Not familiar with cloud services? This AWS VPC starter guide takes you flying.

Not familiar with cloud services? ARM hostingThis AWS VPC starter guide takes you flying.

As developers, almost all of their attention is focused on developing the product. However, once the development is complete, the application will need to be made available to the public on an Internet platform.

If it is a team effort, Cloud platfrom providerthis process is not a problem, and someone in operations will handle this task.

However, if you are alone or using the cloud for the first time, the research staff can cause a lot of questions and confusion. After all, there are a lot of terms that companies didn't know before. Therefore, this article will particularly need to discuss one very popular AWS.

Let the application run in the AWS cloud

To get your applications up and running in the AWS cloud,virtual private cloud you need to know at least two things about AWS resources: Elastic Compute Cloud (EC2) and virtual Private Cloud (VPC).

EC2 is a virtual computing environment that is roughly equivalent to your current laptop.

To summarize: Configure logically isolated portions of the AWS cloud through the Amazon Virtual Private Cloud (Amazon VPC), where AWS resources in defined virtual networks can be launched.

Or, simply put, a VPC allows you to manage AWS resources from a network technical perspective.

This article explains the building blocks that make up a VPC, along with descriptions of each component.

This article assumes that you already know the basic workings of IP addresses and the difference between public and private IP, so I won't cover all of networking.

At the end of this article, you'll see an example of EC2 in action, connected over SSH, to prove that it can be accessed from the Internet.

By default, after an account is created, AWS provides users with a default VPC in each region. Although these default VPCS can meet most requirements, you still need to understand how they work.

Here we'll name it vpc-quickstart.

What is an IPv4 CIDR block?

It stands for Classless Interdomain Routing.

This is how IP ranges are specified.

The notation is < ip notation > / < number >.

Take 10.0.0.0u002F16 for example.

The important part here is the number 16. This determines the IP range.

The IP address here is IPv4. It consists of 32 bits, grouped by 8 bits (octet) at a time, separated by dots. Thus, for example, if you the IP address of the translation of 255.255.255.255, you will get 1111111111.1111111.111111 binary format.

If you don't know how to read binary numbers, it is recommended to learn it first.

In the example in the 10.0.0.0, 0000000000000000000000000000000000000000000000000000000005

Then there is the number 16, which acts as a mask and is represented by the number "1" from left to right, forming an IP address format. The result is 1111111111.1111.00000.00000.

Position 0 on the mask can be used in the network. This means that if the last two eight bytes of all remaining bits are used in the network, if the mask is 24 or 111111111.1111.11111111.00000, only won the last two eight bytes.

As a result, the IP range will be 00001010.0000000.0000000.0000000 to 00001010.00000000.111111111, or decimal digits 10.0.0.0 10.0.255...

Internet gateway

As the name implies, in order for a VPC to be able to access the Internet in China, it must be connected to the Internet through a gateway. Here we will create our own national Internet technology gateway and name it igw-quickstart:

subnet

A subnet is a set of logical networks, depending on the requirements.

Subnets can divide the network into smaller parts. You think of it as a huge network in a building, with 100 different companies, 100 departments, each with its own network group.

For example, the subnet ranges from 192.168.1.1 to 192.168.1.255.

You must also specify a CIDR block for each subnet.

The following will create with three different subnets, public1 public2 and private1, because you will create two basic public service subnets and a China private subnet for the enterprise.

A public subnet means that a subnet can access the Internet, while a private subnet cannot. I'll explain how to do that later.

Start by creating a subnet that contains some of the previously created VPCS.

Note that this time the mask "24" is specified.

Is converted to binary 24 mask 111111111.11000.10008101116, therefore, the first three binary eight digit has been retained, the only space is the last eight binary digits.

Therefore, if the average enterprise can create a subnet, it will end up with 10.0. < 0-255 >. * Subnet.

Network Access Control Lists (NACL)

NACL allows users to specify inbound and outbound traffic rules for the network.

Inbound means inbound traffic and outbound means outbound traffic.

You can set any rules for the network based on the protocol type (such as HTTP, TCP, UDP, etc.). And port number.

Give each rule a Chinese number from lowest to highest.

Create one and name it ACL-Quickstart.

By default, all traffic is allowed. For the purposes of this lesson, this will remain the same. However, it is recommended that you do not do this in a production environment.

In the Subnet Association TAB, click Edit Subnet Association and add the subnet you created earlier.

Routing table

This is similar to routing in an application. For example, if the IP destination is 10.0.0.14, routing it to service-a is simple.

Create two maintenance routing tables and name them RT1 and RT2.

For RT1, open the Routing TAB and click Edit Routing. Add the default route route to the Internet gateway you just created.

This means that 0.0.0.0/0 will direct other traffic to the Internet technology gateway so that it can pass through the Chinese Internet. Click "Save Data Route" and then the student goes to the "Association between Subnets TAB".

Click EditSubnetAssociation and add the two subnets named Public1 and PUBLIC2 that you created earlier.

That's how you make subnets public; Associate it with a routing table whose destination is the Internet gateway.

For RT2, information is edited to associate it with the subnet private1 to enable it to evolve into an enterprise private network subnet.

Start an EC2 instance

Finally, test whether the network is working properly.

Start an EC2 instance - use the "t2.micro" instance type, as it qualifies as a free solution.

Go to Step # 3 to configure the instance. This is where you configure the network that the instance will use.

Select the VPC and a public subnet that you just created. Then, go to step # 6 to configure security groups and enable automatic allocation of public IP.

Security group

Security groups allow student users to configure inbound and outbound traffic at the instance level, while NACL is at a network security level.

This time, only SSH connections from port 22 of all incoming IP sources are allowed.

Click View and Start and launch the instance, but don't forget to download the key pair - the instance takes some time to configure.

When you're done, connect it using SSH. Click the instance, and then click connect at the top of the table. It will provide instructions for using SSH connections.

Follow the design instructions and then... It worked!

SSH connects to the EC2 instance.

Now we have an instance of EC2 connected to the Internet, and we know every step of it.

After that, by adding more rules to the security group to open HTTP port 80, you can easily install the application and access it through your browser.

There's a lot more to learn about VPCS. Try changing the created configuration to see what happens, such as removing Internet gateways from the routing table, changing the rules for NACL, and so on.

vpc computer network

6