How can I use the AWS subnets for the separation of public and private Resources in a multi-tier architecture?
I am currently designing a multi-tier architecture in AWS for a particular web-based application. I have a public-facing web server that needs to be accessible from the internet. I also have a private database tier which should not be directly accessible from the internet. How can I use the AWS subnets to achieve this separation of public and private resources?
In the context of AWS, here is how you can use the AWS subnets to achieve the separation between public and private Resources in a multi-tier architecture:-
Using subnets for public and private Resources
Public subnet
You can create a public subnet for the web-based server tier. You should associate this subnet with a particular route table which has a route to an internet gateway which would help in allowing outbound Internet access for the web server.
Private subnets
You can create a private subnet for the database tier. Do not try to associate these subnets with a route to the IGW, ensuring that it should remain isolated from Direct internet access.
Here is an example given of how you can create a subnet and associates the resource by using the AWS CLI:-
# Create VPC
Aws ec2 create-vpc –cidr-block 10.0.0.0/16
# Create public subnet
Aws ec2 create-subnet –vpc-id your_vpc_id –cidr-block 10.0.1.0/24 –availability-zone us-east-1a
# Create private subnet
Aws ec2 create-subnet –vpc-id your_vpc_id –cidr-block 10.0.2.0/24 –availability-zone us-east-1b
# Create Internet Gateway
Aws ec2 create-internet-gateway
# Attach Internet Gateway to VPC
Aws ec2 attach-internet-gateway –vpc-id your_vpc_id –internet-gateway-id your_igw_id
# Create Route Table for public subnet
Aws ec2 create-route-table –vpc-id your_vpc_id
Aws ec2 create-route –route-table-id your_route_table_id –destination-cidr-block 0.0.0.0/0 –gateway-id your_Igw_id
# Associate Route Table with public subnet
Aws ec2 associate-route-table –subnet-id your_public_subnet_id –route-table-id your_route_table_id
Here is the example given in python programming language:-
Import boto3
# Initialize Boto3 client for EC2
Ec2_client = boto3.client(‘ec2’)
# Create VPC
Vpc_response = ec2_client.create_vpc(CidrBlock=’10.0.0.0/16’)
Vpc_id = vpc_response[‘Vpc’][‘VpcId’]
# Create public subnet
Public_subnet_response = ec2_client.create_subnet(
VpcId=vpc_id,
CidrBlock=’10.0.1.0/24’,
AvailabilityZone=’us-east-1a’
)
Public_subnet_id = public_subnet_response[‘Subnet’][‘SubnetId’]
# Create private subnet
Private_subnet_response = ec2_client.create_subnet(
VpcId=vpc_id,
CidrBlock=’10.0.2.0/24’,
AvailabilityZone=’us-east-1b’
)
Private_subnet_id = private_subnet_response[‘Subnet’][‘SubnetId’]
# Create Internet Gateway
Igw_response = ec2_client.create_internet_gateway()
Igw_id = igw_response[‘InternetGateway’][‘InternetGatewayId’]
# Attach Internet Gateway to VPC
Ec2_client.attach_internet_gateway(VpcId=vpc_id, InternetGatewayId=igw_id)
# Create Route Table for public subnet
Route_table_response = ec2_client.create_route_table(VpcId=vpc_id)
Route_table_id = route_table_response[‘RouteTable’][‘RouteTableId’]
# Create route to Internet Gateway
Ec2_client.create_route(
RouteTableId=route_table_id,
DestinationCidrBlock=’0.0.0.0/0’,
GatewayId=igw_id
)
# Associate Route Table with public subnet
Ec2_client.associate_route_table(
SubnetId=public_subnet_id,
RouteTableId=route_table_id
)
Print(“Subnets and associated resources created successfully.”)