Skip to content

How to manage an AWS VPC

This how-to assumes:

It will teach you how to create a best practice AWS VPC and manage it with System Initiative.

We will cover:

  • The creation of a highly available VPC that spans multiple availability zones.
  • A VPC configured with public and private subnets.
  • The networking required to allow outbound traffic for resources on the private subnets.
  • The networking required for the communication with the internet.

What it will look like when completed

When you have completed this guide, you should have components that look like this in your diagram:

AWS VPC Diagram

Walkthrough

Create a change set

Create a change set

Create a change set named VPC How-to.

Create AWS Credentials

Add a AWS Credential to your change set and configure your AWS credentials

Select an AWS Region

Select an AWS Region

Add a AWS Region to your change set and set the region property to us-east-1.

Create a VPC component

Create a VPC component

Add a VPC to your us-east-1 region frame.

Set the component type to be Down Frame and expand it to fill the region frame.

Set the component name to be How to VPC.

Set the CidrBlock to be 10.0.0.0/16

Enable EnableDnsHostnames.

Enable EnableDnsResolution.

Create the Public Subnet Components

Create the Public Subnet Components

This VPC will span multiple availability zones in our AWS Region. Add 3 Subnet components to your VPC frame and configure them as follows:

Component NameCidrBlockAvailabilityZoneIsPublic
Public 110.0.128.0/20us-east-1atrue
Public 210.0.144.0/20us-east-1btrue
Public 310.0.160.0/20us-east-1ctrue

Set the component type for each of the public subnet components to be Configuration Frame (down).

Create the NAT Gateway Components

Create the NAT Gateway Components

Add a NAT Gateway component to each of the Public subnet frames.

Set name names of the component to be NAT Gateway (1|2|3) - the index should align with the subnet it is inside.

Create the Elastic IPs for each NAT Gateway

Create the Elastic IPs for each NAT Gateway

To each of the Public subnet frames, add an Elastic IP component.

Set the names of the components to be NAT Gateway IP (1|2|3) - the index should align with the subnet it is inside, and match the NAT Gateway component.

Connect the Allocation ID output socket of the Elastic IP component to the Allocation ID input socket of the NAT Gateway component. The connections should be in the same subnet.

Create the Public Route Table Component

Create the Public Route Table Component

Add a Route Table component to the VPC frame.

Set the component type to be Configuration Frame (down).

Set the component name to be Public Route Table.

Connect the Subnet ID output socket of the Public Subnet components to the Subnet ID input socket of the Public Route Table component.

Create a Route Component

Create a Route Component

Add a Route component to the Public Route Table frame.

Set the component name to be Route to Internet.

Set DestinationCidrBlock to be 0.0.0.0/0.

Create the Internet Gateway Component

Create IGW

Add an Internet Gateway component to the VPC frame.

Set the name to be IGW.

Connect the Gateway ID output socket of the IGW component to the Gateway ID input socket of the Route to Internet component in the Public Route Table frame.

Create the Private Subnet Components

Create the Private Subnet Components

Add 3 Subnet components to your VPC frame and configure them as follows:

component nameCidrBlockAvailabilityZone
Private 110.0.0.0/19us-east-1a
Private 210.0.32.0/19us-east-1b
Private 310.0.64.0/19us-east-1c

Set the component type for each of the public subnet components to be Configuration Frame (down).

Create the Private Route Table Components

Create the Private Route Table Components

To each of the Private subnet frames, add a Route Table Component.

Set the name to be Private Route Table 1(2|3) - the index should align with the subnet frame it is inside.

Set the component type for each of the Private Route Table components to be Configuration Frame (down).

Create the Private Route Components

Create the Private Route Components

Add a Route component to each of the Private Route Table frames.

Set the component name to be Route to Internet (1|2|3) - the index should align with the route table frame it is inside.

Set DestinationCidrBlock to be 0.0.0.0/0.

Connect the output socket NAT Gateway ID of NAT Gateway 1 component to the NAT Gateway ID input socket of Route to Internet 1 component.

Connect the output socket NAT Gateway ID of NAT Gateway 2 component to the NAT Gateway ID input socket of Route to Internet 2 component.

Connect the output socket NAT Gateway ID of NAT Gateway 3 component to the NAT Gateway ID input socket of Route to Internet 3 component.

Apply your Change Set

Apply your Change Set

Press Escape or click anywhere on the canvas background to select the Workspace.

Click the Apply Change Set button to:

  • Create a VPC component
  • Create 6 Subnets
  • Create an Internet Gateway
  • Create 3 Elastic IPs and 3 NAT Gateways
  • Create 4 Route Tables and 4 Routes

Explore your resources

Explore your resources

Review the completed AWS resources by clicking the Resource sub-panel for each of your new resources.

Clean Up

Create a new change set called Clean up VPC How-to

Delete your VPC How-to VPC frame. All of the components inside will be marked for deletion.

Click Apply Change Set.

All your new resources should be deleted from your AWS account.