- [Alana] In this video, you'll be learning how to create a VPC. With Morgan's help, we'll be both conceptualizing and building a VPC throughout the next few videos. The idea of the VPC is similar to how you think of walls around a data center. In a data center, walls act as the boundary between the outside world and all of your infrastructure. A VPC in AWS acts the same way. It creates a boundary where your applications and resources are isolated from any outside movement. So nothing comes into the VPC, nothing comes out of the VPC without your explicit permission. When you create a VPC you have to declare two specific settings, the region you're selecting and the IP range for the VPC in the form of CIDR notation. For our VPC, we'll be locating it in the region where the rest of our infrastructure will be, the Oregon region and our IP range we'll say is 10.1.0.0/16. All right, so currently our VPC just looks like a box but with Morgan's help, we're going to build this out. All right, let's call Morgan. Hey Morgan, are you there? - [Morgan] Yep, I'm here. What do we need? - [Alana] I was hoping you could build us a VPC that matches this diagram. - [Morgan] Sure, let's do it. If you're looking at the console, you'll first check to make sure that you're in the correct region by clicking in the upper right-hand corner. - Alana mentioned that we're going to run out of the Oregon region. So we'll go ahead and make sure that this says Oregon. Once we choose the right region, we can now build our network, you'll type VPC in the service search bar and that will bring up your VPC dashboard for this region. From there, you'll click on your VPCs and then Create VPC. Now we have a few settings to configure. We'll put in the IP range which is 10.1.0.0/16 and the VPC name which we'll say is app-vpc. We'll leave the rest as default and then click Create VPC, easy as that. - Okay, Alana, what's next? - [Alana] Nice, that was fast. After you create your VPC, you then divide the space inside the VPC into smaller segments called subnets. You put your resources. such as your EC2 Instances, inside of these subnets. The goal of these subnets is to provide more granular controls over access to your resources. So if I have public resources like our employee directory app, that we want to be accessed over the internet, I could put those resources inside a subnet with internet connectivity. If I have more private resources like a database, I could create another subnet and have different controls to keep those resources private. To create a subnet, you need three main things, the VPC you want your subnet to live in which is this one, the AZ you want your subnet to live in, in this case we'll choose AZ-A or in other words US-West-2a and then the IP range for your subnet which must be a subset of the VPC IP range. For this we'll choose the IP range, 10.1.1.0/24. We'll call this our public subnet for public facing resources. Then we'll create another subnet for our private resources. We'll place it in the same AZ, specify a different non-overlapping IP range, say 10.1.3.0/24 and then name it our private subnet. All right, now that we've got two subnets added to our VPC, it's time to put Morgan to the test again and have her build these out. And this time I'm timing her. - [Morgan] Okay, we're on a time limit here. So let's create these subnets. Let's go ahead and start creating the public subnet. Back in the console, we'll click on Subnets in the side panel and then select Create Subnet. Back in the console, we'll click on subnets in the side panel and then select Create Subnet. Then we'll select the VPC we're working with, in this case it's the app VPC that we just created. Once you do that, you'll be prompted to provide a name. We'll call this public subnet one. Then we choose the AZ which Alana mentioned was US-West-2a and then the IP range of this subnet will be 10.1.1.0/24. We'll leave the rest as the defaults. Scroll down to the bottom and click Add New Subnet. Now we're going to repeat the same steps for our private subnet. Give it a name such as Private Subnet 1, put it in the same availability zone US-West-2a and then type in the IP range 10.1.3.0/24. Now we can click Create Subnet and both subnets will be created. All right, Alana, what was my time? - Well, that was so fast that my watch didn't even register it. Wow, okay. Moving on. As we mentioned earlier, when you create a new VPC, all the resources you put in it are isolated and only have access to other resources in that VPC by default. For websites like our employee directory application, we want users to access our site over the internet. To enable internet connectivity, we need a component called an internet gateway. Think of this gateway as similar to a modem, just as a modem connects your computer to the internet, the internet gateway connects your VPC to the internet. When you create an internet gateway, you then need to attach it to your VPC. If you create an internet gateway and don't attach it, it won't do anything except sit there. Okay, Morgan, show us how it's done. Create an internet gateway and attach it to our VPC. - All right, so let's hop back in. Back in the VPC dashboard, you'll click on Internet Gateways in the side panel, then Create Internet Gateway. You'll give the internet gateway a name and then click Create. On the Details page, you'll then select the actions dropdown box and select Attach to VPC. Choosing the app-VPC we've been working with and then you'll click Attach. Back to you Alana. - Oh, sorry, I thought I'd have a bit more time to drink my tea, right, okay. What's next? So we have an internet gateway that we can use to allow access from the internet. But what if we had a VPC with all internal private resources that we want to reach only from our On-premise data center. If we only want traffic to flow between AWS and our data center and we don't wanna allow direct access from the internet, what do we do? Luckily, there's another gateway designed for this very purpose called a Virtual Private Gateway or VGW. It allows you to create a VPN connection between a private network like an On-premise data center or internal corporate network to your VPC. With the help of a VGW, you could establish an encrypted VPN connection to your private internal AWS resources. We won't be using a VGW for our application but it's good to know anyway. All right, so we have one VPC, two subnets and an internet gateway attached to the VPC. Now, every time you look at an architecture, you should begin to think, how do I make this better? You're not gonna have all the answers right away but I do want you to take 10 seconds and think about some solutions. (ticking effect) Okay, well, one option to make this better is the idea of having high availability. What that means is if this AZ goes down for whatever reason, what happens to our resources in that AZ? They go down too. So ideally, we would have resources in another easy to take on the traffic coming to our application. To do this, we'd need to duplicate the resources in this AZ into the second AZ. So that means we need to create two additional subnets each within another AZ, say AZ b. All right, you get the point. You'll be able to create these additional subnets yourself later on in the exercise. But in the meantime, Morgan is going to build these out in the background for the rest of our demos. She's also going to launch an EC2 Instance hosting our application and one of the public subnets. Sound good, Morgan? - Sounds good, I'll get right on that. - Okay, we'll see you next time.
