Note: Please go to docs.rightscale.com to access the current RightScale documentation set. Also, feel free to Chat with us!
Home > Guides > Dashboard Users Guide > Clouds > AWS Regions > VPCs > Amazon VPC Setup Guide

Amazon VPC Setup Guide

WARNING!

Due to RightScale Legacy Platform deprecation, this section covering Amazon Web Services Virtual Private Clouds (VPC) is no longer valid. Please see the Network Manager section for current information on creating and managing AWS VPCs.


Use this guide to setup Amazon Virtual Private Clouds (VPCs) to work with RightScale and configure load balancers, databases, and application servers. You can setup VPCs using the AWS console or the RightScale dashboard. If you setup VPCs using the AWS console, you can still see and manage them with the RightScale dashboard. 

 

Table of Contents

Create a VPC

  1. Go to Clouds > Your AWS Region > VPCs > New VPC

screen-CreateNewVPC.png

  1. Fill out the information for your VPC.
    • Name:  Name your Virtual Private Cloud.
    • CIDR Block: The VPC's CIDR Block. (for example, 10.0.3.0/24)
    • Description: A description about the VPC.
  2. ​Click Create to save your settings. 

Create and Attach a VPC Internet Gateway

The Internet gateway is an object that allows for the instances in a VPC to be publicly exposed. It facilitates traffic between the Internet and your VPC instances through route tables.

  1. Go to Clouds > AWS Region > VPC Internet Gateways > New. A new VPC Internet Gateway will be created. You can change the name of your VPC Internet Gateway before attaching it to a VPC.

 

screen-IGWAttach.png

 

  1. Click Attach.
  2. Select your VPC.

 

screen-VPC2IGWAttach.png

 

  1. Click Attach.

Create VPC Subnets

The following examples create three public subnets (each in a different Availability Zone) and three private subnets (each in a different Availability Zone).  Creating subnets in different Availabiity Zones is a best practice for achieving high availability. 

Create Public Subnets

  1. Go to your VPC (Clouds > AWS Region > VPCs > your VPC)
  2. Click the Subnets tab. 

  3. Click new

  4. Configure the VPC:

    1. Enter a name (for example, 'public-a').

    2. Enter the CIDR IP (for example, 10.0.0.0/24).

    3. Select Availability Zone  (for example, us-east-1a).

    4. Enter a description (optional).

    5. Click save.

  5. Click new.

  6. Configure the VPC:

    1. Enter a name (for example, 'public-b').

    2. Enter the CIDR IP (for example, 10.0.1.0/24).

    3. Select Availability Zone  (for example, us-east-1c).

    4. Enter a description (optional).

    5. Click save.

  7. Click new.

  8. Configure the VPC:.  

    1. Enter a name (for example, 'public-d')
    2. Enter the CIDR IP (for example, 10.0.2.0/24)

    3. Select Availability Zone  (for example, us-east-1d)

    4. Enter a description (optional)

    5. Click save.

Create Private Subnets

  1. On the Subnets tab of your VPC, click new.

  2. Configure the VPC:

    1. Enter a name (for example, 'private-a').

    2. Enter the CIDR IP (for example, 10.0.3.0/24).

    3. Select Availability Zone (for example, us-east-1a).

    4. Enter a description (optional).

  3. Click save.

  4. Click new.

  5. Configure the VPC:

    1. Enter a name (for example, 'public-b').

    2. Enter the CIDR IP (for example, 10.0.4.0/24).

    3. Select Availability Zone  (for example, us-east-1c).

    4. Enter a description (optional).

    5. Click save.

    6. Click new.

  6. Configure the VPC:.  

    1. Enter a name (for example, 'public-d')
    2. Enter the CIDR IP (for example, 10.0.5.0/24)

    3. Select Availability Zone  (for example, us-east-1d)

    4. Enter a description (optional)

    5. Click save.

 

Your VPC subnets are now setup and you can view and edit them on the VPC Subnets tab.

 

screen-Create_VPC_subnets.png

 

 

 

 

 

 

 

 

 

 

​Create Security Groups for the NAT Host

The NAT Host (see the following section) needs security groups that are configured so that servers in a private VPC subnets can communicate outside of the VPC. 

  1. Go to Clouds > AWS Region of your VPC > Ec2 Security Groups
  2. Click New.
    1. Enter the name (for example, 'NatHost') and a description (optional). 
    2. Select VPC as the Scope and select your VPC.

    3. Leave permissions as default (all unselected).

    4. Click Create.

  3. Update security group NAT Host permissions by creating a new rule with the following settings: 

  •  ingress 
  •  all (protocols)
  • IPs: 10.0.0.0/16 (allowing all private network traffic to use the nat host to reach the internet)
     

 

screen-Create_security_group_for_NAT_Host.png
 

Create and Launch the VPC NAT Host

The NAT Host allows servers in private VPC subnets to communicate outside of the VPC, which is necessary for private servers to reach RightScale servers in order to complete the booting process and to provide admin access. Applications that make API calls to remote services also need internet access.  This server can also be used as a jump/bastion host to gain access to your private servers.  

  1. Go to the MultiCloud Marketplace (Design > MultiCloud Marketplace) and Import AWS VPC NAT ServerTemplate  into your account. You can also import using this link: https://my.rightscale.com/library/server_templates/AWS-VPC-NAT-ServerTemplate-13-/lineage/19490.

  2. Add the server to your deployment. (See Add a Server to a Deployment)

  3. On the Server Details page, change the following settings

    1. Edit the Server Name.

    2. Under VPC Subnet, select one of the public VPC subnets.

    3. Check the NAT Enabled box

    4. Select the security group that you created earlier (For example, 'NatHost').

    5. Attach an Elastic IP.

  4. Confirm and launch server.
     

 

screen-CreateandLaunchVPC_NAT_Host.png
 

Create Route Tables for VPC Subnets

A default route table is created whenever you create a VPC and automatically becomes the Main route table. In this setup example, you can designate this route table as the route table for the public VPC subnets. Because you are also using private VPC subnets, you also need to create a private route table. After creating the appropriate route tables, you can then set up routing for your subnets. 

  1. Go to your VPC (Clouds > AWS Region > VPCs > your VPC). 

  2. Click on Route Tables.  The default route table is already in the list of route tables with all of the subnets associated to it.  

  3. Change the name of the existing route table by clicking -changeme- and changing the name to Public. 

  4. Click New to create the route table.   Change the Name to Private

  5. Associate each private subnet to the private route table.

    1. In the Route Table list, click the first subnet you created (for example, private-a) in the Associations column.

    2. Click Associate Route Table and select Private from the VPC Route Tables list

    3. Repeat steps b and c for each private VPC subnet.

  6. Make the private route table the main route
    1. Click on the private route table. 
    2. Click Make Main.
  7. Set up routing for each subnet.  The public route table uses the Internet gateway that you set up previously.  The private subnet routes to the NAT/Bastion host that you configured previously.

    1. In the Route Table list, click on the Public VPC Route Table.

    2. Click the Route Set tab.

    3. Under New Route, change the CIDR IP to 0.0.0.0/0 (any ip address) and add the internet gateway you created previously.

    4. In the Route Table list, click on the Private VPC Route Table.
    5. Click the Route Set tab.

    6. In the New Route Area change the CIDR IP to 0.0.0.0/0 (any IP address) and add the VPC NAT server that you created previously. 
       

The following screen shows the completed Route Tables. 

 

screen-reate_route_tables_for_vpc_subnets.png

 

After you complete the setup and configuration of your VPC and get your NAT Host running, you can start building your deployment. Be sure to pick the correct subnets for each server that you add; load balancers or any server that is reached from the internet must be in one of the public subnets and have an Elastic IP associated to it while servers in the private subnets do not use Elastic IPs.

 

VPC Troubleshooting

If you have problems when setting up VPCs, check to see if you are experiencing one of the following issues:

 

  • Servers are stuck in the ‘booting’ state for a long time (20 minutes or more).
    • Your application, database, and other servers should be in your private subnets.
    • Make sure that the server is in the correct subnet. Servers in the public subnet need an EIP and the public subnet needs an Internet gateway.
    • Make sure that the NAT host is running and that it can connect to the Internet.  
    • Check the private network route tables and route sets.  
    • Make sure the CIDR IP for the Private Route Set is 0.0.0.0/0 (and not 0.0.0.0/32)
    • Check that the VPC NAT host is associated to the private route table.
  • Servers in the public network do not boot.
    • Make sure the public route table has the Internet gateway set up

    • Make sure the servers have EIP’s attached.

    • Make sure the CIDR IP for the Public Route Set is 0.0.0.0/0 (and not 0.0.0.0/32)

  • Route Set has blackhole for the gateway.
    • This is caused by the VPC Nat Host being terminated or removed.  To correct this issue, update the Route Set to point to the new VPC Server.

You must to post a comment.
Last modified
14:43, 31 Oct 2014

Tags

Classifications

This page has no classifications.

Announcements

None


© 2006-2014 RightScale, Inc. All rights reserved.
RightScale is a registered trademark of RightScale, Inc. All other products and services may be trademarks or servicemarks of their respective owners.