
# AWS Lab Exercise — Public Subnet (Console Based)

### Objective
In this exercise, you will create a **Public Subnet** inside a custom **VPC** in the **Mumbai Region (ap-south-1)** and launch an **EC2 instance** inside it that can connect to the internet.

---

### Architecture Diagram
A simple architecture for this lab:

```
Region: ap-south-1 (Mumbai)
└── VPC (10.100.0.0/16)
    ├── Public Subnet (10.100.0.0/24)
    │     └── EC2 Instance (Public IP + Private IP)
    └── Internet Gateway (IGW)
          └── Route Table with default route (0.0.0.0/0 → IGW)
```

---

### High-Level Steps
1. Create a new VPC  
2. Create an Internet Gateway and associate it with your VPC  
3. Create a Public Subnet and enable Auto-assign Public IP  
4. Create a Route Table and add a route to the Internet Gateway  
5. Associate the Route Table with your Subnet  
6. Launch an EC2 instance in the Public Subnet  
7. Connect to the instance using its Public IP

---



## Step 1: Create a VPC

1. Open the **AWS Management Console** → navigate to **VPC service** → **Your VPCs** → click **Create VPC**.  
2. Choose **VPC Only**.  
3. Enter the following details:
   - **Name tag:** `VPC-A`  
   - **IPv4 CIDR block:** `10.100.0.0/16`  
   - **Tenancy:** Default  
4. Click **Create VPC**.  
5. Verify that your VPC appears in the list with state `Available`.



## Step 2: Create an Internet Gateway

1. In the left panel, choose **Internet Gateways** → click **Create internet gateway**.  
2. **Name tag:** `VPC-A-IGW`.  
3. Click **Create internet gateway**.  
4. Once created, select the Internet Gateway → choose **Actions** → **Attach to VPC**.  
5. Select **VPC-A** and click **Attach Internet Gateway**.  

This Internet Gateway will allow instances in your public subnet to communicate with the Internet.



## Step 3: Create a Public Subnet

1. Go to **Subnets** → click **Create subnet**.  
2. Select **VPC ID:** `VPC-A`.  
3. For **Subnet name**, enter `VPC-A-Public`.  
4. Choose an **Availability Zone** (e.g., `ap-south-1a`).  
5. Enter **IPv4 CIDR block:** `10.100.0.0/24`.  
6. Click **Create subnet**.  
7. After creation, select the subnet → **Actions** → **Edit subnet settings** → enable **Auto-assign IP settings** → check **Enable auto-assign public IPv4 address** → click **Save**.

This ensures every instance launched in this subnet gets a public IP automatically.



## Step 4: Create a Route Table

1. Go to **Route Tables** → click **Create route table**.  
2. **Name tag:** `VPC-A-Public-RT`.  
3. Select **VPC:** `VPC-A`.  
4. Click **Create route table**.  
5. Select your route table → go to **Routes** tab → click **Edit routes** → **Add route**.  
   - **Destination:** `0.0.0.0/0`  
   - **Target:** select the Internet Gateway (`VPC-A-IGW`).  
6. Click **Save changes**.

This route allows outbound traffic from the subnet to the Internet.



## Step 5: Associate Route Table with Subnet

1. Go to **Route Tables** → select `VPC-A-Public-RT`.  
2. In the **Subnet associations** tab → click **Edit subnet associations**.  
3. Select the checkbox for **VPC-A-Public** subnet.  
4. Click **Save associations**.

This links the route table (with internet access) to the public subnet.



## Step 6: Launch an EC2 Instance in the Public Subnet

1. Navigate to **EC2 Service** → **Instances** → click **Launch Instance**.  
2. **Name:** `EC2-A`.  
3. Select **Amazon Linux** as the OS image (default).  
4. Choose **Instance type:** `t2.micro` (Free tier eligible).  
5. **Key pair:** Select an existing key pair (or create one).  
6. Under **Network settings**, click **Edit**:
   - **VPC:** `VPC-A`  
   - **Subnet:** `VPC-A-Public`  
   - Ensure **Auto-assign Public IP** is enabled.  
7. Under **Firewall (security group)** → **Create security group**:
   - **Name:** `EC2-A-SG`  
   - **Inbound rule:** Type: SSH, Port: 22, Source: My IP  
8. Keep storage default (8 GiB, gp3).  
9. Click **Launch Instance**.  

Once the instance launches, note its **Public IPv4 address** from the **Instances** dashboard.



## Step 7: Connect to EC2 Instance

You can connect to the instance using **SSH** (from your workstation or CloudShell):

- **User:** `ec2-user`  
- **Public IP:** (copy from EC2 console)  
- **SSH command example:**
  ```bash
  ssh -i your-key.pem ec2-user@<Public-IP>
  ```

Once connected, test internet access using:
```bash
ping google.com
```

If successful, your public subnet and internet connectivity are working correctly!



---

## Reflection

✅ Why is this subnet considered *public*?  
→ Because it has a route to an Internet Gateway and auto-assigns public IPs.  

✅ What would make a subnet *private*?  
→ Absence of an Internet Gateway route and no public IP assignment.  

✅ Key Learning  
You have created a fully functional public subnet, attached an Internet Gateway, configured routes, and successfully launched an EC2 instance accessible from the internet.

---
