1.

Go to VPC

1. no charges to create vpc

charges for create vpc services

2. subnet 3 ?
1 zone = 1 default subnet

3. we can delete default vpc but it is not recommded

4. CIDR ----> subnetting

5. Intenet gateway-------> to connect internet

-----------------------------------------------------------------------------------
-------------------
Steps for Create VPC Instance:

1. Steps to create VPC:

1. Create vpc
2. vpc only
3. Name----> my-vpc-01
4. Ipv4 CIDR – 10.0.0.0/16
5. Tenancy----> default
6. Tags

2. Steps to create Subnet:

1. VPC Id ----> mention above created VPC id
2. Subnet Name ---> floor-1
3. Availbility Zone -----> 1-a
4. Ipv4 CIDR block ----> 192.168.1.0/24

3. Steps to create Internet Gateway

1. Name tage ---> myigw-01
2. Go to right side----> attach to VPC

Note ---> 1 vpc = 1 gateway

4. Steps to create Route table:

1. Create a route table
2. Name ---> my-custom-route
3. VPC -----> select VPC
4. Tags

Route table ---> edit subnet association (to communicate to each other)
Route table ----> edit routes -------> 0.0.0.0/0 Internet gateway

5. Create a EC2 Instance

name ----> web1
OS -------> Amazon Linux
machine ----> t2 micro
network setting ---> myvpc
subnet info ---> floor 2
auto assign public ip ----> enable
create a security group----> SSH, HTTP, ALL ICMP-IPV4

Auto assign public IP :

default ----> enable
select vpc ------> disable
 Termination protection-----> enable

ping 8.8.8.8 or ping www.facebook.com

6. Create another EC2 instance:

name ----> web2
OS -------> Amazon Linux
machine ----> t2 micro
network setting ---> myvpc
subnet info ---> floor 1
auto assign public ip ----> disable
create a security group----> SSH, HTTP, ALL ICMP-IPV4

7. choose web1 & ping Web2 private IP

-----------------------------------------------------------------------------------
------------------

EC2------> action------> chnage termination protection -----> terminate instance

-----------------------------------------------------------------------------------
------------------

VPC Peering:

Mumbai region ---------> VPC-01----->EC2 (10.0.0.0/16)

Mumbai region ---------> VPC-02----->EC2 (172.16.0.0/16)

Task 1: To communicate betn 2 vpc within same region:

1. Select Mumbai region

2. Create VPC 1
a. Create vpc ----> vpc-m01---->10.0.0.0/16
b. Create subnet ---> select vpc-m01
subnet name ------> subnet-m01
avaibility zone----> 1a
ipv4 cidr block ---> 10.0.1.0/24
c. Internet Gateway
name ----> igw-m01-----> attach to vpc
d. Route table
existing default route table given (we can create new route table)
route tables---->edit routes---->0.0.0.0/0---> internet gateway----
>save
route tables ----> edit subnet associations ---> select ---> save

3. Create VPC 2
a. Create vpc ----> vpc-m02---->172.16.0.0/16
b. Create subnet ---> select vpc-m02
subnet name ------> subnet-m02
avaibility zone----> 1a
ipv4 cidr block ---> 172.16.1.0/24
c. Internet Gateway
name ----> igw-m02-----> attach to vpc
d. Route table
existing default route table given (we can create new route table)
route tables----> edit routes---->0.0.0.0/0---> internet gateway----
>save
route tables ----> edit subnet associations ---> select ---> save
4. Create instance
name –--> web-m01
os -----> windows
instance type ---> t2 micro
create a new key pair
auto assigning public ip ----> disble (Note: we can create enable also)
netwk setting --> edit ---> select vpc-m01
create security group----> mysg-m01 ---> allowd icmp http and rdp port

Note : ICMP has not definite port number

5. Create instance
name –--> web-m02
os -----> windows
instance type ---> t2 micro
create a new key pair
auto assigning public ip ----> enable
netwk setting --> edit ---> select vpc-m02
create security group----> mysg-m02 ---> allowd icmp http and rdp port

6. Select web-m02----->connect----> RDP client----> get passwd---> decrypt passwd

Note: bydefult Username -Administrater
a. open command prompt------> ping <m01 private ip>
Not connecting because peering has not done

7. For peering connection

a. Go to ec2----> peering connection-----> create peering connection
name ----> pc-m01-m02
requster ---> vpc-m01
select another vpc to peer with ---> my account /another region------->
action----> accept
route table----> m-01--->edit----> 172.16.0.0/16 ---> peering connection
route table----> m-02--->edit----> 10.0.0.0/16 ------> peering connection

8. continue step 6 ----> go to internet & netwk setting ----> windows security---->
domain netwk ----->windows defender firewall--->off

continue step 6 ----> go to internet & netwk setting ----> windows security---->
Private netwk ----->windows defender firewall---> off

continue step 6 ----> go to internet & netwk setting ----> windows security---->
Public netwk ----->windows defender firewall---> off

9. Create elastic ip & attach to running machine (we are doing this step because we
have created private ec2 before)
Go to ec2 ----> elastic ip-----> allocate elastic ip to running machine
actions---->assciate elastic ip address----> instance (m-01)--> associate

10. Select web-m01----->connect----> RDP client----> get passwd---> decrypt passwd

Note: bydefult Username -Administrater
a. open command prompt------> ping <m01 private ip>
Not connecting because peering has not done

11. continue step 6 ----> go to internet & netwk setting ----> windows security----
> domain netwk ----->windows defender firewall--->off

continue step 6 ----> go to internet & netwk setting ----> windows security---->
Private netwk ----->windows defender firewall---> off
continue step 6 ----> go to internet & netwk setting ----> windows security---->
Public netwk ----->windows defender firewall---> off

Note :windows server 2019 & 2020 ICMP block thats why we off the firewall

12. Open command prompt------> ping <m02 private ip>

-----------------------------------------------------------------------------------
--------------------
elastic ip ----> dissociate----> release
-----------------------------------------------------------------------------------
--------------------
Task 2: To comnuicate betn VPC in different region :
Mumbai ------> vpc-m01
Singapur------> vpc-m02

1. Go to singapure region
a. Create vpc ----> vpc-singapur--->172.17.0.0/16
b. Create subnet ---> select vpc-singapur
subnet name ------> subnet-singapur
avaibility zone----> 1a (not necessary
ipv4 cidr block ---> 172.17.1.0/24
c. Internet Gateway
name ----> igw-singapur-----> attach to vpc
d. Route table
existing default route table given (we can create new route table)
route tables---- >edit routes---->0.0.0.0/0---> internet gateway----
>save
route tables ----> edit subnet associations ---> select ---> save

2. Create instance
name –--> web-singapur
os -----> linux
instance type ---> t2 micro
create a new key pair
auto assigning public ip ----> enable
netwk setting --> edit ---> select vpc-m01
create security group----> mysg-singapur ---> allowd icmp,ssh

3. For peering connection

a. Go to vpc---> peering connection-----> create peering connection
name ----> singapur-mumbai
requster ---> vpc-singapur
select another vpc to peer with ---> my account ---->another region-------vpc
id---> action----> accept
route table----> route-singapur--->singapur region--->m-02--->edit---->
172.16.0.0/16 ---> peering connection
route table----> mumbai region-->m-02----->edit----> 172.17.0.0/16 --->
peering connection

4. Open M-02 windws machine----> go to comand prompt----> ping <singapur private

ip>

-----------------------------------------------------------------------------------
------------------------------------

Day 13 :
NACL & security group difference
nacl-----> subnet
security group ----> ec2 (applied on indivisual server)

Nacl gateway stafulness (mindless)

allow inbound (HTTP,RDP,ICMP)= need to allow HTTP,RDP,ICMP
allow & deny
security group stateful (mindful)
inbound traffic-----> traffic outerside-innerside of vpc
outbound traffic-----> traffic inside-outside of vpc
allow inbound (HTTP,RDP,ICMP)= bydefault allow outbound (HTTP,RDP,ICMP)

NACL (costly)
Priority 100 –Allow
Priority 200 - Deny

AWS Security:
Network ACL & Security Group

Steps:
VPC----> Netwk ACL
Create netwk ACL
default NACL-----> by default all traffic allow
custom NACL------> inbound & outbounbound traffic allow
each subnet associate with NACL.

Interview Que : NACL ko multiple subnet ke sath connect kr sakte ho kya?

------------------> 1 NACL ko sabhi subnet ke sath connect kr sakte ho.
1 time 1 subnet connect to 1 NACL
Priority 100 200
32466 rule we can create in security group
-----------------------------------------------------------------------------------
-----------------------
Task : NACL (deny) security group (allow )
Region-Mumbai
1. Create vpc
myvpc-01
10.0.0.0/16
2. when we create vpc that time by defaul nacl gets create.
By default all traffic allow
3. create subnet
my-vpc-subnet-01
1a
10.0.1.0/24
my-vpc-subnet-02
1b
10.0.2.0/24
4. create internet gateway
myigw-----> attach
5. create route table
myroute-01
select vpc
edit routes---->0.0.0.0/0----> internet gateway
subnet associations-----> select subnet-----> save
6. vpc subnet bydefault connected with Nacl
7. create a new NACL
name---> myacl-01-custom
vpc-----> myvpc-01
subnet association----> edit----> select subnet-1 & 2

8. Go to EC2
 name ----> windows-server
os----> windows
key pair
netwk setting----->select vpc
subnet 1
public ip ---> enable for rdp
allow rdp, http & http

9. check whether connecting or not bu using rdp.

---> it is not connecting
10. go to NACL-----> inbound rule----> edit----> add a rule
Rule no (100)----> type (RDP)----> Source (0.0.0.0/0)-----> allow----> save

11. go to NACL -----> outbound rule---> edit----> add a rule

Rule no (200)----> type (RDP) ----> Source (0.0.0.0/0)------> allow----> save
Rule no (100)----> type (RDP) ----> Source (0.0.0.0/0)------> deny----> save
check rdp connecting or not ----------> not connecting

12. go to NACL -----> outbound rule---> edit----> add a rule

Rule no (200)----> type (RDP) ----> Source (0.0.0.0/0)------> deny----> save
Rule no (100)----> type (RDP) ----> Source (0.0.0.0/0)------> allow----> save
check rdp connecting or not ------------> not connecting

12. go to NACL -----> outbound rule---> edit----> add a rule

Rule no (200)----> type (RDP) ----> Source (0.0.0.0/0)------> deny----> save
Rule no (100)----> type (RDP) ----> Source (0.0.0.0/0)------> allow----> save
check rdp connecting or not ------------> not connecting
13. to resolve this troubleshooting :
Go to NACL -----> outbound rule---> edit----> add a rule
Rule no (100)----> type (Custom TCP) ----> Port Range (1000-65534)----->Source
(0.0.0.0/0)------> allow----> save
Note: Home---->relative entr into main door-----> exit into any door
-----------------------------------------------------------------------------------
-------------------------
Day14
NAT gateway:------> Network address Translation
Client requirement ---> database server (private ip)----> but it can connect to
internet
public ip ----> billing jast hote as compare to private

private instance -----> nat gateway-----> internet gateway-----> internet

private ip----> convert ----> public ip

NAT gateway costly solution

monthly charge+ service charge

NAT gateway konse subnet me banaya jata hai?

-----> public subnet

Steps:
1. Create vpc
name ---> my-vpc
cidr tange---> 10.0.0.0/16

2. Create Public subnet

Select vpc-------> my-vpc
create subnet----> public-subnet
Avaibilty zone--> 1a
Subnet Range---> 10.0.1.0/24
3. Create Private Subnet
Select vpc-------> my-vpc
create subnet----> private-subnet
Avaibilty zone--> 1b
Subnet Range---> 10.0.2.0/24

4. Create Internet Gateway

name ------------> myigw-------------> attach to vpc

5. Create a route table

name- custom-route
vpc ---> my-vpc

custom route---> edit route table---> add route

0.0.0.0/0---> internert gatway

edit subnet associates----> select only public subnet

6. Go to NAT Gateway-----> Create NAT Gateway

name----> my-nat-gatway
subnet----> choose public subnet
connectivity----> public

To create elastic ip

7. default route table-----> edit routes--->

0.0.0.0/0 ----> nat gateway

default route table-----> subnet associates----> select private subnet

8. Create EC2 instance

name-----> public-server
os --------> windows
machine-> t2 micro
select vpc
public ip-enable
subnet---> public subnet
security group---> create nat-sg (icmp,rdp,http)

9. Create EC2 instance

name-----> private-server
os --------> windows
machine-> t2 micro
select vpc
public ip-disable
subnet---> private subnet
security group---> create nat-sg (icmp,rdp,http)

10. Get RDP of Public-server------> get passwd--->decrypt passwd----> dw RDP file

open
Open private subnet windows ---> search remote desktop connection-----> enter
private subnet ip---> connected to private subnet windows-------> serach on
facebook.com
Username---> Administrater
-----------------------------------------------------------------------------------
------------------
NAT Instance ( alternative to NAT gateway)-----> cheaper than NAT gateway
Same steps as above
delete NAT gatway in above steps

continue above 1 to 5 steps

go to route table----> edit route---> 0.0.0.0/0 ---->blackhole--->remove

1. Go to ec2-----> launch instance

name--> nat-instance
browse more ami---> community ami---> search (nat)----> select amazon nat ami
machine-----> t2 micro
vpc-----> myvpc
subnet---> public subnet
ip-----> enable
security group---> icmp,http,ssh
2. Select ec2 machine -----> go to action ----> networking------> change
source/destination check----> stop------ save
3. Go to Route table -----> click on default----> edit route------>0.0.0.0/0 --->
instance (nat)
4. go to public instance----> private instance----> google.com
-----------------------------------------------------------------------------------
-------------------