<p>A great way to test practical understanding of VPC</p>
<ul>
<li>Create VPC for large block: 10.0.0.0/16</li>
<li>Create private subnet 10.0.2.0/24</li>
<li>public subnets 10.0.1.0/24 . Autoassign public IP after create</li>
<li>Create igw in the public subnet. Associate after create</li>
<li>Create new route table for public subnet (keep default private) <ul>
<li>Edit public route table to set destination 0.0.0.0/0 to igw</li></ul></li>
<li>Set up Nat GW or VPC S3 Endpoints to get updates on private subnet (nat gw is in public subnet)<ul>
<li>Or nat instance from community ami - disable source/destination checks on this instance, SG allow inbound from 10.0.2.0/24</li>
<li>edit default/private route table to route to ngw </li></ul></li>
<li>Create flow logs - need Role to write to CW logs</li>
<li>Create a web server in the public subnet w/ apache:</li>
</ul>
<pre><code>   #!/bin/bash
   yum update
   yum upgrade -y
   yum install httpd -y
   sudo yum install ec2-instance-connect -y
   cd /var/www/html
   echo "&lt;html&gt;&lt;h1&gt;Hello World&lt;/h1&gt;&lt;/html&gt;" &gt; index.html
   service httpd start
   chkconfig httpd on</code></pre>
<ul>
<li>Create a db server in the private subnet<ul>
<li>security group should allow comms from private subnet (10.0.1.0/24)</li></ul></li>
<li>Create bastion host<ul>
<li>Using ssh-add and ssh-agent:</li></ul></li>
</ul>
<pre><code>     ssh-add 
     ssh-add ~/.ssh/private-key.pem
     ssh-add -l or ssh-add -L
     ssh -A user@remotehost.com</code></pre>

Logical Enigma

VPC Exercise