{"id":24514658,"url":"https://github.com/briankn019/creating-a-private-subnet","last_synced_at":"2025-03-15T10:25:54.047Z","repository":{"id":263468660,"uuid":"889607854","full_name":"BrianKN019/Creating-a-Private-Subnet","owner":"BrianKN019","description":null,"archived":false,"fork":false,"pushed_at":"2024-12-10T19:18:33.000Z","size":10886,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-01-22T01:13:56.329Z","etag":null,"topics":["aws","private","subnet","vpc"],"latest_commit_sha":null,"homepage":"https://briankimemia.vercel.app/projects","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/BrianKN019.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-11-16T18:56:35.000Z","updated_at":"2024-12-10T19:18:38.000Z","dependencies_parsed_at":"2024-11-18T18:54:00.615Z","dependency_job_id":null,"html_url":"https://github.com/BrianKN019/Creating-a-Private-Subnet","commit_stats":null,"previous_names":["briankn019/creating-a-private-subnet"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BrianKN019%2FCreating-a-Private-Subnet","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BrianKN019%2FCreating-a-Private-Subnet/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BrianKN019%2FCreating-a-Private-Subnet/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BrianKN019%2FCreating-a-Private-Subnet/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/BrianKN019","download_url":"https://codeload.github.com/BrianKN019/Creating-a-Private-Subnet/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":235043935,"owners_count":18927011,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","private","subnet","vpc"],"created_at":"2025-01-22T01:14:05.543Z","updated_at":"2025-01-22T01:14:06.328Z","avatar_url":"https://github.com/BrianKN019.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# Creating-a-Private-Subnet\n \n# 🌟 **Creating a Secure Private Subnet in AWS** 🌟  \n\nWelcome to the **Creating a Secure Private Subnet in AWS** project! This project demonstrates how to use **Amazon Virtual Private Cloud (VPC)** to create secure, isolated network environments for AWS resources. Learn how to configure subnets, route tables, and network ACLs for optimized data flow and enhanced security.  \n\n---\n \n## 🚀 **Today's Highlights**  \n\n### 1️⃣ **What is Amazon VPC?**  \nAmazon VPC enables users to create a logically isolated network in the AWS cloud. It provides control over:  \n- IP addressing  \n- Subnets (Public and Private)  \n- Route tables  \n- Security groups  \n- Network ACLs  \n\n### 2️⃣ **How I Used Amazon VPC**  \n- Designed secure, isolated network environments.  \n- Configured **private and public subnets**.  \n- Managed **route tables** and **security groups** to control access.  \n- Ensured optimal data flow between AWS instances and external services.  \n\n### 3️⃣ **Key Learnings**  \n🔍 **Private vs Public Subnets**  \n- **Public Subnets**: Direct internet access via an Internet Gateway.  \n- **Private Subnets**: No direct internet access, ideal for sensitive resources.  \n\n🔐 **Enhanced Security**  \nPrivate subnets are ideal for databases or application servers that should remain isolated from external networks, ensuring protection from unauthorized access.  \n\n---\n\n## 🗺️ **Project Architecture**  \n\n```mermaid\nflowchart TD\n    A[VPC] --\u003e B[Public Subnet]\n    A --\u003e C[Private Subnet]\n    B --\u003e D[Internet Gateway]\n    C --\u003e E[Route Table]\n    C --\u003e F[Network ACL]\n    F --\u003e G[Enhanced Security Rules]\n    E --\u003e|Private Routes| C\n    D --\u003e|Public Routes| B\n    B --\u003e|Public Traffic| Instances_Public[Public EC2 Instances]\n    C --\u003e|Private Traffic| Instances_Private[Private EC2 Instances]\n```\n\n## Key Components\nPublic Subnet: For resources requiring direct internet access (e.g., web servers).\nPrivate Subnet: For internal resources like databases and application servers.\nInternet Gateway: Routes internet traffic for public subnets.\nRoute Table: Ensures private subnets have no routes to the internet.\nNetwork ACL: Restricts inbound and outbound traffic for private subnets.\n## 💻 Steps to Secure a Private Subnet\n### 1️⃣ Create and Isolate the Private Subnet\nConfigure the private subnet within the VPC.\nEnsure it is not associated with an Internet Gateway.\n```mermaid\ngraph TD\n    VPC --\u003e|Create Subnet| PrivateSubnet[Private Subnet]\n    PrivateSubnet --\u003e|No Internet| RouteTable\n```\n\n\n### 2️⃣ Setup a Dedicated Route Table\nRemove default routes to the Internet Gateway.\nAdd routes for internal communication within the VPC.\n### 3️⃣ Implement a Custom Network ACL\nDeny all traffic by default.\nGradually allow inbound and outbound traffic for specific trusted sources.\n```mermaid\nflowchart TD\n    DefaultACL[Default ACL] --\u003e|Replace| CustomACL[Custom ACL]\n    CustomACL --\u003e|Block Traffic| DenyAll\n    DenyAll --\u003e|Allow Trusted Sources| AllowRules[Customized Rules]\n```\n\n\n## 🎯 Results\nEnhanced Security: The private subnet is fully isolated, allowing access only from trusted sources.\nCustom Network ACL: Fine-tuned traffic control ensures no unauthorized access.\nDedicated Route Table: Prevents accidental exposure to the internet.\n## 📊 Quick Comparison\nFeature\tPublic Subnet\tPrivate Subnet\nInternet Access\tYes, via Internet Gateway\tNo, fully isolated\nUse Case\tWeb Servers, Load Balancers\tDatabases, Application Servers\nSecurity Level\tModerate\tHigh\n## 🎨 Visualizing the Private Subnet Workflow\n\n```mermaid\ngraph LR\n    VPC[VPC] --\u003e PublicSubnet[Public Subnet]\n    VPC --\u003e PrivateSubnet[Private Subnet]\n    PublicSubnet --\u003e|Internet Traffic| IGW[Internet Gateway]\n    PrivateSubnet --\u003e|Internal Traffic| NAT[NAT Gateway]\n    PrivateSubnet --\u003e DB[Database Server]\n```\n\n## 🔍 What Surprised Me\nOne unexpected challenge was managing overlapping IP addresses across multiple VPCs. This required careful planning to avoid conflicts and ensure seamless connectivity.\n\n## ⏱️ Time Taken\nThis project took approximately 1 hour to complete, including:\n\nPlanning the architecture.\nConfiguring the private subnet, route tables, and ACLs.\nTesting and troubleshooting connectivity issues.\n## 🌟 Key Takeaways\nPrivate Subnets are crucial for isolating sensitive workloads.\nCustom Route Tables and Network ACLs significantly enhance security.\nThoughtful planning prevents network conflicts in multi-VPC setups.\n## 🚀 Next Steps\n🔮 Automate subnet creation with AWS CloudFormation.\n🔮 Integrate the private subnet with a highly available database cluster.\n🔮 Implement monitoring tools for real-time traffic insights.\n\n## 📧 Contact Me\nFor questions or feedback, reach out:\n📨 Email: briannkimemia@gmail.com\n🌐 Portfolio: [Brian Kimemia](https://briankimemia.vercel.app/projects)\n\nThank you for exploring this project! Let’s continue to build secure, scalable networks together! 🚀\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbriankn019%2Fcreating-a-private-subnet","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbriankn019%2Fcreating-a-private-subnet","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbriankn019%2Fcreating-a-private-subnet/lists"}