in ,

Creating an Amazon VPC to use with a Database instance

Here in this tutorial, we will create a VPC that includes a DB instance that shares data with a web server in the same VPC. 

A DB instance is like a set of memory structures that manages database files. You can also say that it is an isolated database environment running in the AWS cloud. You need your DB instance only on your web server and there is no need to make it public, So we will create a VPC with private and public subnets. We will host the webserver on the public subnet to reach our audience through the internet and the DB instance will be hosted on a private subnet to make it accessible by the web server internally. 

Creating a VPC with public and private subnets

To create a VPC with a public and private subnet we should first create an Elastic IP to associate with a network address translation (NAT) gateway if you do not have one already. 

  1. Open the EC2 Console. (Make sure you are in the same region in which you will create your VPC)
  2. On the left side, panel click on Elastic IPs and then Allocate elastic Ip address.
  3. Keep the network border group field as default and for the Public IPv4 address pool, choose Amazon’s pool of IPv4 addresses. 
  4. Click on Allocate and note the allocation ID for the new Elastic IP address.

Now we will create the VPC with public and private subnets. 

  1. Open your Amazon console and navigate to VPC.
  2. From the VPC dashboard, click on Launch VPC Wizard. 
  3. On the VPC configuration page, choose a VPC with private and public subnets. 
  4. Now on the next page, you need to fill up some information about your VPC. Fill them like this:


IPv4 CIDR block:

IPv6 CIDR block: No IPv6 CIDR Block

VPC name: tutorial-vpc

Public subnet’s IPv4 CIDR:

Availability Zone: us-west-2a

Public subnet name: Tutorial public

Private subnet’s IPv4 CIDR:

Availability Zone: us-west-2a

Private subnet name: Tutorial private 1

Elastic IP Allocation ID: An Elastic IP address to associate with the NAT gateway

Service endpoints: Leave default(Skip)

Enable DNS hostnames: Yes

Hardware tenancy: Default

  1. Click on Create VPC.

Creating additional subnets

We will create either two public or two private subnets to create a DB subnet group for our DB instance. 

  1. Open your Amazon VPC console.
  2. From the VPC dashboard, Click on Security Groups and then Create Security group.
  3. Then fill up the information:
  • Security Group name: tute-sg
  • Description: [Anything of your choice]
  • VPC: Choose the VPC you created previously
  1. Now let’s add an inbound rule to the security group. You must know your IP address before adding it. 
  • In the Inbound Rule section, choose Add rule.
  • Enter the following values there to allow SSH access to your EC2 instance:

Type: SSH

Source: Your IP address

  • After adding the previous rule, let’s add one more rule to allow HTTP access to your web server:

Type: HTTP


  1. Then click on the Create Security Group and note the Security Group ID

Creating a VPC security group for a private DB instance

We want to keep our DB instance private and for that, we will create a private security group and we will add an inbound rule to allow traffic from the webserver only. 


  1. Open the Amazon VPC Console and from the dashboard, click on Securit Groups, and then Create Security group.
  2. Then enter the following values:
  • Name: tute-DB-sg
  • Description: [Anything of your choice]
  • VPC: Choose the VPC we created earlier
  1. Now time to add an inbound rule.
  • From the Inbound Rules section, choose Add rule.
  • We want to allow the MySQL traffic on port 3306 from our EC2 instance. This will allow us to connect from our web server to our DB instance and to store and retrieve data from our web application. 

Type: MySQL

Source: The identifier of the Security group which we created previously ( tute-sg)

  1. Click on Create Security Group.


Creating a DB subnet Group

A DB subnet group is a collection of subnets that is created in a VPC and attached to a DB instance. It helps us in specifying a particular VPC while creating a DB instance. 


  1. Open the Amazon RDS Console.
  2. On the next page, choose Subnet groups and then Create DB subnet group.
  3. Now enter the following values there:
    • Name: tute-DB-subnetgroup
  • Description:
  • VPC: that you created earlier
  1. Then choose the Availability Zones and Subnets. I.e. subnet:, 10.01.0/24 and Availability Zone: us-west-2b
  2. Click on create.


Now your DB instance can connect with the webserver existing in the same VPC.

What do you think?

Written by DANN N


Leave a Reply

Your email address will not be published. Required fields are marked *