Azure VPC/Vnet Setup Guide for Public and Private Subnets
This document provides a step-by-step guide for replicating an AWS VPC infrastructure in Azure, with an equivalent setup for subnets, route tables, Internet Gateway, NAT Gateway, and Network Security Groups (NSGs).
1. Create a Virtual Network (VNet)
In AWS, a VPC is equivalent to a VNet in Azure. This is the first step to replicate your AWS infrastructure.
Steps:
-
Create a new Virtual Network:
- Resource Group: Create or select an existing resource group.
- Name:
prod-vnet - Region: Central India (or another region closest to Mumbai)
- Address space: Use the same CIDR range as your VPC, e.g.,
10.0.0.0/16.
-
Add Subnets:
- Public subnets:
- Subnet-1 (prod-public-subnet-1):
10.0.0.0/20 - Subnet-2 (prod-public-subnet-2):
10.0.16.0/20 - Subnet-3 (prod-public-subnet-3):
10.0.32.0/20
- Subnet-1 (prod-public-subnet-1):
- Private subnets:
- Subnet-1 (prod-private-subnet-1):
10.0.48.0/20 - Subnet-2 (prod-private-subnet-2):
10.0.64.0/20 - Subnet-3 (prod-private-subnet-3):
10.0.80.0/20
- Subnet-1 (prod-private-subnet-1):
- Public subnets:
-
Click Create.
2. Create and Assign Route Tables
Steps:
-
Create two Route Tables:
- prod-public-route-table
- prod-private-route-table
-
For prod-public-route-table:
- Route:
0.0.0.0/0→ Internet Gateway
- Route:
-
For prod-private-route-table:
- Route:
0.0.0.0/0→ Virtual Network Gateway (for NAT Gateway)
- Route:
-
Associate Route Tables with Subnets:
- Public subnets: Associate with prod-public-route-table
- Private subnets: Associate with prod-private-route-table
3. Set Up Internet Gateway (Public IP)
Azure uses a Public IP Address and Load Balancer for public-facing resources.
Steps:
- Create a Public IP Address for the Internet Gateway.
- Assign the public IP to a Load Balancer or VM for internet-facing resources.
4. Set Up NAT Gateway
Steps:
- Go to NAT Gateway in Azure.
- Create a NAT Gateway:
- Assign a public IP.
- Associate the NAT Gateway with the private subnets.
5. Set Up Network Security Groups (NSGs)
Steps:
-
Create NSGs:
- Public NSG: Allow inbound internet traffic.
- Private NSG: Allow traffic only from within the VNet or specific subnets.
-
Assign NSGs to respective subnets:
- Public subnets: Assign the Public NSG.
- Private subnets: Assign the Private NSG.
6. Deploy Resources
- Validate your network setup by deploying VMs in the following manner:
- VM in Public Subnet: Test internet connectivity.
- VM in Private Subnet: Verify traffic flow through the NAT Gateway.
7. Monitoring and Automation
- Use Azure Monitor for logging and monitoring traffic.
- Add alerts for traffic anomalies or misconfigurations.
- For repeated setups, use Azure CLI, PowerShell, or Terraform for automation.
Architecture Diagram
+------------------------------------+
| Azure VNet |
+------------------------------------+
| Address Space: 10.0.0.0/16 |
+------------------------------------+
/ | | \
/ | | \
+------------+ +------------+ +------------+ +------------+
| Public Subnet| | Public Subnet| | Public Subnet| | Private Subnet|
| 10.0.0.0/20 | | 10.0.16.0/20| | 10.0.32.0/20| | 10.0.48.0/20 |
+------------+ +------------+ +------------+ +------------+
| | | |
+-----------------------------------------------+
| NAT Gateway |
+-----------------------------------------------+
| | | |
+-----------------+ +------------------+ +-----------------+
| Private Subnet | | Private Subnet | | Private Subnet |
| 10.0.64.0/20 | | 10.0.80.0/20 | | 10.0.96.0/20 |
+-----------------+ +------------------+ +-----------------+This diagram represents your VNet, subnets (both public and private), and NAT Gateway setup in Azure.