00:00:00
Hello friends welcome to codage in this
00:00:03
session we will see how to create VPC
00:00:05
with public and private subnets we will
00:00:08
set up an application load balancer with
00:00:10
ec2 instances which will be from private
00:00:13
subnet so first let's understand the
00:00:15
setup with the help of diagram so in the
00:00:18
AWS Cloud we will first create a VPC and
00:00:21
in the VPC we will use two availability
00:00:24
zones and in each a we will deploy the
00:00:27
private subnet and the public subnet so
00:00:30
at the end we will have two private
00:00:31
subnet and the two public subnet from a
00:00:34
then we will create routing table which
00:00:36
will get associated with the public
00:00:38
subnet and another routing table for the
00:00:41
private
00:00:42
subnet after that we will create
00:00:44
internet gateway and we will create a
00:00:46
net Gateway in the public subnet then we
00:00:48
will add entry in the public subnet
00:00:50
routing table for the internet gateway
00:00:53
because of which components deployed in
00:00:55
the public subnet will get the access to
00:00:57
the internet next we will add add entry
00:01:00
for the N Gateway in the routing table
00:01:02
of private subnet because of which
00:01:05
components deployed in the private
00:01:07
subnet will get access to the internet
00:01:09
using the NAD
00:01:11
Gateway after that we will deploy ac2
00:01:13
instance in the private subnet and we
00:01:16
will create application load balancer
00:01:17
and deploy it into the public
00:01:20
subnet now when an E2 instance in a
00:01:22
private subnet want to access the
00:01:24
internet for example to download the
00:01:27
updates or to access the external
00:01:28
services in that case it will send the
00:01:31
outbound request then route table
00:01:33
associated with the private subnet will
00:01:35
direct all the internet bound traffic to
00:01:37
the net Gateway the net Gateway is
00:01:40
responsible for translating the private
00:01:42
IP addresses of the acc2 instances to
00:01:45
its own public IP addresses then it will
00:01:48
send request to the internet gateway and
00:01:50
using internet gateway it will get
00:01:52
access to the
00:01:54
internet though C2 instance has access
00:01:57
to the internet it is not possible to
00:01:59
access the E2 instance directly with the
00:02:01
N Gateway so let's say for example now
00:02:05
user want to access the application that
00:02:07
is deployed in the ac2 instance then
00:02:09
what user can do user will call the URL
00:02:11
of application load balancer so that
00:02:14
request will go first to the internet
00:02:15
gateway internet gateway will forward
00:02:17
that request to the application load
00:02:19
balancer and application load balancer
00:02:21
will forward that request to the ec2
00:02:23
instance that is in the private subnet
00:02:26
and E2 instance will forward the
00:02:28
response in the same way to the
00:02:29
application load balancer application
00:02:31
load balancer will forward that response
00:02:33
to the internet gateway and internet
00:02:35
gateway will forward that request to the
00:02:38
user so let's move on the handstone I
00:02:41
will demonstrate all this
00:02:43
configuration so in the AWS console
00:02:45
search for the
00:02:50
VPC and click on the create VPC
00:02:53
button so here there are two option one
00:02:56
with the VPC only and second option is
00:02:59
VPC and more so if you select this VPC
00:03:02
only option then you can create the VPC
00:03:04
then you will have to configure the
00:03:06
routes and the subnets manually one by
00:03:08
one after creation of VPC but if you
00:03:11
select the VPC and Moree option so you
00:03:13
can see the graphical representation of
00:03:15
the configuration and you can do all the
00:03:17
setup from the single screen okay so we
00:03:20
are going to select this VPC and more
00:03:23
option then next option is to give the
00:03:25
name for your projects so if you uncheck
00:03:27
this option that is autogenerated in
00:03:30
that case you can give the name for all
00:03:32
the components manually but I'm going to
00:03:34
select autogenerate so that it can
00:03:36
autogenerate name for the all the
00:03:38
components okay so I'm giving name as a
00:03:41
YT demo okay so you can see the names
00:03:46
are autogenerated so you can see VPC
00:03:48
name will be YT demo VPC then these are
00:03:51
the subnets that we are going to create
00:03:53
okay so we are going to use two
00:03:55
availability zone so first one will be
00:03:57
AP South 1 a second will be AP South 1B
00:04:01
and each availability Zone you can see
00:04:02
there are two subnets we are going to
00:04:04
create first is a public subnet and
00:04:06
second is a private same way in the
00:04:08
second a you can see there is one public
00:04:10
subnet and the private subnet and the
00:04:13
routing table section you can see for
00:04:15
the public subnet it has this routing
00:04:18
table and for the private subnet we are
00:04:20
going to have two routing table okay so
00:04:24
here you can create a single route table
00:04:26
for the two private subnet or you can
00:04:28
have route aable for the each private
00:04:30
subnet okay then next is a internet
00:04:33
connection so this is a internet gateway
00:04:36
that is going to get created with this
00:04:39
configuration okay so next section is to
00:04:42
provide the IP address in this iport CER
00:04:44
block so what is this CER block so CER
00:04:48
means classless interdomain routing
00:04:50
notation so it's commonly used to
00:04:52
represent the range of IP addresses in
00:04:55
the network or the
00:04:57
subnet so this CER notation combines the
00:05:00
IP address this one with the prefix
00:05:03
length that is 16 okay so what is the
00:05:06
meaning of this so This IP address
00:05:09
represent the network and this prefix
00:05:11
length this indicates the number of
00:05:14
significant bits in the network subnet
00:05:17
mask okay so let's understand this with
00:05:19
the help of example so let me search for
00:05:21
The Cider calculation or CER
00:05:28
calculator
00:05:30
so let's go with this
00:05:34
link now let's say we are giving address
00:05:37
as a
00:05:38
11.0.0 point0 so let's provide the same
00:05:42
IP address
00:05:45
here and let's say if you give length as
00:05:47
a 16 in that case what will happen we
00:05:50
will have this many IP address available
00:05:53
to assign in the
00:05:54
subnet and this first 16 bit will be the
00:05:57
same for the all the component in the
00:06:00
subnet and this next 16 bits going to
00:06:03
change now if you change it to the 24 in
00:06:07
that case only 256 IP address will be
00:06:10
available in the subnet and first 24
00:06:13
bits will be same for the all the IP
00:06:16
addresses in the subnet and this last
00:06:19
eight bits are going to change now let's
00:06:22
say if you make this 32 in that case you
00:06:26
can assign only one IP address okay so
00:06:29
as per your requirement you can give the
00:06:31
prefix length so here we are going to
00:06:34
give prefix length as a 16 so here you
00:06:36
can see the available IP
00:06:39
addresses next we are not going to use
00:06:41
IPv6 cider block then tency will be
00:06:45
default one the number of avability Zone
00:06:48
we are going to select
00:06:50
two the number of public subnet we are
00:06:52
going to create
00:06:53
two then number of private subnet we are
00:06:56
going to create two then net Gateway so
00:06:59
we want net Gateway in one of the a so
00:07:02
you can see it has added the component
00:07:04
for the net Gateway
00:07:08
here next we don't need VPC endpoint so
00:07:11
I will select it as a none then Mark
00:07:14
this check box as enable for DNS host
00:07:17
name and the resolution let's click on
00:07:19
the create
00:07:22
VPC so it will take some time to create
00:07:25
the VPC so let me pause the
00:07:28
video
00:07:30
okay so our VPC is created so let's
00:07:32
click on this view VPC
00:07:35
button so this is the configuration for
00:07:38
our VPC now if you go into
00:07:42
subnets so these are the all the subnets
00:07:44
that is available in your region okay so
00:07:47
let's select your VPC so this one is the
00:07:50
default VPC and this is the VPC that we
00:07:52
have created just now so let me select
00:07:54
this and here you can see the subnets
00:07:57
that we have created so let me sort it
00:08:00
with the name so these are the two
00:08:02
private subnets that we have created and
00:08:04
these are the two public subnet and if
00:08:07
you select any one of the
00:08:09
subnet here you can find the more detail
00:08:11
about the subnet okay so if you go into
00:08:14
a route table and here you can see the
00:08:17
entry for the net Gateway so because of
00:08:20
this net Gateway it will get access to
00:08:22
the internet right now if you go in the
00:08:26
details here you can find the IP address
00:08:28
so this is the IP address for this
00:08:32
private subnet okay let me select
00:08:34
another uh subnet that is public subnet
00:08:37
and if you go into the route table here
00:08:40
you can find the entry for the internet
00:08:42
gateway for the public subnet okay now
00:08:46
if you want to see all the route table
00:08:48
so let's click on this route table
00:08:50
option
00:08:51
here so these are the routing tables for
00:08:54
your
00:08:55
VPC so this is the routing table for the
00:08:58
private subnet
00:08:59
this is also routing table for the
00:09:01
private subnet and if you click on the
00:09:04
routes here you can see the routes for
00:09:06
this private subnet and if you want to
00:09:09
see the subnets associated with this
00:09:10
route table you can click on this subnet
00:09:13
Association so this route table is
00:09:15
associated with this subnet okay that is
00:09:18
private to AP South 1B and if you want
00:09:22
to see the subnet associated with this
00:09:24
another route table you can see the
00:09:27
private one AP South
00:09:29
hypon 1 a
00:09:31
subnet and this route table is
00:09:33
associated with the two subnet that is
00:09:35
public
00:09:36
subnet now if you go into the internet
00:09:39
gateways
00:09:40
option here you can find the detail for
00:09:42
the internet gateway and in the net
00:09:45
Gateway you can find the list of net
00:09:47
gateways so this is the net Gateway we
00:09:49
have created for our private
00:09:52
subnet now next what we will do we will
00:09:54
deploy the2 instance in the private
00:09:57
subnet so let's search for the
00:10:04
ac2 and let's click on the launch
00:10:09
instance so let me give it name as ac2
00:10:12
yt1 so you can give any name for your
00:10:15
rec2 then I will select Amazon
00:10:19
Linux machine image will be Amazon Linux
00:10:22
2023 Ami which is free tier eligible
00:10:27
then instance type I'm going to select
00:10:28
as the t2 micro so I'm not going to use
00:10:32
Keir so I'm selecting here as a proceed
00:10:34
without Keir okay next in the network
00:10:37
setting so this is the default VPC
00:10:40
available for this region so click on
00:10:42
this edit option here and select the VPC
00:10:45
that we have just created so this is the
00:10:47
VPC that we have created right YT demo
00:10:50
VPC then in the submit section select
00:10:53
the private subnet so it is already
00:10:55
selected here and you can see all the
00:10:57
subnets available so so we are going to
00:10:59
deploy this ac2 instant in the private
00:11:02
one
00:11:03
subnet then Auto assign public IP that
00:11:06
is disabled so we will keep this option
00:11:08
as a
00:11:09
disabled then next is a create Security
00:11:12
Group so we want to create a new
00:11:13
security group so I'm giving it name as
00:11:16
a YT
00:11:18
ec2 VPC SG so you can give any name for
00:11:22
your Security
00:11:24
Group then next I am allowing SSS
00:11:27
traffic for now
00:11:30
and let's click on the Advan
00:11:32
details and let's go into the user data
00:11:35
section so here we will provide the
00:11:37
commands to install the Apachi HTP
00:11:40
server in the ec2 instance so that we
00:11:42
can get some response from the ec2 so
00:11:45
this is the script to install the Apachi
00:11:48
server so what I'm doing here so first
00:11:50
I'm updating and installing the Apachi
00:11:52
server then I starting the apachi HTTP
00:11:55
server then here I'm creating the HTML
00:11:58
so what I'm doing here it will return
00:12:01
the message from this poost name so it
00:12:03
will print the IP address of that ac2
00:12:05
instance and I'm deploying this HTML
00:12:08
into this directory okay and these
00:12:12
commands are going to execute as a root
00:12:14
user for the first time only so let's
00:12:16
click on this launch
00:12:21
instance okay our first instance is
00:12:24
created so let's create a new instance
00:12:25
and we will deploy it into the second
00:12:28
private sub
00:12:29
so let's click on the launch instance
00:12:33
here and name I'm giving as ac2
00:12:38
yt2 and the same configuration I'm going
00:12:41
to select
00:12:42
here so key pair will be we are not
00:12:44
going to select any key paare here then
00:12:47
let's edit this network setting select
00:12:50
the VPC that we have created and let's
00:12:53
select the second private subet that is
00:12:55
private
00:12:57
2
00:13:01
and let's select the same security group
00:13:03
that we have created in the previous
00:13:04
configuration that was this
00:13:06
one okay and let's go into the advance
00:13:10
detail and copy the same commands to
00:13:12
install the Apaches HTTP server and
00:13:15
click on the launch
00:13:22
instance okay so our two instance are
00:13:25
running in the private subit so let me
00:13:27
click on one of the in
00:13:30
and here you can see the private IP
00:13:32
address for the acc2 instance and it
00:13:34
don't have public IP address okay now
00:13:37
next what we will do we will create the
00:13:38
application load balancer so let's
00:13:40
select the load balancer option
00:13:44
here click on the create load
00:13:47
balancer and here we are going to select
00:13:49
the application load balancer click on
00:13:51
the
00:13:52
create so let me give it name as a ALB
00:13:56
YT
00:13:57
demo then
00:13:59
it will be internet facing IP address
00:14:02
type will be IP
00:14:03
V4 and here let's select the VPC that we
00:14:06
have
00:14:07
created okay so these are the easy
00:14:10
available for this application load
00:14:11
balancer so let's click on this and here
00:14:15
select the public subnet okay so
00:14:18
application load balancer we are going
00:14:19
to deploy in the public subnet so let's
00:14:22
select the second a as well and select
00:14:25
the public submit that is public two
00:14:28
okay then Security Group so let's create
00:14:30
a new Security Group here so let me
00:14:32
click on this create new Security Group
00:14:37
option let me give it name as a ALB SG
00:14:42
that is application load balancer
00:14:43
Security Group let's copy the same thing
00:14:46
in the description so VPC that will be
00:14:49
our YT demo
00:14:56
VPC so we will allow all
00:14:59
traffic from
00:15:02
internet and let's click on the create
00:15:04
Security
00:15:06
Group okay so our security group for ALB
00:15:09
is created let's go back into the ALB
00:15:11
configuration let's click on this
00:15:13
refresh button and select this ALB SG
00:15:20
here then we need to select the target
00:15:22
group so we have not created any Target
00:15:24
group so click on the create Target
00:15:27
group
00:15:29
Target type will be instances so let me
00:15:32
give it name as a
00:15:35
ALB
00:15:37
PG and protocol Port will be
00:15:41
0 IP address type will be ipv4 VPC will
00:15:45
be YT demo
00:15:47
VPC protocol version will be http1 and
00:15:50
let's keep other option as a default one
00:15:53
click on the
00:15:54
next here select all the instances that
00:15:57
we have created just now
00:15:59
and port for the selected instance will
00:16:01
be 0 okay so click on the include as a
00:16:04
vending below and click on the create
00:16:07
Target
00:16:09
group okay so our Target group is
00:16:12
created so let's go back into the ALB
00:16:14
configuration and click on this refresh
00:16:17
button here select the target
00:16:21
group Next you can see the all the
00:16:23
summary for your configuration so this
00:16:26
is the internet facing application load
00:16:28
balance
00:16:29
IP V4 type then Security Group will be
00:16:32
this one then this is the network
00:16:34
mapping so this will be in the VPC that
00:16:36
we have created and it will be available
00:16:38
in the 2 a that is from the public
00:16:41
subnet okay and it will be listening
00:16:44
traffic on the port 0 Let's click on the
00:16:47
create load
00:16:51
balancer click on The View load
00:16:54
balancer Now application load balancer
00:16:57
is in the provisioning state so till the
00:16:59
time what we will do we will change the
00:17:00
security group of our E2 instances so
00:17:03
let's click on the security group
00:17:08
here and this is the security group of
00:17:10
our ec2 instance okay so if you want to
00:17:13
see what is the security group of your
00:17:16
instance what you can do you can go here
00:17:18
and click on the security option here
00:17:21
and you can click from here as well okay
00:17:25
and here we will change the inbound rule
00:17:28
so let's delete this Rule and let's
00:17:30
click on the add rule so here we will uh
00:17:33
select the HTTP
00:17:36
traffic and here we will allow traffic
00:17:39
only from the ALB SG and click on the
00:17:43
save
00:17:44
rule okay so this is the same security
00:17:47
group we are using for the second E2
00:17:50
instance as well okay so let's
00:17:53
understand what I did just now so I have
00:17:55
added the route in the security group of
00:17:57
E2 instance to accept traffic only from
00:18:00
the application load balancer so when
00:18:02
user send request to the application
00:18:04
load balancer application load balancer
00:18:06
will forward that request to the ac2
00:18:08
instance and ac2 instance will listen
00:18:10
only traffic from the application load
00:18:12
balancer right so this is what
00:18:13
configuration we did
00:18:16
now SOB is still in the provisioning
00:18:19
state so let's wait for some
00:18:22
time okay so application load balancer
00:18:25
is in the active state so let's copy
00:18:27
this DNS name
00:18:29
here and let's call it from the
00:18:34
browser okay so we are getting response
00:18:36
from the ac2 instance so let me refresh
00:18:39
it again and here we are getting
00:18:41
response from the another ac2 instance
00:18:43
from the private submit okay and you can
00:18:46
see the IP address range so this is the
00:18:48
range we have given right so for the C2
00:18:51
instance IP address you can see first
00:18:54
two Oates are going to same and next two
00:18:57
Oates are going to change right so if
00:19:00
you see here first two Ops are going to
00:19:02
same Let me refresh it right and this
00:19:06
two Oates are going to change because we
00:19:08
have given the prefix as a 16 here okay
00:19:11
and if you give prefix as a 24 in that
00:19:14
case these first three Oates are going
00:19:16
to same and this last oate is going to
00:19:19
change okay so that's it for this
00:19:22
lecture we have successfully deployed
00:19:23
the application load balancer with the
00:19:26
instance in the private subnet
00:19:28
thanks for watching the
00:19:31
video
![Musda ORARI Jakarta & Pameran Radio - [Metro Pagi Primetime]](https://ruhnrawpgxrzdrgaohnf.supabase.co/storage/v1/object/public/images/video/UMukSIJBpvE/thumbnail.jpg)
