Build Your Own AWS Neighborhood 🏡 (VPC Setup for Absolute Beginners)
We’re gonna build an AWS VPC from scratch, step by step, like it’s Minecraft. 🧱
You don’t need to be a pro. You just need a little curiosity and the will to click a few buttons. Let’s do this 🚀
🤔 First things first… What is a VPC?
Imagine AWS is a huge apartment complex. You don’t want random neighbors walking into your place, right? 😤
So, you create a VPC — your own private, fenced-off zone inside AWS.
Inside that VPC:
- You create subnets (little streets in your neighborhood)
- You decide who gets internet access (like “this house has Wi-Fi, that one doesn’t”)
- You place servers (EC2) into your subnets
- You use gateways and security rules to control traffic 🚦
🧭 What We’re Going to Build
By the end of this, you’ll have a:
- 🏠 VPC (your private AWS neighborhood)
- 🌐 Public Subnet (with internet access)
- 🕵️ Private Subnet (no public access, secret stuff lives here)
- 🚪 Internet Gateway (IGW – opens door to internet)
- 🔒 NAT Gateway (only lets private stuff go out, not come in)
- 💻 EC2 Instances: One public, one private
- 🛸 Bastion Host setup: SSH into private EC2 through public EC2 (like a secret agent 😎)
⚙️ Step-by-Step – Easy Mode Activated
🧱 Step 1: Create a VPC
- Go to the VPC section in AWS
- Click “Create VPC”
- Choose “VPC only”
- CIDR block:
10.0.0.0/24(plenty of room, not too big) - Name it something cool like
my-aws-hood - Create 🎉
🛣️ Step 2: Create Subnets
We need two roads in our VPC:
- Public Subnet →
10.0.0.0/25 - Private Subnet →
10.0.0.128/25
Keep them in the same region and AZ (makes testing easier).
🌐 Step 3: Create & Attach Internet Gateway
- Go to “Internet Gateways”
- Click “Create IGW”
- Give it a name (like
main-gate) - Attach it to your VPC
- Boom, you got internet potential! 💥
🗺️ Step 4: Public Route Table
- Create a route table (name it
public-rt) - Add route:
-
* Destination: `0.0.0.0/0` -
* Target: Your **Internet Gateway** - Associate this route table to your Public Subnet
🚗 This is your GPS telling public EC2s: “Go this way to reach Google.”
🛰️ Step 5: NAT Gateway Setup (VIP Exit Only)
- Allocate an Elastic IP
- Create a NAT Gateway in your public subnet
- Use that Elastic IP
- Create another route table (name it
private-rt) -
* Add route: `0.0.0.0/0 → NAT Gateway` -
* - Associate it with your private subnet
This means:
“Hey private EC2, you can go download stuff, but no one’s allowed to find you.” 🕶️
💻 Step 6: Launch EC2s
Public EC2 (bastion):
- Subnet: Public
- Auto-assign public IP: ✅ Yes
- Security Group: Allow SSH (port 22) from your laptop’s IP
- Key pair: Save your
.pemfile!
Private EC2:
- Subnet: Private
- No public IP!
- Security Group: Allow SSH from the bastion EC2’s security group
🧠 Step 7: Connect Like a Hacker (but legally)
From your laptop:
ssh -i tutory_keypair.pem ec2-user@<public-ip> chmod 400 tutory_keypair.pem
ssh -i tutory_keypair.pem ec2-user@<private-ip>
Now you’re inside the private EC2, hidden from the world. This is what pro-level networking feels like 😎
🧪 Want to be a boss? Try this from the private EC2:
curl https://google.comIf you see HTML or a response, your NAT Gateway works.
If it fails… oops, time to troubleshoot (but you got this 💪)
💡 Tips from the Battlefield
- Key file not working?
-
Run: `chmod 400 tutory_keypair.pem` - SSH not connecting to private EC2?
-
* Check security groups -
* Check routing -
* Check subnet associations - Ping not working? AWS blocks ICMP unless you allow it
🎯 What You Just Learned
- VPC = your private space in AWS
- Public subnet = access to internet
- Private subnet = locked down but still smart
- IGW = full open door
- NAT = one-way window to the internet
- Route tables = traffic control
- Bastion = your gateway into private things, like a cloud ninja
🧙 Final Words of Wisdom
Learning AWS isn’t about memorizing — it’s about building, breaking, and laughing at your own mistakes. 😂
Now go flex this setup on your friends, in your interviews, or on that one guy in your team who says “networking is easy” but never touched a NAT Gateway. 😉