Pro Project Help | Best Project Help and Support | Design and deploy virtual private clouds

The students will deploy 6 EC2 instances in the different VPCs in the same region. The instances will be attached to public and private subnets. The instances will have different ingress and egress requirements: instances that should be accessed from the internet will be attached to the public subnets (ingress from internet). Instances that need access to the internet but should not be accessed from the internet (internet egress only) will be deployed into private subnet.

To enable EC2 instances in the private subnets access to the internet, NAT gateways will be deployed in each VPC.

Student will configure VPC internal routers via route tables definition based on the requirements of each of the subnets.

Student should configure VPC Peering between VPC-A and VPC-B and verify connectivity between instances in peered VPCs.

The topology should be built out using python boto3 or AWS Management Console.

Assignment Details and Expected Outcomes

In this assignment, the student is to perform the tasks below:

Deploy three EC2 instances in VPC-A and VPC-B using python script and boto3 library or AWS Management Console. The instances should be deployed into different subnets as specified in Figure 1 below.

All the instances should have httpd webserver installed. The servers should display student’s name and the hostname of the EC2. Details of expected submission artifacts are in the Appendix.

Network connectivity specifications should be implemented and verified based on Tables 1-5 below.

Security Groups, Route Tables and Subnets should be configured to achieve the desired connectivity while only allowing the required connectivity.

VPC Peering

Figure 1 VPC-A and VPC-B Topology

Table 1: VPC-A CIDR and subnets

Network Component	CIDR
VPC-A	10.0.0.0/16
subnet-public-1	10.0.1.0/24
subnet-public-2	10.0.2.0/24
subnet-private-3	10.0.3.0/24

Table 2: VPC-B CIDR and subnets

Network Component	CIDR
VPC-B	192.168.0.0/16
subnet-public-1	192.168.1.0/24
subnet-public-2	192.168.2.0/24
subnet-private-3	192.168.3.0/24

Network Connectivity Requirements

The highlights of the connectivity requirements are outlined below. Please refer to Tables 3,4 for more details.

The web servers web-01 and web-02 should have SSH and HTTP from the internet

The web servers web-01 and web-02 should have SSH and HTTP access to the web-03 in their corresponding VPCs.

The web-03 have access to the Internet via their NAT gateways.

No one can access the web-03 if the connection is initiated from the Internet.

web-01 in VPC-A should be able to send HTTP request to web-03 in VPC-B via VPC Peering using curl command

Table 3: Connectivity requirements for instances in their respective VPCs.

Connectivity	From Internet	To Internet	Web-01	Web-02	Web-03
Web-01	SSH from your laptop, HTTP from anywhere	Any Access	X	X	SSH, HTTP
Web-02	SSH from your laptop, HTTP from anywhere	Any Access	X	X	SSH, HTTP
Web-03	X	Any Access via NAT Gateway	X	X	X

Table 4: Connectivity requirements via VPC peering

VPC-A	Web-01 in VPC-B	Web-02 in VPC-B	Web-03 in VPC-B
Web-01	X	X	HTTP
Web-02	X	X	X
Web-03	X	X	X

Explain

What is the reason NAT GW is created in the public subnet? What will happen if we create it in the private subnet?

Why cannot web-03 instance be reached from the internet?

Why should VPCs connected via VPC peering have non-overlapping CIDR ranges? What will happen if their ranges overlap?

Submission Requirements

Your submission should include:

Python script named create_vpcs.py (optional, in case you implemented the assignment with python)

Word document with the

Screenshots of AWS Management console featuring:

VPCs

Subnets

security groups

route tables

connectivity verifications

Answers to the “Explain” questions

Please see Appendix for the example of a submission section

Important Note: the screenshots in the report should be clearly labeled with captions and attributed to the section/functionality that is being demonstrated

Assignment Grade Breakdown

Task	Task Description	Points
1. Create VPC, subnets, IGW, NAT GW	Create VPCs and subnets with the correct CIDR ranges Create IGW and attach it to the respective VPCs Create NAT GW in the correct subnet	10
2. Rote Tables	Ensure that the route tables are correctly configured to define the private and public subnets	5
3.Deploy EC2 instances hosting static websites and demonstrate the required connectivity inside respective VPCs.	Connectivity to web-01, VPC-A Connectivity to web-02, VPC-A	10
	Connectivity to web-03, VPC-A	10
	Connectivity to web-01, VPC-B Connectivity to web-02, VPC-B	10
	Connectivity to web-03, VPC-B	10
4.Create peering connection and demonstrate that web-01 in VPC-A can connect to web-03 in VPC-B	Web-01 in VPC-A should be able to send HTTP request to web-03 in VPC-A Update route tables and security groups to allow the traffic flow.	15
5.Explain	What is the reason NAT GW is created in the public subnet? What will happen if we create it in the private subnet	5
	Why cannot web-03 instance be reached out from the internet?	5
	Why should VPCs connected via VPC peering have non-overlapping CIDR ranges? What will happen if their ranges overlap?	10
6.Cleanup	Demonstrate that all the EC2 instances are deleted and the EC2 console does not have any running instances. Demonstrate that there is only default VPC left, and VPC-A and VPC-B have been deleted along with other components you created	10
	Total:	100

Important Notes:

Cleanup of all the deployed infrastructure is crucial to ensure the AWS Academy budget will last until the end of the course.

Suggested Implementation Steps

Create VPCs, subnets, Internet and NAT gateways, and route tables. All the subnets should be in the same Availability zone.

Create security groups for web-01, web-02 and web-03 and open the inbound traffic based on the specification.

Create web-01, web-02 and web-03 instances in VPC-A and VPC-B, verify the connectivity based on the specification. Make sure to bootstrap (User Data) these VMs so they show their hostname (which includes the IPv4 private address) and your name in their landing web page.

Create peering connection between VPC-A and VPC-B. Update route tables and security groups. Verify connectivity between web-01 in VPC-A and web-03 in VPC-B by sending HTTP request from web-01 in VPC-A to web-03 in VPC-B

Cleanup the infrastructure you created

Appendix – Artifacts to be included into the report

1. Create VPC, subnets, IGW, NAT GW (the screenshots below are an example and demonstrate a subset of required functionality)

Figure 2 VPC-A CIDR and configuration

Figure 3 VPC-A subnets

Figure 3 public-subnet-2 routes in VPC-A

Figure 4 private-subnet-3 routes

2. Create security groups for web-01, web-02 and web-03 and open the inbound traffic based on the specification. (Example shows SG for web-01 in VPC-A only)

Figure 5 Security for web-01

Figure 6 Security group for web-03

Create web-01, web-02 and web-03 instances in VPC-A, verify the connectivity based on the specification (below screenshots are samples and the list is incomplete)

Connectivity to web-01 from the laptop

Figure 7 Verified that I can SSH and send HTTP request to web-01 in VPC-A from my laptop

Connectivity to web-03 from web-01

Figure 8 Connecting to web-03 from web-01 using SSH and sending HTTP request

Note: use the command below to copy private ssh key from your laptop to web-01

scp -i assignment3.pem assignment3.pem [email protected]:/tmp

Cleanup

Cleanup task completed – there are no instances and only a default VPC

Design and deploy virtual private clouds

Table of Contents