Skip to main content

NAT Gateway


NAT Gateway

Create a VPC with two subnets and allow public access to EC2 instances only on one subnet. Then enable the internet to EC2 instances in Private Subnet.



Requirement:

Create EC2 instance in private Subnet and provide Internet access using NAT Gateway.

Solution:

1.       Create One VPC with CIDR Range 10.0.0.0/16
2.       Create a private Subnet with CIDR Range 10.0.1.0/24
3.       Create a public Subnet with CIDR Range 10.0.2.0/24
4.       Create One Internet Gateway and assign to VPC.
5.       Create one custom Route table and associate Public Subnet.
a.       Create a global route (0.0.0.0/0) and target to IGW
6.       Associate private subnet to default Route table
7.       Launch one EC2 instance (VM1) in public Subnet with Public IP enabled.
8.       Launch another EC2 instance (VM2) in private Subnet with only Private IP.
9.       Navigate to VPC à Nat Gateways
10.   Click on Create NAT Gateway button
11.   In Subnet dropdown select Public Subnet
12.   Click on Create New IP button for allocating Elastic IP Allocation ID the click on Create a NAT Gateway button.
13.       Navigate to Route tables à Default Route table à Routes à Edit Routes
14.       Add Global routes (0.0.0.0/0) and select Nat Gateway from the Target drop-down and select the NAT Gateway ID then click on Save routes button.
15.       Login to VM1 instance with Public IP and SSH to VM2 using private IP and test the internet.
Note: You must copy the pem file used for VM2 instance and change the permission to 400

chmod 400 <pem file>
ssh -i <pem file> ec2-user@<private IP of EC2>

[ec2-user@ip-10-0-1-211 ~]$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=50 time=3.22 ms
Labels:

Comments

Post a Comment

Popular posts from this blog

NAT Instance

NAT Instance Requirement: Create EC2 instance in private Subnet and provide Internet access using NAT Instance Solution: 1.        Create One VPC with CIDR Range 10.0.0.0/16 2.       Create a private Subnet with CIDR Range 10.0.1.0/24 3.       Create a public Subnet with CIDR Range 10.0.2.0/24 4.       Create One Internet Gateway and assign to VPC. 5.       Create one custom Route table and associate Public Subnet. a.        Create a global route (0.0.0.0/0) and target to IGW 6.       Associate private subnet to default Route table 7.       Launch the Nat instance using the template from Community AMIs in public Subnet with Public IP enabled. 8.       Select the Nat Instance created à Action à Networking à Change Source/Dest. Check à   Yes, Disable button. 9.       Launch another EC2 instance in private Subnet with only Private IP. 10.   Note the Instance ID of the NAT Instance and identify the Network Interface ID from Network Interfac
Post a Comment
Read more

VPC Peering scenario

Requirement: Create 3 EC2 instances (Machine A, Machine B and Machine C)in 3 different VPCs(VPC A, VPC B, VPC C). We should be able to do SSH from Machine A to Machine B and from Machine B to Machine C. However, we should NOT be allowed to Machine B to Machine A as well as Machine C to Machine B Solution: 1.        Create two VPC with CIDR Range 10.0.1.0/24, 10.0.2.0/24 & 10.0.3.0/24 2.        Create Subnet in respective VPC with range same as VPC CIDR 3.        Create two Internet Gateway and attach to respective VPC. 4.        In default Route Table add the default Rule (0.0.0.0/0) and target to Internet Gateway. 5.        Create Peering connections (for VPC Peering) a.        Select the Source as VPC A and destination as VPC B b.        Accept the Peering request c.        Select the Source as VPC B and destination as VPC C d.        Accept the Peering request 6.        Edit Route table A and add the route to VPC B CIDR Range and target to VPC Pe
Post a Comment
Read more

Install Active directory and federate with AWS account

Active Directory and Federated user creation Requirement: Create users in Active Directory and provide selective access to AWS services. Solution: Create EC2 Windows machine (OS version 2008/2012/2016) Configure AD in windows machine Configure DNS Server Configure PTR record in DNS Create test users in AD Reset the Administrator user password in AD Create Directory service in IAM Create role and policy in Directory Service and establish trust. Create AWS Domain/console URL to access from federated user Enable management console access to Domain URL.  Add users in Directory service Test the access for federated users Detailed steps: Create AD and create users in AD. Should be able to login to AWS Console with selective access. 1.        Launch a Windows 2012 R2 instance in custom VPC and subnet. a.        Create the VPC with CIDR range 10.0.0.0/16 b.        Create two public subnet with CIDR range 10.0.1.0/24 and 10.0.2.0/24 c.      
Post a Comment
Read more