Professional Documents
Culture Documents
Go to VPC
2. subnet 3 ?
1 zone = 1 default subnet
-----------------------------------------------------------------------------------
-------------------
Steps for Create VPC Instance:
Route table ---> edit subnet association (to communicate to each other)
Route table ----> edit routes -------> 0.0.0.0/0 Internet gateway
-----------------------------------------------------------------------------------
------------------
VPC Peering:
2. Create VPC 1
a. Create vpc ----> vpc-m01---->10.0.0.0/16
b. Create subnet ---> select vpc-m01
subnet name ------> subnet-m01
avaibility zone----> 1a
ipv4 cidr block ---> 10.0.1.0/24
c. Internet Gateway
name ----> igw-m01-----> attach to vpc
d. Route table
existing default route table given (we can create new route table)
route tables---->edit routes---->0.0.0.0/0---> internet gateway----
>save
route tables ----> edit subnet associations ---> select ---> save
3. Create VPC 2
a. Create vpc ----> vpc-m02---->172.16.0.0/16
b. Create subnet ---> select vpc-m02
subnet name ------> subnet-m02
avaibility zone----> 1a
ipv4 cidr block ---> 172.16.1.0/24
c. Internet Gateway
name ----> igw-m02-----> attach to vpc
d. Route table
existing default route table given (we can create new route table)
route tables----> edit routes---->0.0.0.0/0---> internet gateway----
>save
route tables ----> edit subnet associations ---> select ---> save
4. Create instance
name –--> web-m01
os -----> windows
instance type ---> t2 micro
create a new key pair
auto assigning public ip ----> disble (Note: we can create enable also)
netwk setting --> edit ---> select vpc-m01
create security group----> mysg-m01 ---> allowd icmp http and rdp port
5. Create instance
name –--> web-m02
os -----> windows
instance type ---> t2 micro
create a new key pair
auto assigning public ip ----> enable
netwk setting --> edit ---> select vpc-m02
create security group----> mysg-m02 ---> allowd icmp http and rdp port
8. continue step 6 ----> go to internet & netwk setting ----> windows security---->
domain netwk ----->windows defender firewall--->off
continue step 6 ----> go to internet & netwk setting ----> windows security---->
Private netwk ----->windows defender firewall---> off
continue step 6 ----> go to internet & netwk setting ----> windows security---->
Public netwk ----->windows defender firewall---> off
9. Create elastic ip & attach to running machine (we are doing this step because we
have created private ec2 before)
Go to ec2 ----> elastic ip-----> allocate elastic ip to running machine
actions---->assciate elastic ip address----> instance (m-01)--> associate
11. continue step 6 ----> go to internet & netwk setting ----> windows security----
> domain netwk ----->windows defender firewall--->off
continue step 6 ----> go to internet & netwk setting ----> windows security---->
Private netwk ----->windows defender firewall---> off
continue step 6 ----> go to internet & netwk setting ----> windows security---->
Public netwk ----->windows defender firewall---> off
Note :windows server 2019 & 2020 ICMP block thats why we off the firewall
-----------------------------------------------------------------------------------
--------------------
elastic ip ----> dissociate----> release
-----------------------------------------------------------------------------------
--------------------
Task 2: To comnuicate betn VPC in different region :
Mumbai ------> vpc-m01
Singapur------> vpc-m02
1. Go to singapure region
a. Create vpc ----> vpc-singapur--->172.17.0.0/16
b. Create subnet ---> select vpc-singapur
subnet name ------> subnet-singapur
avaibility zone----> 1a (not necessary
ipv4 cidr block ---> 172.17.1.0/24
c. Internet Gateway
name ----> igw-singapur-----> attach to vpc
d. Route table
existing default route table given (we can create new route table)
route tables---- >edit routes---->0.0.0.0/0---> internet gateway----
>save
route tables ----> edit subnet associations ---> select ---> save
2. Create instance
name –--> web-singapur
os -----> linux
instance type ---> t2 micro
create a new key pair
auto assigning public ip ----> enable
netwk setting --> edit ---> select vpc-m01
create security group----> mysg-singapur ---> allowd icmp,ssh
-----------------------------------------------------------------------------------
------------------------------------
Day 13 :
NACL & security group difference
nacl-----> subnet
security group ----> ec2 (applied on indivisual server)
NACL (costly)
Priority 100 –Allow
Priority 200 - Deny
AWS Security:
Network ACL & Security Group
Steps:
VPC----> Netwk ACL
Create netwk ACL
default NACL-----> by default all traffic allow
custom NACL------> inbound & outbounbound traffic allow
each subnet associate with NACL.
8. Go to EC2
name ----> windows-server
os----> windows
key pair
netwk setting----->select vpc
subnet 1
public ip ---> enable for rdp
allow rdp, http & http
Steps:
1. Create vpc
name ---> my-vpc
cidr tange---> 10.0.0.0/16
To create elastic ip