Course: INFO 620

Title: Data Communications

Instructor: Promod Sreedharan

Project: Part 1
The Network and Security Groups
As part of completing this part of the project, students must construct the systems and
applications described and take screen shots at specific steps in the process. Students
must paste these screen shots, circle the detailed information requested, and post them
onto Canvas.

Create this VPC and subnets and create the required screen shots.

***NOTE*** Please delete your NAT Gateway and associated Elastic IP

address after you have created the VPC so that you do not incur charges
for these components which you will not need for the project.

Project Part 1 Deliverable #1 - VPC

Take a screen shot of your VPC and paste the screen shot into the answer sheet. Make
sure the following items are visible and circle the name of the VPC, the VPC ID and the
IPv4 CIDR for this VPC.

Project Part 1 Deliverable #2 - Subnets

Create two new public subnets (Public 1 and Public 2) and two private subnets (Private
1 and Private 2). The CIDR assignments, availability zones, route tables, and auto-
assign public IPv4 should match the screenshot below:

Take a screen shot of your subnets you created and paste the screen shot into the
answer sheet. Make sure the following items are visible and circle the name of the
subnet name, the VPC it is part of, the IPv4 CIDR, the availability zone, the route table
and the value for auto assigning public IPv4 addresses.

Include a screen shot of your public and private route tables. Example is included here.

Project Part 1 Deliverable #3 – Security groups

Create the following security groups to secure all systems deployed in this VPC. All
should be for any IPv4 or IPv6 address:

Security Group Comments

ELB Security Group Only open ports for HTTP and HTTPS traffic so the load
balancer can route requests to web servers and open ports
8080-8085.
Web Security Group Only open ports for HTTP & HTTPS, ICMP, SSH, and Remote
Desktop Access.
Database Security Only open ports for MySQL/Aurora access.
Group

Take screen shots of each of the three security groups you created and paste those
screen shots into the answer sheet. Make sure the security group name, the VPC it is
part of, and all Inbound Rules are visible and circled on each screenshot.

INFO 620 – Project Part 1 Page 2

If any ports are opened that are not needed, you will not receive credit for this
deliverable.
Example screen shot is included:

Project Part 1 Deliverable #4 – Testing through DNS address.

Create two EC2 instances. Create the first instance in your first public subnet and call it
AZ1 Test Instance. Create the second instance in the AZ2 Public Subnet and call it AZ2
Test Instance. Use the Amazon Linux 2 AMI (HVM). The instance type should be
t2.micro, and use the default storage settings.

The security group for both instances should be Web Security Group. Include the
screen shot of the settings for each instance, highlighting the availability zone, the
public IP address, VPC, subnet, and security groups.
Example follows:

INFO 620 – Project Part 1 Page 3

Then use EC2 Instance connect to attach to the instance. Create a file touch.txt (using
the command touch.txt) on the instance. Example follows.

INFO 620 – Project Part 1 Page 4

Note: Once you have taken the screenshot, you can terminate your two test
instances.

Evaluation:
• If an item is not correctly named or not highlighted no credit will be given.
• There is no partial credit for an individual item.

Item Description Points

Deliverable 1 –VPC
IPv4 CIDR block CIDR block correctly set for VPC 10
Deliverable 2 – Subnets
IPv4 CIDR block CIDR block correctly set for each subnet 5
Route tables Route tables correctly assigned for each subnet 10
Auto-assign IP IP address auto-assignment correctly set for each 5
subnet
Deliverable 3 – Security groups
Web Tier & App Security groups configured correctly for Web & App 10
Tier Tiers
ELB Tier Security groups configured correctly for ELB Tier 10

INFO 620 – Project Part 1 Page 5

 Database Tier Security groups configured correctly for Database Tier 10
Deliverable 4 – Testing through Remote
Connection
AZ1 Test Correct configuration for AZ1 Test Instance 15
Instance
Successful connection to AZ1 Test Instance 5
AZ2 Test Correct configuration for AZ2 Test Instance 15
Instance
Successful connection to AZ2 Test Instance 5

**REMEMBER** Delete your NAT Gateway and associated EIP address

after you have created the VPC so that you do not incur charges for
these components which you will not need for the project.

INFO 620 – Project Part 1 Page 6