Professional Documents
Culture Documents
us-west-2 This lab shows you how to build your own VPC, create subnets,
and direct traffic between VPC components. The following image
shows the final architecture:
https://labs.netec.com/pages/lab3.html 1/17
22/7/2021 AWS Labs
OBJECTIVES
After completing this lab, you will be able to:
Create a VPC
Create public and private subnets
Create an internet gateway
Configure a route table and associate it to a subnet
DURATION
START LAB
This starts the process of provisioning your lab resources. An
estimated amount of time to provision your labs resources is
displayed. You must wait for your resources to be provisioned
before continuing.
Open the AWS Console with the green button to the left of
this page.
On the login page, place the User assigned for the course
Select the name of the account and the list of labs will appear.
https://labs.netec.com/pages/lab3.html 2/17
22/7/2021 AWS Labs
The VPC will hve a CIDR range of 10.0.0/16, which includes all IP
address that starts with 10.0.x.x. This range contains over 65,000
addresses. your will later divide the addresses into separete
subnets
Note: If these options do not appear, cancel and esure you clicked
Your VPCs in the left navigation pane. Then, CLick Create VPC
again.
Tags are useful for identifying resources. For example, a tag can be
used to identify dev/test/production environments or costs centers.
7. Above the list of VPCs, click Actions and select Edit DNS
hostnames
ec2-52-42-133-255.us-west-2.compute.amazonaws.com
8. Select Enable
https://labs.netec.com/pages/lab3.html 3/17
22/7/2021 AWS Labs
Any Amazon EC2 instances launched into the VPC will now
automatixally receive a DNS hostname. you can also add a more
meaningful DNS name (for example, app.companny.com) later by
using Amazon Route 53.
In this task, you will create a public subnet and private subnet in the
LAB VPC, as shown in the following image:
https://labs.netec.com/pages/lab3.html 4/17
22/7/2021 AWS Labs
Note The VPC has a CIDR range of 10.0.0.0/16, which includes all
10.0.x.x IP addresses. The subnet you just created has a CIDR
range 10.0.0.0/24, which includes all 10.0.0.x IP addresses. These
ranges may look similar, but the subnet is smaller than the VPC
because of the /24 in the CIDR range
Note Even though this subnet is named Public Subnet, it is not yet
public. A public subnet must have an internet gateway. Which you
will create and attach later in the lab.
https://labs.netec.com/pages/lab3.html 5/17
22/7/2021 AWS Labs
Your VPC now has two subnets. However, it is totally isolated and
cannot communicate with resources outside the VPC. You will next
configure the public subnet to connect to the internet via the
internet gateway.
You can now attach the internet gateway to your Lab VPC.
https://labs.netec.com/pages/lab3.html 6/17
22/7/2021 AWS Labs
A route table contains a set of rules, called routes, which are used
to determine where network traffic is directed. Each subnet in a
VPC must be associated with a route table; the table controls the
routing for the subnet. A subnet can only be associated with one
route table at a time, but you can associate multiple subnets with
the same route table.
Several route tables are displayed, but there is only one route table
associated with Lab VPC. This route table routes traffic locally, so it
is called a private route table.
23. Select the route table that shows Lab VPC in the VPC ID
column. (You can expand the column to see the names.)
24. Hover in the Name column and click the pencil icon.
25. Enter a name of Private Route Table and then click the
check mark icon
26. In the lower half of the page, click the Routes tab.
There is only one route. It shows that all traffic destined for
10.0.0.0/16 (which is the range of the Lab VPC) will be routed
locally. This allows all subnets within a VPC to communicate with
each other.
Now, create a new public route table to send public traffic to the
internet gateway.
https://labs.netec.com/pages/lab3.html 7/17
22/7/2021 AWS Labs
Key Name
30. Select Public Route Table, ensuring that it is the only route
table selected.
Destination: 0.0.0.0/0
The last step is to associate this new route table with the public
subnet.
The Public Subnet is now public because it has a route table entry
that sends traffic to the internet via the internet gateway.
https://labs.netec.com/pages/lab3.html 8/17
22/7/2021 AWS Labs
In this task, you will create a security group that allows users to
access the App Server via HTTP.
Type: HTTP
Source: Anywhere
Key Name
Value App-SG
You will use this application security group in the next task.
https://labs.netec.com/pages/lab3.html 9/17
22/7/2021 AWS Labs
To test that your VPC is correctly configured, you will now launch an
Amazon EC2 instance into the public subnet and confirm that the App
Server is accessible from the internet.
44. At the top-left of the screen, ensure that New EC2 Experience
is selected. This lab is designed to work with the New EC2
Console.
45. Scroll down the page, click Launch instance and select Launch
Instance.
Copy Code
https://labs.netec.com/pages/lab3.html 10/17
22/7/2021 AWS Labs
#!/bin/bash
wget https://us-west-2-
tcprod.s3.amazonaws.com/courses/ILT-TF-200-
ARCHIT/v6.8.21/lab-2-webapp/scripts/inventory-app.zip
wget https://github.com/aws/aws-sdk-
php/releases/download/3.62.3/aws.zip
chkconfig httpd on
Key: Name
You receive a warning that you will not be able to connect to the
instance. This is acceptable because you will not be connecting
to the instance. All configuration is done via the user data script.
STEP 7: REVIEW
https://labs.netec.com/pages/lab3.html 11/17
22/7/2021 AWS Labs
61. Open a new web browser tab, paste the IP address into
the address bar, and press ENTER.
Note This challenge task is optional and is provided in case you have
lab time remaining.
Another VPC called Shared VPC has been provided as part of this
lab. Your task is to create a peering connection between your Lab
VPC and the Shared VPC, as shown in the following architecture
diagram:
https://labs.netec.com/pages/lab3.html 12/17
22/7/2021 AWS Labs
https://labs.netec.com/pages/lab3.html 13/17
22/7/2021 AWS Labs
When a peering connection is created, the target VPC must accept it.
This is because the target VPC might be owned by a different account,
or the user creating the peering connection might not have permission
to accept the connection for the target VPC. However, in this lab, you
will accept the connection yourself.
Now, update the route tables in both VPCs to send traffic from the Lab
VPC to the peering connection, as shown in the following image:
You will configure the public route table that is associated with the Lab
VPC to send traffic to the peering connection if the destination IP
address falls within the range of the Shared VPC.
https://labs.netec.com/pages/lab3.html 14/17
22/7/2021 AWS Labs
10.5.0.0/16
Lab-Peer
Now, configure the reverse flow for traffic coming from Shared VPC
and going to the Lab VPC.
This is the route table for the Shared VPC. You will configure it to to
send traffic to the peering connection if the destination IP address falls
within the range of the Lab VPC.
10.0.0.0/16
Lab-Peer
The route tables have now been configured to send traffic via the
peering connection when the traffic is destined for the other VPC.
A database has already been provisioned in the Shared VPC. You will
now test the peering connection by configuring the Inventory
application to access that database across the peering connection.
https://labs.netec.com/pages/lab3.html 15/17
22/7/2021 AWS Labs
82. In the Endpoint & port section copy the name of the Endpoint
similar to this value: inventory-
db.crwxbgqad61a.rds.amazonaws.com (DO NOT copy this
value)
83. Return to the web browser tab with the Inventory application.
Database: inventory
Username: dbadmin
Password: lab-password
CLEAN UP RESOURCES
94. At the top select Instance State and click Terminate Instance
96. In the left panel go to Network & Security click on the Security
Groups option.
https://labs.netec.com/pages/lab3.html 16/17
22/7/2021 AWS Labs
97. Select in the box the name of the security group called App-SG.
101. Click on Actions and Delete VPC (If it still cannot be deleted,
wait for the Peering Connection to be deleted)
CONCLUSION
Created a VPC
Created public and private subnets
Created an internet gateway
Configured a route table and associated it to a subnet
END LAB
Click to go up
https://labs.netec.com/pages/lab3.html 17/17