How do I establish public and private subnets in a default VPC?
In this guide, we will create public and private subnets within a default VPC using Pulumi. This setup is essential for organizing your resources and controlling access to them. Public subnets allow resources to be accessed from the internet, while private subnets restrict access to internal resources only.
The following code will:
- Create a default VPC.
- Establish public and private subnets within the VPC.
- Associate the necessary route tables and internet gateway for the public subnet.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
// Create a new VPC
const vpc = new aws.ec2.Vpc("defaultVpc", {
cidrBlock: "10.0.0.0/16",
enableDnsSupport: true,
enableDnsHostnames: true,
tags: {
Name: "default-vpc",
},
});
// Create an Internet Gateway for the VPC
const internetGateway = new aws.ec2.InternetGateway("internetGateway", {
vpcId: vpc.id,
tags: {
Name: "internet-gateway",
},
});
// Create a public subnet
const publicSubnet = new aws.ec2.Subnet("publicSubnet", {
vpcId: vpc.id,
cidrBlock: "10.0.1.0/24",
mapPublicIpOnLaunch: true,
availabilityZone: "us-west-2a",
tags: {
Name: "public-subnet",
},
});
// Create a private subnet
const privateSubnet = new aws.ec2.Subnet("privateSubnet", {
vpcId: vpc.id,
cidrBlock: "10.0.2.0/24",
availabilityZone: "us-west-2a",
tags: {
Name: "private-subnet",
},
});
// Create a route table for the public subnet
const publicRouteTable = new aws.ec2.RouteTable("publicRouteTable", {
vpcId: vpc.id,
routes: [
{
cidrBlock: "0.0.0.0/0",
gatewayId: internetGateway.id,
},
],
tags: {
Name: "public-route-table",
},
});
// Associate the route table with the public subnet
const publicRouteTableAssociation = new aws.ec2.RouteTableAssociation("publicRouteTableAssociation", {
subnetId: publicSubnet.id,
routeTableId: publicRouteTable.id,
});
// Create a route table for the private subnet
const privateRouteTable = new aws.ec2.RouteTable("privateRouteTable", {
vpcId: vpc.id,
tags: {
Name: "private-route-table",
},
});
// Associate the route table with the private subnet
const privateRouteTableAssociation = new aws.ec2.RouteTableAssociation("privateRouteTableAssociation", {
subnetId: privateSubnet.id,
routeTableId: privateRouteTable.id,
});
// Export the VPC and subnet IDs
export const vpcId = vpc.id;
export const publicSubnetId = publicSubnet.id;
export const privateSubnetId = privateSubnet.id;
Key Points
- Default VPC Creation: A default VPC is created with DNS support and hostnames enabled.
- Subnets: Both public and private subnets are created within the VPC.
- Internet Gateway: An internet gateway is created and associated with the VPC for the public subnet.
- Route Tables: Separate route tables are created and associated with the public and private subnets.
Conclusion
We have successfully created a default VPC and established public and private subnets within it. The public subnet is configured to allow internet access, while the private subnet is restricted to internal resources. This setup is crucial for managing and securing your AWS resources efficiently.
Deploy this code
Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.
Sign upNew to Pulumi?
Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.
Sign upThank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.