Configuring a Virtual Private Cloud

Amazon Virtual Private Cloud (VPC) allows you to define a virtual network into which you deploy your instances. This virtual network closely resembles a traditional network that you'd operate in your own data center.

Like a traditional network, your VPC will have subnets, can be configured to have internet access, and can even have a VPN connection back to your existing data center, thus extending your physical network into a cloud.

This section describes how to set up a VPC with a single public subnet, attach the VPC to the internet gateway, and then create a routing table and associate the subnet.

Creating a VPC and subnet

This section shows you how to create an AWS VPC and create a subnet. When applicable, choose settings specific to your own environment.

1. From the AWS Management Console, go to Services > Network & Content Delivery, click VPC.
2. In the navigation pane, under Virtual Private Cloud, click Your VPCs.
3. Click Create VPC.
4. On the Create VPC page, set the following attributes for your VPC:
   1. For the Name tag field, enter a name for your VPC.
   2. For the IPv4 CIDR block field, specify an IPv4 address range for your VPC.
   3. From the Tenancy dropdown, select Default.
      
5. Click Create VPC.
   The VPC is created. Take note of the Name and VPC ID as they will be needed later in the deployment process.
   
6. Click Close.
7. In the navigation pane, under Virtual Private Cloud, click Subnets.
8. Click Create subnet.
9. In the Subnets tab, under VPC pane, select a VPC from the VPC ID dropdown.
10. Under the Subnet settings pane, set the following attributes for your subnet:
    1. For the Subnet name field, enter a name.
    2. From the Availability Zone dropdown, select No Preference.
    3. For the IPv4 CIDR block field, specify an IPv4 address range.
       
11. Click Create subnet.
    The subnet is created. Take note of the subnet name and subnet ID.
12. Click Close.
13. From the list of subnets, select the newly created subnet.
14. Click Actions, and then click Modify auto-assign IP settings.
15. Select Enable auto-assign public IPv4 address, and then click Save.
    

Attaching the VPC to the internet gateway

This section shows you how to connect your VPC to the internet gateway. Note that if you are using the default VPC, the internet gateway should already exist.

1. In the navigation pane, under Virtual Private Cloud, click Internet Gateways.
2. Click Create internet gateway.
3. In the Name tag field, enter a name for the internet gateway, and then click Create internal gateway.
   The internet gateway is created.
4. Click Close.
   Note that the state of the internet gateway you created is detached.
   
5. From the list of internet gateways, select the newly created internet gateway.
6. Click Actions, and then click Attach to VPC.
7. On the Attach to VPC page, from the VPC dropdown, select your VPC.
8. Click Attach internal gateway.
   The state of the internet gateway changes to attached. Your VPC is attached to the internet gateway.

Creating a routing table

This section shows you how to create a route to allow all outbound traffic from the FortiAuthenticator to use the selected internet gateway.

1. In the navigation pane, under Virtual Private Cloud, click Route Tables.
2. From the list of route tables, select the route table associated with the your VPC.
3. Click the Routes tab, and then click Edit routes.
   Add another route to allow all outbound traffic to use the selected gateway. You can also enter a particular IP/Mask combination to restrict outgoing traffic to a specific value.
   
4. Click Add route.
5. In the Destination field, enter 0.0.0.0/0.
6. Click the Target field, click Internet Gateway, and then click your gateway to select it for this route.
   
7. Click Save changes.
8. Click Close.