From the console, create a VPC (I prefer no subnet option for easy customization)
- After the VPC is created, edit VPC settings > DNS settings, enable both DNS resolution and DNS hostnames
Create the subnets for the VPC:
- Create 4 private subnets into 2 sets: each set in each AZ, containing a subnet for EKS nodes and a subnet for RDS instances
- us-east-1a: EKS subnet 1, RDS subnet 1
- us-east-1b: EKS subnet 2, RDS subnet 2
- Create 2 public subnets for the ALB, in the AZs where the EKS nodes belong to
- us-east-1a: ALB subnet 1
- us-east-1b: ALB subnet 2
- Create a private subnet for the bastion hosts, for managing EKS cluster and RDS databases: Bastion subnet (any AZ)
- Create a public subnet for the NAT Gateway: NAT Gateway subnet (preferably same AZ as Bastion subnet)
Create an Internet Gateway, then attach it to the VPC
Create a NAT Gateway:
- Subnet: the NAT Gateway subnet
- Connectivity type: Public
- Allocate a new Elastic IP (AWS will create one at a click of a button)
Create the route tables, associate them with the correct subnets
- Private route table for EKS and RDS subnets: local
- Bastion route table for Bastion subnet: local + NAT Gateway at 0.0.0.0/0
- Public route table for ALB and NAT Gateway subnets: local +Internet Gateway at 0.0.0.0/0
The VPC should look something like this after the initial setup:
