AWS provides a very user friendly interface for managing all of its services. This enables users to create services at the click of a button as and when required and delete them when they are not necessary. We shall go through recipes for creating the most used network components that we have to use, in case we host our application in AWS. Also, we shall learn how to create instances in the network that we built.

AWS VPC is a virtual network in AWS cloud that is similar to the conventional network in a corporate data center. A VPC created in an account isolates all resources in it from any other VPC created by the same or other accounts.

We need an AWS account and a user with proper permissions for creating a VPC.

1. Log in to your AWS account. AWS provides a default VPC in each region where the account has been created, with all the components listed above in each Availability Zone (AZ) in that region. After logging in to the account...

Subnets of AWS are similar to VLAN in DC with a specific range of IPs isolated from an other VLAN/subnet. Each AZ in a region can host multiple subnets, as per the requirement. A subnet is bound by one AZ limit and can't span across multiple AZs. There are two types of subnets; instances created in a public subnet are assigned a public IP and can be accessed from outside the VPC. There is another type of subnet that is called the private subnet. Public IP is not assigned to instance created inside this type of subnet. A default VPC has default subnets associated with it; all default subnets are public subnets.

We need an AWS account and a user with proper permissions for...

An AWS Network Access Control List (NACL) works as a firewall at the VPC level for controlling incoming and outgoing requests from one or more subnets associated with that VPC. It is used in conjunction with the Security Group (SG) in controlling traffic to the AWS. When we create a VPC, a default NACL is created that is open to every IP and port. The subnet is associated with the default NACL created during its creation. We can create a custom NACL and associate it with a subnet, thus replacing the default NACL.

We need an AWS account and a user with proper permissions to create a security group. We also need to configure the AWS CLI in our local machine. We also need a VPC creation in...

Security Group (SG) works as a virtual firewall that controls incoming traffic to protect resources hosted in AWS, such as EC2 and RDS, from unwanted access. The same SGs should be associated with services/resources having the same functionality and security requirements such as a cluster of web servers. SGs can span across different subnets in a VPC. SGs are stateful firewalls where you can define rules for a valid source, protocol, and port for incoming and outgoing traffic. Stateful meaning--if the connection from source to destination is allowed, the return path is also allowed. At least one SG needs to be attached to the resource at the time of resource creation. More than one SG can also be attached to a resource. The rules of an SG can be modified at any time and they will take effect immediately. An SG can be detached from the resource at any...

An Internet Gateway is an AWS component that enables communication between resources hosted in the VPC and the internet. It is a horizontally scalable and highly available component. It doesn't enforce any network bandwidth constraints. It is the channel through which services hosted inside the VPC are accessed by the outside world. It also enables resources hosted in the AWS to connect to the internet.

The prerequisites for this section are the same as recipe, Managing a Network ACL.

1. Log in to your AWS account...

By default, there is no way that resources hosted in a private subnet can access the internet. NAT is a way to achieve that. However, any resource outside the VPC can't access the resources in a private subnet. We can use a NAT instance or a NAT Gateway to achieve this. However NAT Gateway is a scalable, managed service that does not require any administration. In this section, we will see how to manage a NAT Gateway.

We need to have an AWS account created with a user that has permissions to manage the NAT which we already have. We need to create an Elastic IP to be attached to with NAT, which is provided here. We shall learn details about Elastic IPs in the later sections.

A Route Table contains a set of rules that control how the network traffic flows within a VPC and outside of it. Each subnet must be associated with one Route Table. However, Route Tables may contain more than one subnet that needs the same route configuration.

We need to have an AWS account created with a user that has permissions to manage Route Tables, which we already have. We have already created two subnets, one IG, and one NAT Gateway. By configuring these with the Route Table, we shall make one subnet a public subnet and the other one a private subnet.

EC2 is an infrastructure in the AWS Cloud with certain compute, memory, and network resources. Though EC2 is not a networking component, we shall try to create a couple of them to check whether the network components that we have created work with EC2. We shall also understand how networking components integrate with resources in AWS.

We need to have an AWS account created with a user that has permission to manage EC2 instances, which we already have.

1. Log in to your AWS account and open the EC2 Dashboard: