Expert Mode: Creating a Custom VPC Platform
This feature is not available from the APIs or Cockpit v2-beta. This documentation only describes the procedure using Cockpit v1. For more information on these other procedures, see Creating a VPC.
You can create a fully custom Virtual Private Cloud (VPC) platform, either from Cockpit v1 or from any SDK like, for example, AWS CLI. This enables you to define every feature for your VPC platform, like the CIDR blocks of your VPC and subnets, whether the VPC is connected to the Internet and how, and so on.
The goal of this tutorial is to create a Virtual Private Cloud (VPC) composed of one subnet, into which you can launch your instances. You can create additional subnets using the same procedure, and connect your instances to the Internet either directly or indirectly. For more information, see Connecting Instances in a VPC to the Internet.
Create the VPC architecture
Create your VPC with, for example, a 10.0.0.0/16 CIDR block. For more information, see Creating a VPC.
The CIDR blocks used in this procedure are examples only.
(optional) To disable the network enhancement allowing instances of a same subnet to communicate with one another without security group rules required, add a tag to your VPC with osc.fcu.enable_lan_security_groups as key. For more information about how to add a tag, see Adding or Removing Tags. For more information about this network enhancement, see About VPCs > Subnet Routing and Security.
This tag must be added to your VPC before creating subnets into it.
The value of this tag is not taken into account, you can therefore specify any value for this tag.
Create a subnet with, for example, a 10.0.1.0/24 CIDR block.
(optional) Create a route table for your subnet. For more information, see Creating a Route Table.
You can also use the main route table created with your VPC. For more information, see About Route Tables.
(optional) Associate the previously created route table with your subnet. For more information, see Associating a Route Table with a Subnet.
All the basic elements of your VPC architecture are created.
Set up your instances
Create one security group for your subnet. For more information, see Creating a Security Group.
You can also use the default security group created with your VPC. For more information, see About Security Groups.
Add the rules you need for inbound and outbound flows to your security group. For more information, see Adding Rules to a Security Group.
To enable access from your local machine to your instances in the subnet, you need to add a rule allowing the following inbound flows:
- Linux instances: To enable SSH connection, flows in TCP protocol on port 22 coming from the IP of your machine
- Windows instances: To enable access from a remote desktop application, flows in TCP protocol on port 3389 coming from the IP of your machine
For more information, see Accessing Your Instances.
Create a keypair for your instances. For more information, see Creating a Keypair.
Launch your instances in your subnet. For more information, see Creating / Launching Instances.
Configure your instances as you need.
Your instances are set up in your subnet.
AWS™ and Amazon Web Services™ are trademarks of Amazon Technologies, Inc or its affiliates in the United States and/or other countries.