🛡️ AWS Project: Deploying a Secured Multi-Layered VPC

This project demonstrates how I deployed a secured multi-layered VPC on AWS using Network ACLs (NACLs) and Security Groups to implement layered security for public and private resources.

---

🌐 Why This Project?

This project was designed to deepen my hands-on understanding of AWS networking by building a secured, multi-layered VPC from scratch. By isolating resources into public and private subnets and configuring both stateful and stateless firewalls, I implemented layered security following best practices. The project also simulated real-world scenarios like secure SSH access, internal EC2 communication, and controlled internet connectivity—skills that are essential for cloud architecture, DevOps, and cloud security roles.

---

🗺️ Architecture Diagram

---

🧱 Key AWS Services Used

• VPC: To define the isolated network environment.
• Subnets: Separate public and private resources within the VPC.
• Internet Gateway (IGW): Enables internet access for public subnets.
• Route Tables: To control routing within the VPC.
• Security Groups: Instance-level virtual firewalls.
• Network ACLs: Subnet-level stateless firewalls for additional security.
• EC2: Compute resources for deploying instances.
• Key Pairs: For secure SSH access.

---

🛠️ Deployment Steps

✅ Step 1 – Creating the VPC

Created a VPC named my_VPC with:

• IPv4 CIDR block: 10.0.0.0/16
• No IPv6 CIDR block

✅ Step 2 – Attaching an Internet Gateway

• Created an Internet Gateway named my_IGW
• Attached it to my_VPC

✅ Step 3 – Creating Two Subnets

Created two subnets in my_VPC:

• public_subnet:
  • CIDR block: 10.0.1.0/24
  • Availability Zone: No preference
• private_subnet:
  • CIDR block: 10.0.2.0/24
  • Availability Zone: No preference

✅ Step 4 – Route Tables & Routes

• Created two route tables:
  • public_route associated with public_subnet
    • Route: 0.0.0.0/0 → Target: my_IGW
  • private_route associated with private_subnet

🗺️ VPC Resource Map

✅ Step 5 – Creating a Security Group

Created a security group named my_securitygroup with the following inbound rules:

Type	Protocol	Port Range	Source
SSH	TCP	22	0.0.0.0/0
All ICMP - IPv4	ICMP	ALL	0.0.0.0/0

✅ Step 6 – Creating & Configuring Network ACL

Created a Network ACL named my_NACL with the following rules:

🔽 Inbound Rules

Rule #	Type	Protocol	Port Range	Source	Allow/Deny
100	SSH	TCP	22	0.0.0.0/0	ALLOW
200	All ICMP - IPv4	ICMP	ALL	0.0.0.0/0	ALLOW

🔼 Outbound Rules

Rule #	Type	Protocol	Port Range	Destination	Allow/Deny
100	All ICMP - IPv4	ICMP	ALL	0.0.0.0/0	ALLOW
200	Custom TCP Rule	TCP	1024–65535	0.0.0.0/0	ALLOW

• Associated my_NACL with both public_subnet and private_subnet

✅ Step 7 – Launching EC2 Instances

Launched two t2.micro instances using Amazon Linux 2 AMI inside my_VPC:

• public_instance:

  • Subnet: public_subnet
  • Auto-assign Public IP: Enabled

• private_instance:

  • Subnet: private_subnet
  • Auto-assign Public IP: Disabled

🔐 Note: I also created and associated a key pair named myKey.pem for SSH access.

✅ Step 8 – Testing Connectivity

1. Connected to public_instance using EC2 Instance Connect
   

2. From the public_instance, the following tests were performed:

   • Connectivity to private_instance using:
     ping 10.0.2.128 -c 5
     

   • Connectivity to the internet using:
     ping google.com -c 5
     

✅ Successful connectivity confirms that the network architecture, routing, and security configurations are working as intended.

---

✍️ Author

Made with 💻 by Nidhal Labri
🔗 LinkedIn