Skip to main content

AWS VPC Setup Guide for Public and Private Subnets in Mumbai Region (ap-south-1)

This guide will walk you through the process of setting up a Virtual Private Cloud (VPC) in the Mumbai (ap-south-1) region of AWS. The setup includes 3 Public Subnets, 3 Private Subnets across three Availability Zones (AZs), Internet Gateway (IGW), NAT Gateway, and Route Tables.

1. Create a VPC

In AWS, VPC (Virtual Private Cloud) is the primary resource that defines your network.

Steps:

  1. Go to VPC Dashboard in the AWS Management Console.
  2. Click Create VPC:
    • Name: prod-vpc
    • IPv4 CIDR Block: 10.0.0.0/16 (adjust the CIDR as needed).
    • Tenancy: Default (for shared tenancy).
  3. Create VPC.

2. Create Subnets (Public and Private)

We will create 3 Public Subnets and 3 Private Subnets, each located in a different Availability Zone (AZ).

Public Subnets:

  1. Subnet-1 (prod-public-subnet-1):
    • CIDR Block: 10.0.0.0/20
    • Availability Zone: ap-south-1a
  2. Subnet-2 (prod-public-subnet-2):
    • CIDR Block: 10.0.16.0/20
    • Availability Zone: ap-south-1b
  3. Subnet-3 (prod-public-subnet-3):
    • CIDR Block: 10.0.32.0/20
    • Availability Zone: ap-south-1c

Private Subnets:

  1. Subnet-1 (prod-private-subnet-1):
    • CIDR Block: 10.0.48.0/20
    • Availability Zone: ap-south-1a
  2. Subnet-2 (prod-private-subnet-2):
    • CIDR Block: 10.0.64.0/20
    • Availability Zone: ap-south-1b
  3. Subnet-3 (prod-private-subnet-3):
    • CIDR Block: 10.0.80.0/20
    • Availability Zone: ap-south-1c

Steps to Create Subnets:

  1. Go to the VPC Dashboard and click Subnets.
  2. Click Create Subnet and provide the following details:
    • VPC: Select the prod-vpc.
    • Subnet CIDR Block: Use the CIDR blocks mentioned above.
    • Availability Zone: Choose the respective AZ for each subnet.

3. Create Internet Gateway (IGW)

The Internet Gateway (IGW) allows communication between instances in your public subnets and the internet.

Steps:

  1. Go to the VPC Dashboard and select Internet Gateways.
  2. Click Create Internet Gateway.
    • Name: prod-IGW
  3. After creation, Attach the Internet Gateway to the VPC (prod-vpc).

4. Create NAT Gateway

The NAT Gateway allows instances in private subnets to access the internet for updates, downloads, etc., while maintaining security.

Steps:

  1. Create an Elastic IP:
    • Go to EC2 DashboardElastic IPsAllocate New Address.
    • Allocate the IP and note it down.
  2. Create the NAT Gateway:
    • Go to VPC DashboardNAT GatewaysCreate NAT Gateway.
    • Select one of the public subnets.
    • Assign the previously allocated Elastic IP.
  3. Route: Add the route for private subnets to use the NAT Gateway.

5. Create Route Tables

Public Route Table:

  1. Go to VPC DashboardRoute TablesCreate Route Table.
    • Name: prod-public-route-table
    • VPC: Select prod-vpc.
    • Click Create.
  2. Add Route:
    • Destination: 0.0.0.0/0
    • Target: Select Internet Gateway (prod-IGW).
  3. Associate Subnets:
    • Associate the prod-public-subnet-1, prod-public-subnet-2, and prod-public-subnet-3 with the prod-public-route-table.

Private Route Table:

  1. Go to VPC DashboardRoute TablesCreate Route Table.
    • Name: prod-private-route-table
    • VPC: Select prod-vpc.
    • Click Create.
  2. Add Route:
    • Destination: 0.0.0.0/0
    • Target: Select NAT Gateway.
  3. Associate Subnets:
    • Associate the prod-private-subnet-1, prod-private-subnet-2, and prod-private-subnet-3 with the prod-private-route-table.

6. Create Network Access Control Lists (ACLs)

A Network ACL is a stateless firewall for controlling traffic entering and leaving your subnets.

Steps:

  1. Go to VPC DashboardNetwork ACLsCreate Network ACL.
    • Name: prod-acl
    • VPC: Select prod-vpc.
  2. Inbound Rules: Allow HTTP, HTTPS, and other required ports.
  3. Outbound Rules: Allow outbound internet traffic.
  4. Associate with Subnets:
    • Associate prod-public-subnet-1, prod-public-subnet-2, and prod-public-subnet-3 for the public subnets.
    • Associate prod-private-subnet-1, prod-private-subnet-2, and prod-private-subnet-3 for the private subnets.

7. Security Groups

Public Security Group (SG):

  1. Allow inbound traffic on HTTP (80), HTTPS (443), and SSH (22).
  2. Allow all outbound traffic.

Private Security Group (SG):

  1. Allow inbound traffic from the VPC or specific public subnets.
  2. Allow outbound traffic to the internet via NAT Gateway.

8. Architecture Diagram

               +------------------------------------+
               |             AWS VPC               |
               +------------------------------------+
               |  CIDR Block: 10.0.0.0/16          |
               +------------------------------------+
                 /         |          |          \
                /          |          |           \
        +------------+ +------------+ +------------+ +------------+
        | Public Subnet| | Public Subnet| | Public Subnet| | Private Subnet|
        | 10.0.0.0/20  | | 10.0.16.0/20| | 10.0.32.0/20| | 10.0.48.0/20  |
        +------------+ +------------+ +------------+ +------------+
                 |          |            |           | 
         +-----------------------------------------------+
         |                  NAT Gateway                 |
         +-----------------------------------------------+
                 |          |            |           |
        +-----------------+ +------------------+ +-----------------+
        | Private Subnet  | | Private Subnet    | | Private Subnet  |
        | 10.0.64.0/20    | | 10.0.80.0/20      | | 10.0.96.0/20    |
        +-----------------+ +------------------+ +-----------------+
This diagram represents your AWS VPC setup with public and private subnets, NAT Gateway, Internet Gateway, and route tables.
This guide walks you through the process of replicating your AWS infrastructure setup in the Mumbai region (ap-south-1), including the setup of public and private subnets, Internet Gateway, NAT Gateway, and Route Tables.