Create A New VPC

Overview

Amazon Virtual Private Cloud (Amazon VPC) enables you to launch AWS resources into a virtual network that you’ve defined. This virtual network closely resembles a traditional network that you’d operate in your own data center, with the benefits of using the scalable infrastructure of AWS.

Create A New VPC

You will go through the steps to achieve the following setup:

Access the AWS Console

1. Launch M365 My Apps, and launch Vectra AWS

2. Under the AWS Account selection, select vectra-se-dev > Management Console

   

3. Makes sure your region is US West (Oregon) - us-west-2

   

Create VPC

1. Go to Services > Networking & Content Delivery > VPC

   

2. Select Create VPC to launch the wizard

   

3. Select VPC and more, and enter the following information:

   • Auto-generate - Checked

   • Auto-generate Name - initials-project

   • IPv4 CIDR block - 10.141.0.0/16

   • IPv6 CIDR block - No IPv6 CIDR block checked

   • Tenancy - Default

   • NAT gateways ($) - In 1 AZ

   

4. Click Create VPC

   Note:
   The system might take some time to create the VPC.
   The system may stall at 47% if there is an issue with the NAT Gateway. If there are to many machinese you may get this error "Error: The Elastic IP Allication ID could fail"

Validate the VPC

1. Validate the configuration:

   • VPC Config:

     

   • Subnet Config:

     

Configure VPC

VPC Peering

A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them using private IPv4 addresses or IPv6 addresses. Instances in either VPC can communicate with each other as if they are within the same network. You can create a VPC peering connection between your own VPCs, or with a VPC in another AWS account. The VPCs can be in different regions (also known as an inter-region VPC peering connection).

We want to connect the new initials-project VPC to the existing VPC-Common-Infra-SE-Training VPC (L2 connectivity).

1. Go to Virtual private cloud > Peering connections

2. Click on Create peering connection

3. Enter the following information:

   • Name - initials-peer

   • Select a local VPC to peer with

     • VPC ID (Requester) - initials-project-vpc

   • Select another VPC to peer with

     • VPC ID (Accepter) - VPC-Common-Infra-SE-Training

   

4. Click Create peering connection

Validate Peer Connection

You will need to accept the Pending acceptance for the new peering connection.

1. Select your initials-peer connection

2. From the Actions dropdown, select Accept request

3. Click Accept request

4. Make a note or copy the Peering connection ID (EX. pcx-061480711c632****), this will be used later to create routes

5. Your Status should show Active

Add Routes

A route table contains a set of rules, called routes, that determine where network traffic from your subnet or gateway is directed.

We want to setup routes from the new initials-project VPC to the existing VPC-Common-Infra-SE-Training VPC.

1. Go to your initials-project-vpc VPC

2. Select the Main route table

   

3. From the Actions dropdown, select Edit routes

4. Click Add Route, and enter the following information:

   • Destination - 172.22.255.0/24

   • Target - Your Peering connection ID from the previous section

   

5. Click Save changes

6. Go to the VPC-Common-Infra-SE-Training VPC

7. Select the Main route table > RT - Common Infra SE Training

8. From the Actions dropdown, select Edit routes

9. Click Add Route, and enter the following information:

   • Destination - 10.141.0.0/16

   • Target - Your Peering connection ID from the previous section

10. Click Save changes

Create A Key Pair

Key Pairs are used to SSH to any Linux instance, or decrypt Windows password. In our case, will be used to access the Brain & the sensor with SSH

1. In the search bar, search for Key Pairs

2. Click on EC2

   

3. Select Key Pairs under Network & Security

4. Click Create key pair, and fill in the fields below:

   • Name - initials-key

   • RSA - Checked

   • .pem - Checked

   

5. Click Create key pair

6. Save the key in a secure folder on your computer, as you will use this to connect to the brain via the CLI.

   Note: If you lose this key you will not be able to connect to your brain, and you will have to redploy a new brain.
   
   Please secure them by applying an access right such as 700 so you can only use them yourself.
   
   This identity theft is one of the most common attack vector in AWS