🏗️ Cloud Infrastructure 101: Designing Your Own Network
Hey Cloud Architects 👋
Welcome to Day 27 of the #100DaysOfCloud Challenge!
Today, we are stepping away from the default AWS settings and building our own Custom VPC. The Networking Team needs a dedicated space for public-facing services, complete with automated IP assignment and secure SSH access.
This task is part of my hands-on practice on the KodeKloud Engineer platform, which I highly recommend for anyone looking to master real-world DevOps scenarios.
🎯 Objective
- Create a custom VPC named
devops-pub-vpc. - Create a public subnet named
devops-pub-subnet. - Enable Auto-assign public IPv4 address for the subnet.
- Launch a
t2.microinstance nameddevops-pub-ec2inside this network. - Ensure Port 22 (SSH) is open to the internet.
💡 Why a Custom VPC is Essential
While AWS provides a "Default VPC," professional DevOps teams build custom networks to ensure better security, isolation, and control over IP addressing.
🔹 Key Concepts
VPC (Virtual Private Cloud) A logically isolated section of the AWS Cloud where you can launch resources in a virtual network that you define.
Internet Gateway (IGW) The "bridge" that connects your VPC to the internet. Without an IGW, your "public" subnet remains private.
Route Tables These act as the "GPS" for your network, telling traffic how to reach the Internet Gateway to go outside the VPC.
🛠️ Step-by-Step: Custom Networking Workflow
We’ll move from Network Creation → Routing → Instance Provisioning.
🔹 Phase A: Create the VPC & Subnet
-
Create VPC: Navigate to the VPC Dashboard and click "Create VPC". Name it
devops-pub-vpc.
-
Create Subnet: Create a new subnet within this VPC named
devops-pub-subnet. - Enable Public IPs: This is a crucial step! Go to Subnet Settings and check the box for "Enable auto-assign public IPv4 address". This ensures every instance you launch here gets a Public IP automatically.
🔹 Phase B: Configure Internet Access (The "Public" Part)
-
Internet Gateway: Create an IGW and Attach it to your
devops-pub-vpc.
-
Update Route Table: Find the Route Table associated with your subnet and add a route:
-
Destination:
0.0.0.0/0(The Internet) - Target: Your Internet Gateway.
-
Destination:
🔹 Phase C: Launch the Public Instance
-
Provision EC2: Launch a
t2.microinstance nameddevops-pub-ec2. -
Network Settings: Be sure to select
devops-pub-vpcanddevops-pub-subnetin the launch wizard. - Security Group: Create a new SG that allows Inbound SSH (Port 22) from Anywhere (0.0.0.0/0).
✅ Verify Success
- Check Connectivity: Once the instance is "Running," copy its Public IP.
-
Terminal Test: Try connecting via SSH from your local machine or landing host:
ssh -i your-key.pem ubuntu@<INSTANCE_PUBLIC_IP>
- Confirm: 🎉 If you successfully log in, your custom network is officially open for business!
📝 Key Takeaways
- 🚀 Default vs. Custom: Custom VPCs allow you to define your own CIDR blocks (IP ranges).
- 🔗 Implicit Dependency: A subnet is only "Public" if it has a route to an Internet Gateway.
- 🛡️ Security Groups: Even in a public VPC, your instances are protected by Security Groups. Always use the principle of least privilege!
🚫 Common Mistakes
- Forgetting the IGW: Attaching an IGW is a two-step process: Create it, then Attach it to the VPC.
- Route Table Missing: If you can't SSH in, check if your Route Table actually points to the IGW.
- Auto-Assign Disabled: If your instance doesn't have a Public IP address in the console, you forgot to enable the auto-assign setting on the subnet.
🌟 Final Thoughts
You’ve just built the backbone of cloud computing! Understanding VPCs, Subnets, and Routing is what separates a "Cloud User" from a "Cloud Architect." This setup is the starting point for hosting websites, APIs, and much more.
🌟 Practice Like a Pro
If you want to try these tasks yourself in a real AWS environment, check out:
👉 KodeKloud Engineer - Practice Labs
It’s where I’ve been sharpening my skills daily!
🔗 Let’s Connect
- 💬 LinkedIn: Hritik Raj
- ⭐ Support my journey on GitHub: 100 Days of Cloud