Fortinet Document Library

Version:


Table of Contents

AWS Cookbook

Resources

Upgrade Path Tool

AWS Cookbook

6.2.0
Download PDF
Copy Link

Creating VPCs and subnets

Each VPC requires private subnets:

  • Each spoke VPC must each have one private subnet.
  • The security VPC hub must have eight subnets: four per availability zone (AZ). Each AZ contains a subnet for management, private interface, public interface, and one Transit Gateway attachment.

Create the spoke and security subnets in different AZs to demonstrate cross-AZ functionality. The example shows the following:

  • Spoke 1 (A) has one subnet in the us-west-2a AZ.
  • Spoke 2 (B) has one subnet in the us-west-2b AZ.
  • The security hub has four subnets for each AZ in both the us-west-2a and us-west-2b AZs.
To create VPCs and subnets:
  1. In the AWS console, open the VPC service.
  2. Select Your VPCs and click the Create VPC button.
  3. In the Name tag field, enter the desired name.
  4. In the IPv4 CIDR block and IPv6 CIDR block fields, specify the desired CIDR for the spoke VPC.
  5. Click Create.
  6. Repeat the process to create another spoke VPC and a security VPC.

  7. Create subnets:
    1. In the AWS console, go to the VPC service.
    2. Select Subnets, then click the Create Subnet button.
    3. In the Name tag field, enter the desired name.
    4. In the VPC field, enter the VPC ID of the desired spoke or security VPC.
    5. From the Availability Zone dropdown list, select the desired AZ.
    6. In the IPv4 CIDR block, enter the desired CIDR block. Using default /24-sized subnets is recommended.
    7. Click Create.
    8. Repeat the process until you have the ten subnets.

After completion of this process, the example has configured the following subnets:

  • AZ A subnets in security VPC:
    • Public: 10.0.0.0/24
    • Internal: 10.0.1.0/24
    • Heartbeat: 10.0.2.0/24
    • Management: 10.0.3.0/24
  • AZ B subnets in security VPC:
    • Public: 10.0.10.0/24
    • Internal: 10.0.11.0/24
    • Heartbeat: 10.0.12.0/24
    • Management: 10.0.13.0/24
  • AZ A subnet in spoke 1 VPC: 10.1.1.0/24
  • AZ B subnet in spoke 2 VPC: 10.2.1.0/24

Resources

Creating VPCs and subnets

Each VPC requires private subnets:

  • Each spoke VPC must each have one private subnet.
  • The security VPC hub must have eight subnets: four per availability zone (AZ). Each AZ contains a subnet for management, private interface, public interface, and one Transit Gateway attachment.

Create the spoke and security subnets in different AZs to demonstrate cross-AZ functionality. The example shows the following:

  • Spoke 1 (A) has one subnet in the us-west-2a AZ.
  • Spoke 2 (B) has one subnet in the us-west-2b AZ.
  • The security hub has four subnets for each AZ in both the us-west-2a and us-west-2b AZs.
To create VPCs and subnets:
  1. In the AWS console, open the VPC service.
  2. Select Your VPCs and click the Create VPC button.
  3. In the Name tag field, enter the desired name.
  4. In the IPv4 CIDR block and IPv6 CIDR block fields, specify the desired CIDR for the spoke VPC.
  5. Click Create.
  6. Repeat the process to create another spoke VPC and a security VPC.

  7. Create subnets:
    1. In the AWS console, go to the VPC service.
    2. Select Subnets, then click the Create Subnet button.
    3. In the Name tag field, enter the desired name.
    4. In the VPC field, enter the VPC ID of the desired spoke or security VPC.
    5. From the Availability Zone dropdown list, select the desired AZ.
    6. In the IPv4 CIDR block, enter the desired CIDR block. Using default /24-sized subnets is recommended.
    7. Click Create.
    8. Repeat the process until you have the ten subnets.

After completion of this process, the example has configured the following subnets:

  • AZ A subnets in security VPC:
    • Public: 10.0.0.0/24
    • Internal: 10.0.1.0/24
    • Heartbeat: 10.0.2.0/24
    • Management: 10.0.3.0/24
  • AZ B subnets in security VPC:
    • Public: 10.0.10.0/24
    • Internal: 10.0.11.0/24
    • Heartbeat: 10.0.12.0/24
    • Management: 10.0.13.0/24
  • AZ A subnet in spoke 1 VPC: 10.1.1.0/24
  • AZ B subnet in spoke 2 VPC: 10.2.1.0/24