Shulou(Shulou.com)06/03 Report--

1. It is required to create a three-tier network architecture, and the server can only be connected through the springboard; the web server can only be connected by the springboard, port 80 can only be accessed by ELB, and the server does not assign a public network IP; the public network connection through the NAT; database server can only be connected to port 3306 by the web server; the servers are distributed in multiple AZ. Network architecture diagram

Relationship between components of the network

Components include NACL,Route,Security Group,Internet Gateway,NAT Gateway,Elastic IP and so on.

Drawing tool: https://www.processon.com/i/5a24e7d6e4b0f3a798660105

Operation step 2.1.Create VPC. If you want to create an EC2 instance with public network DNS, open the DNS hostnames enable setting of VPC; create IGW and attach it to VPC; create six subnets you need and put them under the created VPC; create three routes, private network, NAT, and public network. Add an entry for public network route 0.0.0.0Comp0 to route to IGW, and then associate two public subnets. Two public subnets enable automatic assignment of public network IP; private network routing without adding a routing entry. By default, it can be associated with two private subnets. Create a NAT gateway and choose to place public subnets. NAT routing add routing entry 0.0.0.0Plus 0 route to the NAT device you just created, and then associate two private subnets; 2.2.Security settings

You can set NACL and firewall for each subnet. For convenience, we no longer set it, but only set the security group of the instance.

Create a security group bastion-sg for springboard instances, which only allows specific IP to access port 22; create a security group elb-sg for ELB instances, which only allows access to port 80; create a security group web-sg for Web instances, which only allows instances in the bastion-sg,elb-sg group to access; create a security group db-sg for database instances, and only allow instances in the web-sg group to access port 3306. Create instance, select the first public subnet, configure the set security group; create Web instance, select three or four private subnets, configure the set security group; create RDS subnet rent, select five or six private subnets, create the instance, and select the subnet group you just created.

Video tutorial: https://edu.51cto.com/course/18611.html

3. Fee 3. 1, NAT gateway fee

If you choose to create a NAT gateway in VPC, you will need to pay for each "NAT Gateway hour" that is preset and available for the NAT gateway. Each GB processed through the NAT gateway charges a data processing fee, regardless of the source or destination of the traffic. NAT gateways running for less than one hour will be billed on an hourly basis. All data transmitted through the NAT gateway will also incur standard AWS data transfer costs. If you no longer want to pay for the NAT gateway, simply use the AWS management console, the command line interface, or API to delete the NAT gateway.

For example, the price of northern Virginia:

Price per NAT gateway (USD/ hours) price per GB data (USD) 0.045 USD0.045 USD welcome to scan the code for more information

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.