Creating a Custom VPC with Multi-AZ Subnets with AWS CDK
Introduction
In this article we will go over how to create a Multi-AZ VPC with AWS CDK. This setup can be beneficial to construct a setup where your AWS workload can reside within a proper networking design that meets your particular needs.
We will be using AWS CDK in Java to create this project but similar steps can be done in the language of your choice as well. The CDK code presented can be leveraged for other languages as the steps should be very similar.
Basic Networking Overview
Let us start with the AWS VPC (Virtual Private Cloud). The VPC is how you can define a logically isolated virtual network which closely resembles a traditional network that you’d operate in your own data center.
The Default VPC exists within each AWS Region when you get started. It comes with a public subnet in each Availability Zone, an internet gateway, and settings to enable DNS resolution. This Default VPC allows you to get started quickly in AWS.
However you might require a nondefault or Custom VPC which can help you provide a custom VPC with a configuration more suiting of your specific needs.
Your VPC will require you to declare an CIDR block which is a range of IP address ranges for your VPC. The larger the CIDR Block range, the larger the amount of instances or resources that you can place in the VPC. A useful tool for determining your VPC CIDR block size can be found at https://cidr.xyz/ .
An availability zone is one or more discrete data centers within an AWS Region with redundant power, networking, and connectivity.
Subnet Types are a range of IP addresses in your VPC where you can separate different resources and reside in only one Availability Zone
- Public subnet — has a direct route to an internet gateway
- Private subnet (With Egress)— does not have a direct route to an internet gateway. Can access public internet with a NAT Device (PRIVATE_WITH_EGRESS)
- Isolated subnet — no routes to destinations outside its VPC. Ideal for services such as RDS.
Architecture Diagram
We will be creating the following VPC which consists of a VPC across 3 availability zones with a public subnet and a private subnet(isolated) in each of the Availability zones.
This is a straight forward VPC structure that will allow resources to access to the internet gateway and be accessed by the internet in a public subnet. Additional resources can be further secured in private subnets which are not accessible from the internet. This is a common approach for processing (Lambdas) to occur in the public subnet and protect key resources such as databases in the private subnets.
We will now present the process for creating this VPC with CDK in Java.
Building the CDK Project
- Validate the Prerequisites (See the Appendix)
2. Create the CDK Project
cd c:\projects
mkdir javacdk-vpc
cd javacdk-vpc
cdk init app --language java2. Open the project up in Eclipse
File -> Open Projects from File System
Your CDK Project should have the following structure based on the code found at https://github.com/collin-smith/javacdk-vpc . The key class to update is JavacdkVpcStack.java which can be found in the repo just listed.
cd c:\projects\javacdk-vpc
cdk bootstrap
cdk synth
cdk deployAfter deploying the CDK app with “cdk deploy” you will see something like the following:
If you look above you can see that the availability zones, public subnets and isolated private subnets will be displayed. Additionally, you can also verify that these have been deployed in the
Validating the VPC Created in the AWS Console
You can than go to the VPC dashboard in the AWS Console to confirm that the Custom VPC was created.
Now in the console you can see that the VPC was created and which Availability Zones this VPC spans. There are 2 different subnets (Public and private) for each availability zone. You can also see that route tables (rtb) were created to connect the subnets.
Once you have finished with your VPC please execute a “cdk destroy” to remove the resources.
cdk destroyConclusion
In this article, you have seen how you can create a Custom VPC with CDK. This was done using Java but the same principle can be done for any of the languages supported by CDK. With a Custom VPC you can create the right networking to help support the AWS workload that you want to create rather than rely on the default VPC.
Now if you want to read on to other related to the concept of Java 21 Spring Boot with database implementations, please consider the following articles as well:
- Creating a Java 21 Spring Boot 3 application on AWS Lambda
- Creating a Custom VPC with Multi-AZ Subnets with AWS CDK
- Creating a Public Postgres RDS Instance with Secrets Manager in CDK
- Creating a Spring Boot Java 21 application with a Public Postgres RDS
- Creating a Public MySQL RDS instance with Secrets Manager and CDK
- Creating a Spring Boot Java 21 application with a Public MySQL RDS
- Creating a Private Postgres RDS instance with a Bastion Host using CDK & SSM
- Creating a Spring Boot Java 21 application with a Private Postgres RDS
- Creating a Private MySQL instance with a Bastion Host using CDK & SSM
- Creating a Spring Boot Java 21 application with a Private MySQL RDS
Appendix
Prerequisites
Access to an AWS Account
Java 21 — The latest Java version to date can be downloaded from here
Confirm that you have the right version in your command line
Eclipse IDE (or your other favorite Java IDE)
During installation from here, select “Eclipse IDE for Enterprise Java and Web Developers”
Note: If you have any issues with Eclipse supporting Java 21 you might need to install the following Marketplace Solution
AWS CLI(AWS Command Line Interface)
Install AWS CLI(AWS Command Line Interface) so that you can manage your AWS Service from your console.
https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html
Maven
A tool to help simplify the build processes in the Jakarta Turbine project. Install from here.
GIT
Git will allow you to do source control management. Install from here.
