DEV Community

Harshana vivekanandhan
Harshana vivekanandhan

Posted on

Architecting a Secure and Scalable Network with AWS VPCs and Subnets

Building a secure and scalable network in the cloud is critical for any organization that leverages cloud services. AWS Virtual Private Cloud (VPC) and its associated subnets provide the foundational infrastructure to achieve these goals. This blog post will guide you through the process of architecting a secure and scalable network using AWS VPCs and subnets.

Project Prerequisites

  • An AWS account that is free-tier eligible because we don’t want to spend money on this project.

  • Basic knowledge of VPCs, subnets, Network ACLs, routing and security groups.

My Architecture Diagram

Image description

Creating a custom VPC and Subnets

I will launch all the resources I use in this project in the North Virginia region. If you want to follow along to the last detail, make sure you are also launching your resources in the North Virginia region.

Now let’s create our VPC. Creating a VPC has been made easier as you can create your VPC and subnets, and define route tables and other VPC resources in one go.
Here change the IPv4 CIDR block and the zones and subnets to 1 gateways and endpoints to None
Image description

Image description

Configuring Security Groups

To locate the security group console, we have to search and navigate to the EC2 management console window. Once in the EC2 dashboard navigate to the security groups tab and create a security group as shown in the image below.{https://whatismyipaddress.com/ip/110.224.90.87} to find the IP address
Here Allow SSH from local computer to bastion host launched in public subnet.
Image description

Image description

Image description

Setting up a Bastion Host

The next step in the project is to launch a bastion host in the public subnet via which we are going to connect to an EC2 instance launched in the private subnet. So let’s get that done. Within your management console, navigate to the EC2 window. To make sure we don’t accrue any cost, we are going to use an AMI that is free-tier eligible.
While launching the EC2 instance, be sure to select the security group we created earlier as its security group. After having filled in all the details, clicking on the Launch instance button launches our bastion host EC2 instance.

Image description

Image description

Image description

Image description

Launch Private EC2 Instance

We need another EC2 instance in our private subnet which we are going to access it using SSH via the bastion host. This instance is going to use the same key pair and security group as the bastion host in the public subnet.

Image description

Image description

SSH to Bastion Host

The time to start testing our work has come. We are going to access our bastion host from our computer. So open a terminal window and run the following commands.



chmod 400 /path/to/private/key.pem



Enter fullscreen mode Exit fullscreen mode

This command will secure the key pair file that was downloaded when we created our key pair. After that, the next command to be run is:



ssh -i path/to/key.pem ec2-user@bastion-public-ip


Enter fullscreen mode Exit fullscreen mode

Make sure you edit the command as needed before running it. With that, we will be connected to our bastion host and we can now connect to the private instance via SSH from the bastion host. To do that, run the following command:



ssh ec2-user@private-instance-private-ip


Enter fullscreen mode Exit fullscreen mode

That’s all that there is to it. Now close the connection to your EC2 instances by running the edit command



**exit**


Enter fullscreen mode Exit fullscreen mode

command.

Top comments (0)