AWScloud~30 mins

Why VPC provides network isolation in AWS - See It in Action

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Why VPC Provides Network Isolation

📖 Scenario: You are setting up a cloud environment for a small company. You want to keep their network safe and separate from other users in the cloud.

🎯 Goal: Build a simple Virtual Private Cloud (VPC) configuration that shows how network isolation is created using subnets and security groups.

📋 What You'll Learn

Create a VPC with a specific CIDR block

Add two subnets inside the VPC

Create a security group that allows only specific traffic

Associate the security group with an instance inside the VPC

💡 Why This Matters

🌍 Real World

Companies use VPCs to keep their cloud resources private and secure, separating them from other users and controlling network traffic.

💼 Career

Understanding VPCs and network isolation is essential for cloud architects and engineers to design secure cloud environments.

Progress0 / 4 steps

Create a VPC with CIDR block

Create a VPC named MyVPC with the CIDR block 10.0.0.0/16.

AWS

# Create a VPC named MyVPC with CIDR block 10.0.0.0/16
# Your code here

Need a hint?

Use the aws_vpc resource and set cidr_block to 10.0.0.0/16.

Add two subnets inside the VPC

Add two subnets named SubnetA and SubnetB inside MyVPC with CIDR blocks 10.0.1.0/24 and 10.0.2.0/24 respectively.

AWS

resource "aws_vpc" "MyVPC" {
  cidr_block = "10.0.0.0/16"
  tags = {
    Name = "MyVPC"
  }
}

# Add two subnets SubnetA and SubnetB inside MyVPC
# Your code here

Need a hint?

Use aws_subnet resources and link them to MyVPC using vpc_id.

Create a security group to allow specific traffic

Create a security group named MySG inside MyVPC that allows inbound TCP traffic on port 22 (SSH) from anywhere.

AWS

resource "aws_vpc" "MyVPC" {
  cidr_block = "10.0.0.0/16"
  tags = {
    Name = "MyVPC"
  }
}

resource "aws_subnet" "SubnetA" {
  vpc_id     = aws_vpc.MyVPC.id
  cidr_block = "10.0.1.0/24"
  tags = {
    Name = "SubnetA"
  }
}

resource "aws_subnet" "SubnetB" {
  vpc_id     = aws_vpc.MyVPC.id
  cidr_block = "10.0.2.0/24"
  tags = {
    Name = "SubnetB"
  }
}

# Create a security group MySG inside MyVPC allowing inbound TCP port 22 from 0.0.0.0/0
# Your code here

Need a hint?

Use aws_security_group with ingress rules for port 22 TCP.

Associate the security group with an instance inside the VPC

Create an EC2 instance named MyInstance in SubnetA and associate it with the security group MySG.

AWS

resource "aws_vpc" "MyVPC" {
  cidr_block = "10.0.0.0/16"
  tags = {
    Name = "MyVPC"
  }
}

resource "aws_subnet" "SubnetA" {
  vpc_id     = aws_vpc.MyVPC.id
  cidr_block = "10.0.1.0/24"
  tags = {
    Name = "SubnetA"
  }
}

resource "aws_subnet" "SubnetB" {
  vpc_id     = aws_vpc.MyVPC.id
  cidr_block = "10.0.2.0/24"
  tags = {
    Name = "SubnetB"
  }
}

resource "aws_security_group" "MySG" {
  name        = "MySG"
  description = "Allow SSH inbound"
  vpc_id      = aws_vpc.MyVPC.id

  ingress {
    description      = "SSH from anywhere"
    from_port        = 22
    to_port          = 22
    protocol         = "tcp"
    cidr_blocks      = ["0.0.0.0/0"]
  }

  egress {
    from_port        = 0
    to_port          = 0
    protocol         = "-1"
    cidr_blocks      = ["0.0.0.0/0"]
  }

  tags = {
    Name = "MySG"
  }
}

# Create an EC2 instance MyInstance in SubnetA with security group MySG
# Your code here

Need a hint?

Use aws_instance resource with subnet_id and vpc_security_group_ids set correctly.