1. Answers
  2. How To Deploy Private Subnets In An AWS VPC And An Instance In The Private Subnet In TypeScript

How to Deploy Private Subnets in an AWS VPC and an Instance in the Private Subnet in TypeScript

Introduction

In this guide, we will walk through the process of deploying private subnets within an AWS VPC and launching an EC2 instance within one of these private subnets using Pulumi in TypeScript. This setup is useful for creating secure environments where instances are not directly accessible from the internet.

Step-by-Step Explanation

Step 1: Create a VPC

First, we need to create a new VPC. This will be the network container for our subnets and instances.

Step 2: Create Private Subnets

Next, we will create private subnets within the VPC. These subnets will not have a direct route to the internet.

Step 3: Create a Security Group

We will create a security group to define the firewall rules for our EC2 instance.

Step 4: Launch an EC2 Instance

Finally, we will launch an EC2 instance within one of the private subnets.

Conclusion

By following these steps, you will have a VPC with private subnets and an EC2 instance deployed within one of these subnets. This setup ensures that your instance is not directly accessible from the internet, enhancing security.

Full Code Example

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

// Step 1: Create a VPC
const vpc = new aws.ec2.Vpc("my-vpc", {
    cidrBlock: "10.0.0.0/16",
    enableDnsHostnames: true,
    enableDnsSupport: true,
});

// Step 2: Create Private Subnets
const privateSubnet1 = new aws.ec2.Subnet("private-subnet-1", {
    vpcId: vpc.id,
    cidrBlock: "10.0.1.0/24",
    mapPublicIpOnLaunch: false,
});

const privateSubnet2 = new aws.ec2.Subnet("private-subnet-2", {
    vpcId: vpc.id,
    cidrBlock: "10.0.2.0/24",
    mapPublicIpOnLaunch: false,
});

// Step 3: Create a Security Group
const securityGroup = new aws.ec2.SecurityGroup("web-sg", {
    vpcId: vpc.id,
    description: "Allow inbound HTTP and SSH",
    ingress: [
        { protocol: "tcp", fromPort: 22, toPort: 22, cidrBlocks: ["0.0.0.0/0"] }, // SSH
        { protocol: "tcp", fromPort: 80, toPort: 80, cidrBlocks: ["0.0.0.0/0"] }, // HTTP
    ],
    egress: [
        { protocol: "-1", fromPort: 0, toPort: 0, cidrBlocks: ["0.0.0.0/0"] },
    ],
});

// Step 4: Launch an EC2 Instance
const ec2Instance = new aws.ec2.Instance("web-server", {
    instanceType: "t2.micro",
    ami: "ami-0c55b159cbfafe1f0", // Amazon Linux 2 AMI
    subnetId: privateSubnet1.id,
    vpcSecurityGroupIds: [securityGroup.id],
    associatePublicIpAddress: false,
    tags: {
        Name: "web-server",
    },
});

export const vpcId = vpc.id;
export const privateSubnet1Id = privateSubnet1.id;
export const privateSubnet2Id = privateSubnet2.id;
export const securityGroupId = securityGroup.id;
export const ec2InstanceId = ec2Instance.id;

Deploy this code

Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.

Sign up

New to Pulumi?

Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.

Sign up