Jose Felix Cruz
US Navy Veteran transitioning to cybersecurity. Background in digital marketing with 16+ years of experience, now applying my strategic and analytical skills to cloud security challenges.
US Navy Veteran transitioning to cybersecurity. Background in digital marketing with 16+ years of experience, now applying my strategic and analytical skills to cloud security challenges.
Creating a secure, isolated network environment in AWS with subnets and internet connectivity to establish the foundation for cloud-based applications.
In this project, I created a Virtual Private Cloud (VPC) in AWS to establish a secure, isolated network environment. I configured core networking components including CIDR blocks, subnets, and an internet gateway to enable controlled connectivity between cloud resources and the internet.
I implemented this infrastructure using both the AWS Management Console for visual configuration and AWS CloudShell with CLI commands for faster, script-based deployment, comparing the benefits of each approach.
A Virtual Private Cloud (VPC) is like my own private city in the cloud - an isolated section of AWS where I build digital infrastructure with complete control. I defined my VPC with a CIDR block of 10.0.0.0/24, which allocated a range of IP addresses for my cloud resources.
The CIDR notation (/24) indicates that the first 24 bits of the IP address are fixed, giving me 256 possible IP addresses within my VPC to assign to various resources. This addressing system ensures my resources can communicate with each other using unique identifiers within my isolated network environment.
I created a subnet within my VPC using a CIDR block of 10.0.0.128/25, which represents a subset of the IP addresses available in my VPC. This subnet exists in a specific Availability Zone, which helps with fault tolerance by allowing resources to be spread across multiple physical data centers.
After creating the subnet, I enabled auto-assign public IPv4 address. This setting ensures that any EC2 instance I launch in this subnet automatically receives a public IP address, enabling communication with the internet without manual configuration.
I attached an internet gateway to my VPC, creating a path for two-way communication between my cloud resources and the outside world. The gateway enables outbound traffic from my VPC to the internet and allows inbound traffic from the internet to reach my resources with public IPs.
This connection is essential for hosting public-facing applications like websites, allowing API access, or letting my EC2 instances download updates. The internet gateway serves as the bridge between my private cloud network and the public internet.
As part of a special exercise, I used AWS CloudShell to deploy VPC resources using the command line. CloudShell is a browser-based shell environment with AWS CLI pre-installed, accessible directly from the AWS Management Console.
I executed CLI commands to create a VPC, subnet, and internet gateway, gaining experience with both the graphical console and command-line approaches. The AWS CLI commands for VPC operations begin with "aws ec2" because VPCs were originally designed for EC2 instances, showing their historical connection.
When cleaning up my VPC resources, I discovered the dependency hierarchy that exists between AWS networking components. Resources had to be deleted in a specific order, requiring me to detach the internet gateway from the VPC before I could delete it.
This revealed an important lesson about cloud resource management - that there's a careful sequence required when dismantling infrastructure that isn't immediately obvious when building it. Understanding these dependencies is crucial for effective cloud resource management.
This project demonstrated several key networking concepts that are essential for cloud security:
VPCs create isolated network environments that act as security boundaries, reducing attack surface and minimizing the impact of potential breaches by limiting lateral movement.
Subnets allow for dividing the network into segments, enabling the separation of resources based on security requirements and restricting traffic flow between segments.
Internet gateways provide the ability to control which resources can access the internet, enabling public-facing applications while maintaining security for internal systems.
CIDR notation and IP addressing strategies ensure efficient allocation and organization of IP addresses, providing structure and manageability to cloud networks.
Challenge: One of the most difficult aspects was understanding and correctly configuring CIDR blocks for the VPC and subnet, especially ensuring the subnet CIDR was properly contained within the VPC CIDR range.
Solution: I researched CIDR notation and practiced with different configurations, learning that a subnet's CIDR needs to have a larger prefix (the number after the slash) and must fall completely within the VPC's IP range.
Challenge: When attempting to delete my VPC resources, I encountered dependency errors because resources had to be deleted in a specific order.
Solution: I learned to detach the internet gateway from the VPC first, then delete the gateway, followed by the subnet, and finally the VPC itself. This experience taught me about the hierarchical nature of AWS resources.
This project provided valuable insights into AWS networking foundations: