In the previous blog, I had created a VPC and internet gateway and attached the internet gateway to the VPC. I will add a public and private subnet in one availability zone in this post.
Some definitions:
Subnets
A subnet is a range of IP addresses in your VPC. You can launch AWS resources into a specified subnet.
Public subnet
A public subnet contains resources that will be connected from and to the internet—for example, load balancers, web servers, etc.
Private subnet
A private subnet contains resources that will not be accessed directly from the internet—for example, application servers, databases, etc.
It is critical to place your resources in the appropriate subnet. Placing resources with sensitive code or information in a public subnet would open them up to compromise by bad actors, of which there are many on the internet 😊.
The code is below:
AWSTemplateFormatVersion: '2010-09-09' # ## The Description section (optional) enables you to include comments about your template. # Description: Create VPC, an internet gateway, and attach the internet gateway to the VPC # ## Parameters section to customize your templates # Parameters: VPCName: Description: Name of the VPC Type: String Default: "MyVPC" MinLength: '1' MaxLength: '30' AllowedPattern: '^[a-zA-Z]+[0-9a-zA-Z\-]*$' ConstraintDescription: Must contain alphabets and/or numbers. VpcCIDR: Description: Please enter the IP range (CIDR notation) for this VPC Type: String Default: 10.0.0.0/16 MinLength: '10' MaxLength: '18' AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})" ConstraintDescription: Must be a valid CIDR range of the form x.x.x.x/x. PublicSubnet1CIDR: Description: Please enter the IP range (CIDR notation) for the public subnet in the first Availability Zone Type: String Default: 10.0.1.0/24 MinLength: '10' MaxLength: '18' AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})" ConstraintDescription: Must be a valid CIDR range of the form x.x.x.x/x. PrivateSubnet1CIDR: Description: Please enter the IP range (CIDR notation) for the private subnet in the first Availability Zone Type: String Default: 10.0.3.0/24 MinLength: '10' MaxLength: '18' AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})" ConstraintDescription: Must be a valid CIDR range of the form x.x.x.x/x. # ## Resources created by the stack # Resources: # ## Create the VPC ## ## Uses the intrinsic function Ref to get the value of the VPC Name ## from parameters above # VPC: Type: AWS::EC2::VPC Properties: CidrBlock: !Ref VpcCIDR EnableDnsSupport: true EnableDnsHostnames: true Tags: - Key: Name Value: !Ref VPCName # ## Create the IGW # InternetGateway: Type: AWS::EC2::InternetGateway Properties: Tags: - Key: Name Value: !Ref VPCName # ## Connect the IGW to the VPC # InternetGatewayAttachment: Type: AWS::EC2::VPCGatewayAttachment Properties: InternetGatewayId: !Ref InternetGateway VpcId: !Ref VPC # ## Create a public subnet ## ## The VpcId is obtained by referring back to the VPC created above ## ## The CIDR block is from the parameters ## ## The Availability Zone is obtained by querying the available availability ## zones in this region and returning the first (offset 0) entry ## ## The MapPublicIpOnLaunch is set to true indicating that instances launched ## in this subnet receive a public IPv4 address # PublicSubnet1: Type: AWS::EC2::Subnet Properties: VpcId: !Ref VPC AvailabilityZone: !Select [ 0, !GetAZs '' ] CidrBlock: !Ref PublicSubnet1CIDR MapPublicIpOnLaunch: true Tags: - Key: Name Value: !Sub ${VPCName} Public Subnet (AZ1) # ## Create a private subnet ## ## The MapPublicIpOnLaunch is set to false, indicating that instances launched ## in this subnet will not receive a public IPv4 address # PrivateSubnet1: Type: AWS::EC2::Subnet Properties: VpcId: !Ref VPC AvailabilityZone: !Select [ 0, !GetAZs '' ] CidrBlock: !Ref PrivateSubnet1CIDR MapPublicIpOnLaunch: false Tags: - Key: Name Value: !Sub ${VPCName} Private Subnet (AZ1) # ## Resources created by the stack ## ## Uses the intrinsic function Sub to get the stack name ## from parameters above and substitute it into the name of ## the internet gateway # Outputs: VPC: Description: Name of the VPC Value: !Ref VPC Export: Name: !Sub '${AWS::StackName}' InternetGateway: Description: Internet Gateway Value: !Ref InternetGateway Export: Name: !Sub '${AWS::StackName}-InternetGateway' PublicSubnet1: Description: AZ1 - public subnet Value: !Ref PublicSubnet1 Export: Name: !Sub '${AWS::StackName}-PublicSubnet1' PrivateSubnet1: Description: AZ1 - private subnet 01 Value: !Ref PrivateSubnet1 Export: Name: !Sub '${AWS::StackName}-PrivateSubnet1'