Payne Enterprises

Setting Up a Subnet in AWS: Comprehensive Guide to Security Groups and Network ACLs

Blog Home Posted by on 5.7.26 in Uncategorized

Introduction

As cloud computing continues to reshape the tech landscape, Amazon Web Services (AWS) has become a go-to platform for developers and organizations alike to host their infrastructure. Among its many features, AWS allows for intricate networking configurations, enabling users to securely and efficiently manage their resources. In this tutorial, we will walk through the step-by-step process of setting up a subnet, along with the configuration of security groups and Network Access Control Lists (ACLs). We’ll break it down so that even if you’re new to AWS, you can follow along easily.

1. Understanding Subnets

A subnet (short for subnetworks) is a segmented piece of a larger network. Within AWS, subnets exist inside a Virtual Private Cloud (VPC), which acts as a logically isolated area where you can launch AWS resources. The major advantages of using subnets include:

  • Improved security: By isolating resources, you can limit access and create a controlled environment.
  • Enhanced performance: Subnetting helps in optimizing network traffic by localizing it.

2. Creating a VPC

Before setting up a subnet, you first need a VPC. Here’s how to create one:

  1. Log in to the AWS Management Console.
  2. Navigate to the VPC dashboard by selecting “VPC” from the menu services.
  3. Click on “Create VPC.”
  4. Enter a name for your VPC and specify a CIDR block (Classless Inter-Domain Routing). For example, 10.0.0.0/16 allows for 65,536 IP addresses.
  5. Select the option for “Default VPC” if prompted, or continue without this option.
  6. Click “Create,” and your VPC is now set up!

3. Creating a Subnet

Now that you have a VPC, follow these steps to create a subnet within it:

  1. In the VPC dashboard, select “Subnets.”
  2. Click on “Create subnet.”
  3. Choose the VPC you just created from the dropdown menu.
  4. Name your subnet and specify a CIDR block. For example, 10.0.1.0/24 allows for up to 256 IPs, which is ideal for a subnet.
  5. Select the availability zone where you want to place this subnet for high availability.
  6. Click “Create subnet.”

4. Configuring Security Groups

Security Groups (SGs) act as a virtual firewall for your resources in a VPC. They control inbound and outbound traffic. Here’s how to configure SGs:

  1. Select “Security Groups” from the VPC dashboard on the left side.
  2. Click on “Create security group.”
  3. Give your security group a name and description.
  4. Select your VPC from earlier.
  5. Under inbound rules, define the types of traffic allowed. For example, to allow HTTP traffic, you could set: 
    {
  "Type": "HTTP",
  "Protocol": "TCP",
  "Port Range": "80",
  "Source": "0.0.0.0/0"
}
  6. For outbound rules, if unrestricted access is needed, select “All traffic” with 0.0.0.0/0 as the destination.
  7. Click “Create security group.”

5. Setting Up Network ACLs

Network ACLs (NACLs) function as an additional layer of security, providing a way to control traffic at the subnet level.

  1. In the VPC dashboard, select “Network ACLs.”
  2. Click on “Create network ACL.”
  3. Provide a name and choose your VPC.
  4. Click “Create.”
  5. Once created, select your new NACL and click on “Inbound Rules.” Add rules to allow or deny traffic based on specific criteria (similar to SGs). For example, to allow SSH access, 
    {
  "Rule Number": 100,
  "Type": "SSH",
  "Protocol": "TCP",
  "Port Range": "22",
  "Source": "0.0.0.0/0",
  "Allow/Deny": "ALLOW"
}
  6. Repeat the process for outbound traffic by going to the “Outbound Rules” tab.

6. Associating Security Groups and NACLs with Subnet

Associating your security group and network ACL with your recently created subnet is essential for securing your resources.

  1. Navigate back to the “Subnets” section in the VPC dashboard.
  2. Select your subnet and click on the “Actions” dropdown.
  3. Select “Modify auto-assign IP settings,” and enable public access if necessary.
  4. Choose the Security Group under the security group drop-down.
  5. Ensure your NACL is associated with the subnet; it should be visible in the subnet details.

7. Launching an Instance in the Subnet

Now that your subnet is set up with the necessary security configurations, it’s time to launch an EC2 instance.

  1. Go to the EC2 dashboard.
  2. Click “Launch Instance.”
  3. Follow the prompts to choose an AMI (Amazon Machine Image) and instance type.
  4. Under the “Configure Instance” section, select your VPC and subnet.
  5. Choose the security group you configured earlier.
  6. Review and launch your instance.

Conclusion

Congratulations! You’ve now successfully created a subnet in AWS, along with configuring essential security groups and NACLs. By implementing these features diligently, you enhance the security, performance, and reliability of your cloud infrastructure. As you continue building your AWS environment, keep exploring and leveraging additional networking tools available through AWS.