Skip to main content
HashnodeMy DevOps Automation Project

Command Palette

Search for a command to run...

Project : Create VPC with Public & Private Subnets

Updated
2 min read
Project : Create VPC with Public & Private Subnets
T
Tambadkar Rohit Yashwant

Learning DevOps Engineer passionate about cloud computing, containerization, and automation. Currently exploring Docker, AWS, and CI/CD pipelines to build scalable and efficient workflows. Documenting my learning journey in blog. stay tuned with me for learning.

Objective

Build a secure AWS network where:

  • Public subnet → Internet-facing (web servers)

  • Private subnet → Internal resources (DB/app servers)

Step 1 : Create VPC

  • Go to AWS Console → Amazon VPC

    • Name: My-VPC

    • CIDR block: 10.0.0.0/16

Step 2 : Create Subnets

🔹 Public Subnet

  • Name: Public-Subnet

  • CIDR: 10.0.1.0/24

  • Enable Auto-assign Public IP

🔹 Private Subnet

  • Name: Private-Subnet

  • CIDR: 10.0.2.0/24

👉 Public = internet access
👉 Private = secure backend

Step 3: Create Internet Gateway (IGW)

  • Create IGW → Name: My-IGW

  • Attach to VPC

👉 IGW allows internet access for public subnet

Step 4 : Create Route Table for Public Subnet

  • Create route table: Public-RT

  • Add route :

0.0.0.0/0 → Internet Gateway
  • Associate with Public Subnet

Step 5: Create NAT Gateway (Important 🔥)

Go to VPC → NAT Gateway

  • Place it in Public Subnet

  • Allocate Elastic IP

👉 Why?

  • Private subnet cannot access internet directly

  • NAT allows outbound internet only

Step 6: Create Private Route Table

  • Name: Private-RT

  • Add route:

    0.0.0.0/0 → NAT Gateway

  • Associate with Private Subnet

Step 7: Launch EC2 Instances

Use Amazon EC2

🔹 Public EC2 (Web Server)

  • Subnet: Public

  • Enable public IP

  • Security Group:

    • Allow HTTP (80)

    • Allow SSH (22)

🔹 Private EC2 (Backend)

  • Subnet: Private

  • No public IP

  • SSH only from public EC2

Real-World Use Case

  • Public subnet → Load balancer / web server

  • Private subnet → App server + database

  • Secure architecture used in production

Conclusion

This project gives you a strong foundation in AWS networking using Amazon VPC—something every DevOps engineer is expected to understand.

By building this architecture, you’ve learned how to:

  • Design a secure, isolated network (VPC)

  • Separate workloads using public and private subnets

  • Enable internet access with Internet Gateway (public) and controlled outbound access using NAT Gateway (private)

  • Configure route tables to manage traffic flow

  • Implement a bastion host pattern using Amazon EC2

  • Follow real-world cloud security practices

Comments

Join the discussion

No comments yet. Be the first to comment.

More from this blog

My DevOps Automation Project

7 posts