Managed and Cloud Services, Web Hosting and Allied Services for Your Business or Organization

Eugene Murray Demonstates Basic Amazon AWS VPC Design and Implementation

The above diagram demonstrates the design and implementation of the following Amazon AWS VPC components and concepts:

  1. VPC in Region US West (Oregon) us-west-2 with subnet 10.0.0.0/16
  2. Internet Gateway
  3. Public subnet 10.0.1.0/24 in Availability Zone us-west-2a containing:
    1. NAT Gateway: nat-08bf8001405edd53b
    2. Bastion host instance that is also a web server
      1. T2.Micro Instance of Amazon Linux AMI
      2. EBS GP-2 Volume, 8 GiB, 100 / 3000 IOPS
      3. Security Key Pair
    3. Instance ENI-based, stateful security group:
      1. Inbound:
        1. Type: HTTP, Protocol: TCP, Port Range: 80, Source: 0.0.0.0/0
        2. Type: SSH, Protocol: TCP, Port Range: 22, Source: 0.0.0.0/0
        3. Type: RDP, Protocol: TCP, Port Range: 3389, Source: 0.0.0.0/0
      2. Outbound:
        1. Type: ALL Traffic, Protocol: ALL, Port Range: ALL, Destination: 0.0.0.0/0
    4. Subnet-based, stateless Network ACL:
      1. Inbound and Outbound Rules:
        1. Rule #100, Type: HTTP (80), Protocol: TCP (6), Port Range: 80, Source: 0.0.0.0/0, ALLOW
        2. Rule #200, Type: HTTPS (443), Protocol: TCP (6), Port Range: 443, Source: 0.0.0.0/0, ALLOW
        3. Rule #300, Type: SSH (22), Protocol: TCP (6), Port Range: 22, Source: 0.0.0.0/0, ALLOW
        4. Rule #400, Type: RDP (3389), Protocol: TCP (6), Port Range: 3389, Source: 0.0.0.0/0, ALLOW
        5. Rule #500, Type: Custom TCP Rule, Protocol: TCP (6), Port Range: 1024 – 65535, Source: 0.0.0.0/0, ALLOW [for Ephemeral Ports]
        6. Rule #     *, Type: ALL Traffic, Protocol: ALL, Port Range: ALL, Source: 0.0.0.0/0, DENY
    5. Route Table for subnet:
      1. Destination: 10.0.0.0/16, Target: local, Status: Active
      2. Destination: 0.0.0.0/0, Target: igw-c54e08a1, Status: Active
  4. Private subnet 10.0.2.0/24 in Availability Zone us-west-2b containing:
    1. MySQL server instance:
      1. T2.micro Instance of Amazon Linux AMI
      2. EBS GP-2 Volume, 8 GiB, 100 / 3000 IOPS
      3. Security Key Pair
    2. Instance ENI-based, stateful security group:
      1. Inbound:
        1. Type: SSH, Protocol: TCP, Port Range: 22, Source: 10.0.1.0/24
        2. Type: MYSQL/Aurora, Protocol: TCP, Port Range: 3306, Source: 10.0.1.0/24
        3. Type: All ICMP, Protocol: All, Port Range: N/A, Source: 10.0.1.0/24
      2. Outbound:
        1. Type: ALL Traffic, Protocol: ALL, Port Range: ALL, Destination: 0.0.0.0/0
    3. Connection to NAT Gateway in Public subnet (see item 5.2, below)
    4. Subnet-based, stateless Network ACL:
      1. Inbound and Outbound Rules:
        1. Rule #100, Type: ALL Traffic, Protocol: ALL, Port Range: ALL, Source: 0.0.0.0/0, ALLOW
        2. Rule #     *, Type: ALL Traffic, Protocol: ALL, Port Range: ALL, Source: 0.0.0.0/0, DENY
    5. Route Table for subnet:
      1. Destination: 10.0.0.0/16, Target: local, Status: Active
      2. Destination: 0.0.0.0/0, Target: nat-08bf8001405edd53b, Status: Active
  5. VPC Flow Logs and Log Groups

Comments are closed.