Figure :Architecture for vpc with Terraform
Definition of VPC:
The Crispy Definition of VPC is Its a Isolated network.vpc has Several Components like NatGateway, InternetGateway, Routers, Elastic IP and Route tables ,Security Group and NACL.Lets see how to Create a vpc and configure its components.
IP addresses reserved by vpc there are 5 IP addresses reserved by vpc
10.0.0.0: Network address.
10.0.0.1: Reserved by AWS for the VPC router.
10.0.0.2: Reserved by AWS DNS Server
10.0.0.3: Reserved by AWS for future use.
10.0.0.255 Network broadcast address. AWS do not support broadcast in a VPC, therefore its reserve this address.
Source code for VPC
Subnets in VPC:
when we create a VPC its a Large network.we need to Divide it into small portion of Networks called Subnets.
“one subnet can be associated with only one route table”.
One goal of a subnet is to split a large network into a grouping of smaller, interconnected networks to help minimize traffic.
we are dividing the above VPC Cidr ranges to /25 network
A public subnet is a subnet that’s associated with a route table that has a route to an internet gateway.
Public subnets are good usecases for webservers.
The complete source code can be found in the below repository
Source code for public subnet
Figure Public Subnet
If a subnet doesn’t have a route to the internet gateway, the subnet is known as a private subnet.
private subnets are good use cases for Database servers.
Source code for Private subnets
Figure Private subnet
An Internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between instances in your VPC and the Internet. Internet gateway allows both inbound and outbound traffic
A route table specifies how packets are forwarded between the subnets within your VPC, the internet, and your VPN connection.
To create a route table
here we are creating a public route table with the name “publicroutetable” in the same way create a private Route table with the name “private routetable”.
Figure Public Route Table
Figure Private Route Table
An Elastic IP address is a static, public IPv4 address.An account can have Max 5 Elastic IPS.
Figure Elastic IP
Natgateway defines You can use a network address translation (NAT) gateway to enable instances in a private subnet to connect to the internet or other AWS services, but prevent the internet from initiating a connection with those instances.It clearly states that nat gateway allows only outbound connections it means we must be part of the network to acess the internet.
Nat Gateway are good usecases for a data base server. for example we can do patching upadates for a DBserver as we are part of the network we can connect and update the database server.External users cannot directly hit my servers.
The instances in the private subnet can access the Internet by using a network address translation (NAT) gateway that resides in the public subnet. … A NAT gateway must be created in a VPC with an Internet Gateway. Otherwise, the NAT gateway won’t work
Source code for Nat gateway:
Figure Nat gateway
Editing Routes for public subnet:
Now we need to instruct the publicroute table how the traffic should fallow.in case of public subnet we need to instruct the route that is if the destination is internet 0.0.0.0/0 then target will be internet gateway.It means that anytime if we need to reach the internet both inbound and outbound traffic flows through internet gateway.
public subnet edited Table
Editing Route table for Private subnet:
Now we need to instruct the public route table how the traffic should fallow.in case of public subnet we need to instruct the route that is if the destination is internet 0.0.0.0/0 then target will be natgateway. in this case external users cannot hit the servers Directly.
Private subnet route table