For outbound communication we need a IGW
VPC:IGW = 1:1
Enable DNS Hostnames while creating the VPC
A VPC can have any number of routes
After creating the VPC, we create the subnets
Subnets should be created in separate Availability zone in the same Region
We can have multiple Routing Tables inside a VPC:
A Routing table has got to be attached to a VPC
A VPC can have any number of routing tables
A subnet should be associated in the routing table , for the traffic to be route
A subnet should not be present in multiple routing tables.
1) Create a VPC ( Enable Default Hostnames )
2) Create the subnets and associate to the VPC ( Enable Auto Enable IP Addresses )
a) The subnets in the same VPC should have a different CIDR
b) All the Avaliability Zones in the VPC are interconnected
c) Even though the subnet is configured for a different Avaiilability Zone
3) Create a InternetGateway - if we want our traffic to go out
4) Create a Routing Table and associate the subnets to this routing table , also create the route
5) Create Security Groups ( All Traffic ) Virtual Firewall
6) Created Key pair
7) Created EC2 instance
8) Created Elastic IP and assigned to EC2 instance ( Because auto assign public ip was not enabled )
9) Converted ppem to ppk ( only for windows )
Routing Table:
The Instance in the subnet checks where it is going in the Routing Table
This is in the destination field.
If the traffic is going to 10.1.0.0/16 , it says local, which means it uses the local router in the VPC
0.0.0.0/0 means, Any where, So for this route, All the traffic except the local, use the Gateway that is attached to this route.
Which here in our case will be IGW. ( Not NAT or VPGW - These two are different )
Security Groups:
By Default , we will have a Routing Table and security Group
We will not be using them
Security groups are virtual firewalls
We control the INBOUND Traffic
For outbound, we do not control.
No comments:
Post a Comment