Security in AWS VPC: A Step-by-Step Guide Using AWS CLI

Amazon Web Services (AWS) offers robust tools for configuring and managing Virtual Private Clouds (VPCs). In this comprehensive guide, we will walk you through the process of setting up a highly secure VPC with layered security controls, using the AWS Command Line Interface (CLI). By the end of this tutorial, you will have created a VPC featuring both public and private subnets, configured security groups, and implemented Network Access Control Lists (NACLs) – all from the command line. Let’s embark on this journey to fortify your AWS VPC.

Lab Prerequisites:

  • An AWS account with the necessary permissions to create and manage VPC resources.
  • AWS CLI installed and configured with your AWS credentials.

Lab Steps:

Step 1: Signing in to the AWS Management Console Using the AWS CLI, you can set the default AWS Region to “US East (N. Virginia)” (us-east-1) by running the following command:

aws configure set region us-east-1

Step 2: Creating a New VPC You can create a new VPC using the AWS CLI with the following command:

aws ec2 create-vpc --cidr-block --no-ipv6-pool

Step 3: Creating and Attaching an Internet Gateway Create an internet gateway and attach it to the created VPC using the AWS CLI:

# Create an internet gateway
aws ec2 create-internet-gateway

# Attach it to the VPC
aws ec2 attach-internet-gateway --internet-gateway-id <internet-gateway-id> --vpc-id <vpc-id>

Step 4: Creating Two Subnets To create public and private subnets, you can use the AWS CLI as follows:

# Create a public subnet
aws ec2 create-subnet --vpc-id <vpc-id> --cidr-block

# Create a private subnet
aws ec2 create-subnet --vpc-id <vpc-id> --cidr-block

Step 5: Creating Route Tables, Configuring Routes, and Associating Them with Subnets You can create route tables, configure routes, and associate them with subnets using the AWS CLI:

# Create a public route table

aws ec2 create-route-table --vpc-id <vpc-id>

# Create a private route table
aws ec2 create-route-table --vpc-id <vpc-id>

# Configure routes for the public route table
aws ec2 create-route --route-table-id <public-route-table-id> --destination-cidr-block --gateway-id <internet-gateway-id>

# Associate the public subnet with the public route table
aws ec2 associate-route-table --subnet-id <public-subnet-id> --route-table-id <public-route-table-id>

# Associate the private subnet with the private route table
aws ec2 associate-route-table --subnet-id <private-subnet-id> --route-table-id <private-route-table-id>

Step 6: Creating a Security Group You can create a security group using the AWS CLI:

# Create a security group
aws ec2 create-security-group --group-name whizlabs_securitygroup --description "Security group for multilayered VPC" --vpc-id <vpc-id>

# Add inbound rules to the security group
aws ec2 authorize-security-group-ingress --group-id <security-group-id> --protocol tcp --port 22 --cidr
aws ec2 authorize-security-group-ingress --group-id <security-group-id> --protocol icmp --port -1 --cidr

Step 7: Creating and Configuring Network ACL You can create and configure NACLs using the AWS CLI:

# Create a network ACL
aws ec2 create-network-acl --vpc-id <vpc-id> --tag-specifications 'ResourceType=network-acl,Tags=[{Key=Name,Value=whizlabs_NACL}]'

# Configure inbound rules for the NACL
aws ec2 create-network-acl-entry --network-acl-id <nacl-id> --rule-number 100 --protocol tcp --rule-action allow --ingress --cidr-block --port-range From=22,To=22
aws ec2 create-network-acl-entry --network-acl-id <nacl-id> --rule-number 200 --protocol icmp --rule-action allow --ingress --cidr-block

# Configure outbound rules for the NACL
aws ec2 create-network-acl-entry --network-acl-id <nacl-id> --rule-number 100 --protocol icmp --rule-action allow --egress --cidr-block
aws ec2 create-network-acl-entry --network-acl-id <nacl-id> --rule-number 200 --protocol tcp --rule-action allow --egress --port-range From=1024,To=65535 --cidr-block

Step 8: Launching 2 EC2 Instances You can launch EC2 instances with the AWS CLI:

# Launch the public EC2 instance
aws ec2 run-instances --image-id

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top