layer controls communication between two computers. Netbios,PPTP is the one of the example works on this layer.

6. Presentation layer - This layer is responsible for encryption/decryption of data. SSL, TLS are examples.

7. Application layer - The final layer where user interacts. Example protocols : HTTP,SMTP, FTP etc.


So we can say that switches connect computers within a local area network (LAN), while routers are used to connect computers across wide area networks (WANs). Routers must know where they  have access and where they don't. That is why there is a table called router table that allows you to specify this.

CIDR notation :

192.168.0.0/24  -> means that IP address has mask of 24 bits. 

As we know that 1 byte equals 8 bits, so that we have 24 bits mask 255.255.255.0

This means that only the last digit can change rest are masked 

192.168. 0. X    -> only X can change, rest should stand still.

255.255.255.0




Let's create our own VPC, private and public subnets


  1. Type VPC in the searchbar





  2. Click to "Create VPC" to create one, this stage you have to choose one CIDR range for this VPC, this will be useful for subnet creation phase.






  3. Okay, now create subnet for this VPC, I will create 2 public and 2 private subnet for my VPC, you can create as much as you want. The most important thing at this phase is taking into consideration the subnet CIDRs. CIDR range for each subnet must align with the CIDR range of VPC and should not overlap with other subnets. 







  4. When we create EC2 instances in these subnets we want instances created for public subnets assigned to public IP address.




  5. Okay, now we need to create route table, to ensure that private subnets are isolated from rest. And we will create route table for public subnets as well to connect them to internet gateway.










  6. Need to create internet gateway to grant access public subnets to internet. By  default no subnet has internet access, we should grant them specifically. To do that internet gateway required.
     







  7. At the end all should look like this:



  8. So when we create EC2 instance we must edit network settings during EC2 setting phase and select our VPC and subnet accordingly.




  9. As a result when we connect our instances in the public subnet, we will be able to connect internet , but connecting to EC2 instances directly won't be possible due to no public IP address. But after connecting public instance since they are located in the same VPC we can SSH to private subnet instances too. 






   

Comments

Post a Comment

Popular posts from this blog

Identity Access Management - How to create user in IAM ?!

Image
Introduction IAM stands for Identity and Access Management. IAM is essential component of AWS allows you to create and manage access of user, role, application and control authentication/authorization. There are 4 essential components of IAM :  Users - are individuals or applications want to access to your AWS resources. Groups - are collection of users. By this you can assign permissions to group instead individual users. Roles - are special access type in IAM that allows user/resource to access another resource via temporary credentials. For example EC2 instance can access to DynamoDB or S3 bucket resources without using permanent credentials. This is possible only via Role which is great security point of view. Policies - are JSON documents that define permissions. In policies we define what actions are allowed or should be denied. This can be attached to users, groups, roles. Hands on IAM exercises :  Login to your AWS account and search for IAM :  After clicking IAM icon, you wil
Read more

EC2 - User data

Image
User data Functionality in EC2 service is important and very handy tool. This allows us to execute script right after EC2 instance creation phase. By that we can execute,install any program we want or update, upgrade operating system on that virtual machine. User data functionality will run once just after completion of the instance creation sequence.  First we need to create an EC2 instance with extra steps. Choose Amazon Linux OS so we don't have to install aws-cli tool which we will need in the next steps.    Click to advanced options and add script below also tick the metadata options as well. With new metadata service it is not possible to send request to metadata service without secret key. That is why we need to use old metadata service for the demonstration purposes. Script is at the end of the page !!! We need one more thing to do, since by default all the ports are closed state. We need to add firewall allow line to open port 80 to serve our page to the public web. Click
Read more

IAM - Roles

Image
IAM Roles Roles in AWS has special meaning. With this functionality you can define different variety of roles and assign it users or your application/service can use them. Roles are specifically important for AWS security. Because roles use temporary credentials with services. So that we don't need to use own permanent credentials to do some operations. If somehow hackers got access to AWS infrastructure they won't able to access our cached permanent  credentials. Here are some of advantages of using roles : Reduced Risk of Credential Exposure Least Privilege Principle Cross-Account Access  Let's create a role and assign it to the user  Click to "IAM" , "Roles" and then "Create role" button.  We need ARN (we talked about this in the previous post) of the user. Copy 12 digit unique ID. During role creation select "AWS account" since we are planning to add this role to user. Enter the ID we got from previous step. This ID defines our us
Read more