Creating and managing a VPC

Virtual Private Cloud, or VPC, is technically not a part of EC2. However, this is usually the first step when getting started with EC2. VPC creates a virtual network which logically isolates our resources. This improves security and management since, logically, subnet and gateway are dedicated for our resources only. A common usage of VPC is to isolate public-facing services (like load balancers or instances running public services) and servers storing data (like databases) which do not require direct access from the wider internet.

Technically, a VPC has several moving parts, as depicted in the preceding image. Even a simple architecture would consist of the following components:

• The VPC itself, where we will allocate a high-level Classless InterDomain Routing (CIDR) block and choose a region.
• A public subnet, which will use a chunk of CIDR from the larger CIDR that we defined above.
• A private subnet, which will use a chunk of CIDR from the larger CIDR that we defined above.
• An Internet Gateway, which will be attached to the public subnet. This gateway will route the traffic to the public internet.
• A NAT Gateway, which will be attached to the private subnet. This gateway will provide Network Address Translation (NAT) services to outbound traffic for the private subnet.
• A route table attaching the Internet Gateway with the public subnet.
• A route table attaching the NAT Gateway with the private subnet.

Now that we have broken down the list of components that we need to build a VPC, let us start writing Ansible code for the same.