4. [SAA] VPC Overview and Hands On
Now let’s go ahead and create our own VPC. So VPC stands for Virtual Private Cloud. And you can have multiple VPC in a region up to five of the maximum. But that’s a soft limit. So you can place an eight of a support ticket and then it will increase that limit for you.
And each VPC can have up to five Cider. For each Cider, the minimum size must be slash 28. So it’s 16 IP addresses and the maximum size is slash 16. So 65,536 IP addresses. Because UPC is private, only the private IP ranges are allowed. So just as a reminder, we get this range 100 zero eight. We get this range 172, 116, twelve. And then finally the home network sort of IP address. So 1921-6800 slash 16.
And the really interesting thing is that when you do create a VPC, the Cider you choose should not overlap with your other networks. For example, if you have a corporate network and your 172 does something, then make sure when you create a new VPC that there is no overlapping IP ranges.
Because when you start connecting all of those together, you want to make sure that the IPS are not going to be overlapping. So there’s enough IPS in this world for you to choose non overlapping Cider. Just be very careful with it. So if we look at the state of the hands on, this is what we’ll have at the end. Within the AWS cloud, we will have a VPC with nothing in it. So let’s get started.
So the really easy way to get started with a VPC would be to launch VPC Wizard. But then that would defeat the whole point of learning. So we’re going to create a VPC manually without the wizard and it’s actually going to be better. So we’ll create a VPC, and for this we’ll go into your VPCs and create VPC. The name tag will be demo VPC. And here we have to choose an IPV four Cider block. So for this we’ll choose 1016. That’s the biggest IP Cider block we can choose. If we do slash 15, there will be a problem because the block sizes must be between 16 and 28. So slash 16 is a great idea.
And if we want to know what slash 16 means, we can go back to our website Cider to IP four conversion type in the Cider and we see that the first IP is going to be 100 zero zero, and then the last one is going to be ten 025-5255. So that’s 65,000 IPS. All right, great. For now we’re not going to do IPV six. So we’ll leave no IPV six that are blocked off. And the tenancy is basically how we launch easy two instances within it do we want default, which means shared hardware or dedicated hardware. And this will basically be inherited by when you create an easy to instance. So we’ll select default. We don’t want to have dedicated hardware. Otherwise we’ll pay a whole lot more money.
Okay, click on create and our VPC has been created. Now if we look at our VPC, it looks like there is one Cider block that has been defined. So Cider block is right here. Flow logs. There is nothing tags, there is nothing. But it looks like when we created that demo VPC, it comes with a main root table and a main network ACL that has been created for us. Okay, so what can we look at this? Well, the one thing that I want you to notice is that we’re not limited to just this IPV four Cider block. If you wanted to, you’d be able to edit your ciders by clicking on Edit Cider.
And here we are able to add IPV Six Cider if we wanted to later on or add IPV four cider. So if you wanted to add a cider for IPV four, you could definitely do ten dot, one dot, zero slash 16, which is the next cider. And then you click on yes and automatically would associate that. So you can add up to five VPC IPV Four sider in there to extend your VPC size over time. For now, I don’t need to add this one, so I’ll just remove it. But I just wanted to show you how this were to work if you wanted to add more ciders to your VPC. Okay, so that’s it. Right now we just have the VPC. It’s basically a big container. We haven’t defined any subnets. But guess what, we’ll do that in the next lecture.
5. [SAA] Subnet Overview and Hands On
So next, here comes the time to add subnets. Now, subnets are going to be tied to specific Availability Zones. In this diagram, I’m just doing one AZ. But in practice, we’ll do two AZ just to have some kind of high availability. And so within each AZ, our goal is to create different subnets. And so we’ll create a public subnet and a private subnet, and we’ll see how to make one public and how to make one private in the future, hands on. But for now, basically we’ll create two subnets per AZ that will give us four subnets, and some of them will be public and some of them will be private. Let’s get started. So coming back to this, we’re going to go to subnets, and in subnet we’re going to be able to define subnets.
So the trick is we’re going to define public subnet and private subnets and we’re going to make them different size because usually a public submitted subnet is much smaller than the private subnets because in the public subnet you would put your load balancers only, whereas in the private subnet you would put all your applications, et cetera, et cetera. So let’s go ahead and just create a first subnet. This one, I’ll call it Public Subnet A because it’s going to be an Aza. And the VPC I’m going to choose is my demo VPC. And it looks like we have this Cider right here that’s available for us. So 100 zero, zero slash 16. Now the AZ as a preference will choose us west one A and the IPV four Cider block.
Well, it’s up to you, but I’ll just choose 100 00:24 and that will give us 256 IP. So I’ll keep this. And if we can check again, that Cider block right here, we can calculate it and see that it started at 100 zero zero and ends at dot 255. So 256 IP. That’s good. So I’ll keep this and say create. And this is our first subnet, which worked. And now I’ll create a second subnet called public subnet B. We’ll choose the same VPC. And then in terms of AZ, I’ll put it in EU s one B.
The IP before Cider block will have this one. But this time I’m going to increase the third IP to one, because remember, this last IP we had was 100 zero 255. So the next one is going to be one in here. So I’ll choose this one. And this is going to be good. We have a public subnet B that looks perfect. So the subnet was being created. So here we go. Now we have two subnets, so we can filter by VPC in here, so we can filter by the demo VPC. Sorry, let me refresh this page to show you.
We’re in the subnet right here. And here you can filter by demo VPC and just see the subnets you created. So we’ve created two public subnets, and I’m going to create a private subnet. So private subnet a and this time for the AZ, I’m going to EUs one. But the Cider block, I’m going to make this much bigger. So I will choose ten 00:16. 00:20.
And if you go and just type this out, it’s just me who determine this ahead of time. So if you go and calculate this, this gives you the first IP to be 10160 and the last IP to be ten 00:31 255. And that’s about 4000 IPS. So that’s perfect. I’ll create this as my private subnet A, create it, and finally I’ll create a last subnet. So I’ll create my private subnet B, and the AZ is going to be an EUs one B.
And the Cider block, I’m going to increase from 16 to 32 because the last one I had right here was 31 255. So that’s perfect. Click on create. And here we go. So now we have created four subnets and there are different size. My public subnets have way less IPS, so it’s 24 24, whereas my private subnets have 20, which is about 4000 IPS. And I’ve created them in two AZ so that we have some kind of high availability, but so far we have defined nothing. So that one is going to be private and one is going to be public.
We don’t know how this works yet, and we’ll see this very soon. So one last thing we notice is that the number available IP is not really what we expect it to be. For example, when we have a slash 20, we expect 4096 IP and we get 4091. And when we have a slash 24, we expect 256 IP, but we get 251. So this is a bit odd, right? It seems like there’s a number of five as a difference between the available IPS and the provisioned IP. So why is that? Well, AWS will reserve five IP addresses, the first four and the last one in each subnet. And so that means every time you create a subnet, you’re going to lose five IP addresses. These five IP addresses will not be available and cannot be assigned to an instance.
And for example, if you get a Cider block of 100 zero 00:24, the reserved IP is going to be the first one for the network address, the second one reserved by AWS for the VPC router, the third one for the mapping to the Amazon provided DNS. The fourth one is for future use, so it’s not used just yet. And the last one is the network broadcast address. But because AWS does not support broadcast in a VPC, then the address is reserved and you cannot use it anyway. So there is a very common exam questions, and here’s an exam tip. And it says, oh, we need 29 IP addresses for easy two instances. What subnet size can you choose?
Well, you cannot choose a subnet size of 27 seven, because that is 32 IPS. What you need to do is select a subnet size of 26, which will give you 64 IPS, because if you do 32 minus five, you get 27. And that is less than the 29 IP addresses required for your EC. Two instances. That is a very, very common exam questions. And now you’re ready for it, so hope that’s good. I will see you in the next lecture.