Creating the network and database
Walking through the AWS Console
The easiest way to get up and running is to create an entirely new VPC for this course. It's easy because Amazon provides a wizard to automatically create a VPC with both a public and private subnet. We're going to use that to streamline this process.
To NAT or not to NAT?#
We're making private subnets because they are secure, and no one on the Internet can reach them. However, there is a downside: your Django application will not be able to connect outward to the Internet by default.
If you need your application to connect to the Internet, AWS offers a NAT Gateway service. We mention this because there is a cost to running a NAT gateway and not all applications require internet access. At the time of this writing, for the
us-east-1 region, it costs:
$0.045 per hour per NAT Gateway
$0.045 per GB processed (amount of data transferred)
So running a NAT gateway without any network traffic will cost around $1.08 per day or $32.00 a month.
We don't require a NAT gateway for this course, but we will provide instructions on how to set it up.
Obtain an Elastic IP#
If you choose to use a NAT gateway, then make sure to Allocate Elastic IP Address from the VPC Service in the AWS Console
Create the private subnets#
We're going to create two subnets with ranges:
10.0.8.0/21. Both have over two thousand IP addresses so it should be sufficient for this course. In production, if you feel you'll need more IP addresses, it's easy to adjust.
If you are going to use a NAT Gateway, be sure to enter the Elastic IP Allocation ID in the wizard.
Once that's done we can inspect our subnets:
One more thing we'll need is the Security Group that was created. You can think of a Security Group as both a firewall policy and a grouping mechanism. We won't dive deeply into these, but we will need this information to proceed. All our Lambda instances will be part of this Security Group.