# Create A New VPC

## Overview

Amazon Virtual Private Cloud (Amazon VPC) enables you to launch AWS resources into a virtual network that you've defined. This virtual network closely resembles a traditional network that you'd operate in your own data center, with the benefits of using the scalable infrastructure of AWS.

![AWS in a Nutshell](./images/aws_in_a_nutshell.png)

## Create A New VPC

You will go through the steps to achieve the following setup:

![Lab VPC Setup](./images/lab_vpc_setup.png)
### Access the AWS Console

1.  Launch M365 **My Apps**, and launch **Vectra AWS**

2.  Under the **AWS Account** selection, select **vectra-se-dev > Management Console**

    ![AWS Sign-in](./images/aws_signin.png)

3.  Makes sure your region is **US West (Oregon) - us-west-2**

    ![AWS Region](./images/aws_region.png)

### Create VPC

1.  Go to **Services > Networking & Content Delivery > VPC**

    ![VPC Service](./images/services_vpc.png)

2.  Select **Create VPC** to launch the wizard

    ![Create VPC Wizard](./images/create_vpc_wizard.png)

3.  Select **VPC and more**, and enter the following information:
   
    -  **Auto-generate** - Checked
    -  **Auto-generate Name** - *initials*-project
    -  **IPv4 CIDR block** - 10.141.0.0/16
    -  **IPv6 CIDR block** - No IPv6 CIDR block checked
    -  **Tenancy** - Default
    -  **NAT gateways ($)** - In 1 AZ

    ![VPC Config](./images/vpc_config.png)

4.  Click **Create VPC**

    <div class="alert alert-info">
       <strong>Note:</strong><br>
        The system might take some time to create the VPC.
    <br>
        The system may stall at 47% if there is an issue with the NAT Gateway. If there are to many machinese you may get this error "Error: The Elastic IP Allication ID could fail"
    </div>

### Validate the VPC

1.  Validate the configuration:

    -   VPC Config:

        ![Valid VPC Config](./images/valid_vpc_config.png)

    -   Subnet Config:

        ![Valid Subnet Config](./images/valid_subnet_config.png)

## Configure VPC

### VPC Peering

A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them using private IPv4 addresses or IPv6 addresses. Instances in either VPC can communicate with each other as if they are within the same network. You can create a VPC peering connection between your own VPCs, or with a VPC in another AWS account. The VPCs can be in different regions (also known as an inter-region VPC peering connection).

We want to connect the new ***initials*-project** VPC to the existing **VPC-Common-Infra-SE-Training** VPC (L2 connectivity).

1.  Go to **Virtual private cloud > Peering connections**

2.  Click on **Create peering connection**

3.  Enter the following information:

    -   **Name** - *initials*-peer
    -   **Select a local VPC to peer with**
        -   **VPC ID (Requester)** - *initials*-project-vpc
    -   **Select another VPC to peer with**
        -   **VPC ID (Accepter)** - VPC-Common-Infra-SE-Training

    ![Create Peer](./images/create_peer.png)

4.  Click **Create peering connection**

### Validate Peer Connection

You will need to accept the **Pending acceptance** for the new peering connection.

1.  Select your ***initials*-peer** connection

2.  From the **Actions** dropdown, select **Accept request**

3.  Click **Accept request**

4.  Make a note or copy the **Peering connection ID** (EX. pcx-061480711c632****), this will be used later to create routes

5. Your **Status** should show **Active**

## Add Routes

A route table contains a set of rules, called routes, that determine where network traffic from your subnet or gateway is directed.

We want to setup routes from the new ***initials*-project** VPC to the existing **VPC-Common-Infra-SE-Training** VPC.

1.  Go to your ***initials*-project-vpc** VPC

2.  Select the **Main route table**

    ![Main Route Table](./images/main_route_table.png)

3.  From the **Actions** dropdown, select **Edit routes**

4.  Click **Add Route**, and enter the following information:

    -   **Destination** - 172.22.255.0/24
    -   **Target** - Your *Peering connection ID* from the previous section

    ![New Route Information](./images/new_route_info.png)

5.  Click **Save changes**

6.  Go to the **VPC-Common-Infra-SE-Training** VPC

7.  Select the **Main route table > RT - Common Infra SE Training**

8.  From the **Actions** dropdown, select **Edit routes**

9.  Click **Add Route**, and enter the following information:

    -   **Destination** - 10.141.0.0/16
    -   **Target** - Your *Peering connection ID* from the previous section

10.  Click **Save changes**

## Create A Key Pair

Key Pairs are used to SSH to any Linux instance, or decrypt Windows password. In our case, will be used to access the Brain & the sensor with SSH

1.  In the search bar, search for **Key Pairs**

2.  Click on **EC2**

    ![EC2](./images/ec2.png)

3.  Select **Key Pairs** under **Network & Security**
   
4.  Click **Create key pair**, and fill in the fields below:

    -   **Name** - *initials*-key
    -   **RSA** - Checked
    -   **.pem** - Checked
  
    ![Key Pair Config](./images/key_pair_config.png)

5.  Click **Create key pair**

6.  Save the key in a secure folder on your computer, as you will use this to connect to the brain via the CLI.

    <div class="alert alert-info">
    <strong>Note:</strong> 
    If you lose this key you will not be able to connect to your brain, and you will have to redploy a new brain.
    <br><br>
    Please secure them by applying an access right such as 700 so you can only use them yourself.
    <br><br>
    This identity theft is one of the most common attack vector in AWS
    </div>