- Create a VPC
Login to the AWS Management Console
SearchVPCand select VPC from the Services dropdown
SelectCreate VPC
ChooseVPC only, label the VPCmyvpc, selectIPv4 CIDR manual inputand enter10.99.0.0/16, Selectno IPv6 CIDR block, click Create VPC
(wait for 30-40 seconds for completion)
Selectmyvpcto view the creation status
Select `Route tables` on the left navigation panel
Edit the default route-table, and add a tag `Name="public"`, click save.
Create a new route-table, add a default Name `Private`, click save.
Select `Subnets` on the left navigation panel
Create the first subnet, label the subnet `public`, enter a CIDR `10.99.0.0/24`, select zone `no preference`, click Create Subnet
Create the second subnet, label the subnet `private1`, enter the CIDR `10.99.1.0/24`, select zone `us-east-1d`, click Create Subnet
Create the third subnet, label the subnet `private2`, enter the CIDR `10.99.1.0/24`, select zone `us-east-1b`, click Create Subnet
Edit the private subnet(s) you just created
Navigate to Route Table, in the bottom navigation panel, select `Edit route table association` and select the `private` route table
2. Create an Elastic IP
Select `Elastic IP Addresses` on the left navigation panel
Select `Allocate Elastic IP address`, click Create
3. Create Security Groups
Select `Security Groups`, lower down on the left navigation panel
Select `Create security group`, label the group `public`, enter a description `sg for public endpoints`, choose the VPC from the dropdown (note the tag in brackets should read `myvpc`).
Create Ingress FW Rules
- SSH (tcp/22) from my home wan ip (52.6.187.152/32)
- HTTP (tcp/80) from ANY public ip (0.0.0.0/0)
- HTTPS (tcp/443) from ANY public ip (0.0.0.0/0)
Create Egress FW Rules
- DNS (udp/53) to ANY public ip (0.0.0.0/0)
- HTTP (tcp/80) to ANY public ip (0.0.0.0/0)
- HTTPS (tcp/443) to ANY public ip (0.0.0.0/0)
- MySQL (tcp/3306) to `private` subnet (10.99.1.0/24)
Click `Create security group`
Select `Create security group`, label the group `private`, enter a description `sg for private endpoints`, choose the VPC from the dropdown (note the tag in brackets should read `myvpc`).
Create Ingress FW Rules
- MySQL (tcp/3306) from `public` subnet (10.99.0.0/24)
Click `Create security group`
4. Create a SSH key private/public key pair using
- `ssh-keygen -t rsa -N "" -b 2048 -C "simon.jackson"`
- (may not be required) convert the private key using `openssl rsa -RSAPublicKey_in -in -in id_rsa -pubout -out id_rsa.pub.pem`
Save the `-----BEGIN OPENSSH PRIVATE KEY-----` file to .\aws.rsa.key
Save the `ssh-rsa xxxxxxx` file to .\aws.rsa.pub
5. Create the EC2 Instance
Search `EC2` and select EC2 from the Services dropdown
Select `Launch Instance`, label the instance `myec2`, cloose `Amazon Linux 2023 AMI` image, ensure the instance type is `t2.micro`. Select `create new key pair`, upload PRIVATE PEM and click OK. Save the downloaded PUBLIC PEM. Improt and convert to Putty PPK format later for use with Putty).
Select the network dropdown, select `myvpc` from the list
Select the subnet dropdown, select `public` from the list
Choose `Existing security group` and expand the dropdown, my list didn't update immediately, select the refresh icon to the side of the dropdown, select `public`
Expand the EBS volume from `8`gb to `20`gb. Click `launch instance`
6. Create an Internet Gateway
Search `VPC` and select VPC from the Services dropdown
Select `Internet Gateway` from the left navigation panel
Click `Create internet gateway`, label it `myigw` and click ok
Select the new internet gateway, select Actions > Attach to vpc, choose `myvpc` and click `Attach`
7. Associate the Elastic IP with the EC2 instance
Navigate to `Elastic IPs` on the lower left navigation panel
Select the one IP address created earlier (18.211.73.73), and select Actions > Associate Elastic IP address, select the instance from the dropdown.
8. Create an RDS database instance
Search `RDS` and select RDS from the Services dropdown
Select the `Create database` button, choose `Standard create`, and select `MySQL`, choose `community edition`, with engine version `5.7.44`. Select the `free tier` template. Under Settings set db instance identifier to `rdsinstance`, admin username to `rds_user` and password set to `fcWeWBWDFARc3Eqx7dswY2R7`. Under Instance configuration choose `db.t3.micro`. Under Connectivity `do not connect` an ec2 compute resource. Leave network-type as IPv4. Replace the VPC with `myvpc`, and `create new db subnet group`, with public access OFF, select the VPC secrurity group called `private`. Leave CA as default, and password authentication as default. Click `Create database`.
Note: in my first attempt, i had to circle back to create a second private subnet, as the DB subnet group requires subnets in at least 2x availability zones.