Skip to content

AWS Networking Setup

This document describes the networking setup for the AWS environment, which allows access to the internet and other AWS services from within the VPC. At the time of writing this documentation it was common, that the VPC and subnets where created by the Platform team. The rest of the stack was created by the development team. This makes it harder to manage network related stuff in the cdk code.

We decided to create the network setup manually in the AWS console and then reference the VPC and subnets in the cdk code.

General Setup

The general setup consists of a VPC with public and private subnets. The public subnets have a route to the internet gateway and the private subnets have a route to the NAT gateway.

Create NAT Gateway

  1. Go to the VPC service in the AWS console.
  2. Click on "NAT Gateways" in the left menu.
  3. Click on "Create NAT Gateway".
  4. Select the public subnet.
  5. Click on "Create New EIP" and click on "Create NAT Gateway".
  6. Go to the route table of the private subnet and add a route to the NAT gateway using the CIDR address 0.0.0.0/0.

Create Internet Gateway

  1. Go to the VPC service in the AWS console.
  2. Click on "Internet Gateways" in the left menu.
  3. Click on "Create Internet Gateway".
  4. Enter a name and click on "Create Internet Gateway".
  5. Click on "Attach to VPC" and select the VPC.
  6. Go to the route table of the public subnet and add a route to the internet gateway using the CIDR address 0.0.0.0/0.

Conclusion

After following these steps, the VPC should be set up correctly and the subnets should have access to the internet. Applications running in the private subnets should be able to access the internet through the NAT gateway.

Last updated: March 27, 2026 at 16:28
By: Phil Pieper