Skip to main content

NAT Instance


NAT Instance

Requirement:

Create EC2 instance in private Subnet and provide Internet access using NAT Instance

Solution:
1.       Create One VPC with CIDR Range 10.0.0.0/16

2.     Create a private Subnet with CIDR Range 10.0.1.0/24
3.     Create a public Subnet with CIDR Range 10.0.2.0/24
4.     Create One Internet Gateway and assign to VPC.
5.     Create one custom Route table and associate Public Subnet.
a.       Create a global route (0.0.0.0/0) and target to IGW
6.     Associate private subnet to default Route table
7.     Launch the Nat instance using the template from Community AMIs in public Subnet with Public IP enabled.
8.     Select the Nat Instance created à Action à Networking à Change Source/Dest. Check à  Yes, Disable button.
9.     Launch another EC2 instance in private Subnet with only Private IP.
10. Note the Instance ID of the NAT Instance and identify the Network Interface ID from Network Interface link in left hand pane.
11. Navigate to VPC à Route Tables à default Route table à Routes
12. Add the global route (0.0.0.0/0) and select Network Interface in Target dropdown. Choose the Network Interface ID noted above then click on Save routes button. 
13. Login to Nat instance and SSH to EC2 private IP and test the internet.
Note: You must copy the pem file used for EC2 instance and change the permission to 400

chmod 400 <pem file>
ssh -i <pem file> ec2-user@<private IP of EC2>
[ec2-user@ip-10-0-1-211 ~]$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=50 time=3.22 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=50 time=3.44 ms

Points to Note:
NAT Gateway & Nat Gateway is specific to AZ, however it can be shared the subnet in other AZ. Its always targeted to Public Subnet.
NAT Gateway needs one elastic IP and its chargeable.
Difference between NAT Gateway & NAT Instance


Comments

Popular posts from this blog

VPC Peering scenario

Requirement: Create 3 EC2 instances (Machine A, Machine B and Machine C)in 3 different VPCs(VPC A, VPC B, VPC C). We should be able to do SSH from Machine A to Machine B and from Machine B to Machine C. However, we should NOT be allowed to Machine B to Machine A as well as Machine C to Machine B Solution: 1.        Create two VPC with CIDR Range 10.0.1.0/24, 10.0.2.0/24 & 10.0.3.0/24 2.        Create Subnet in respective VPC with range same as VPC CIDR 3.        Create two Internet Gateway and attach to respective VPC. 4.        In default Route Table add the default Rule (0.0.0.0/0) and target to Internet Gateway. 5.        Create Peering connections (for VPC Peering) a.        Select the Source as VPC A and destination as VPC B b.        Accept the...

VPC Peering

VPC Peering VPC Peering feature is used when we need to establish connectivity between subnet in two different VPCs in the same or different account. Let’s take a scenario of creating VPC Peering between two VPC in the same account to keep it simple. NOTE: All the IP address and CIDR range depicted in the below diagram and subsequent steps is for example only. Step 1: Create a VPC A with CIDR Range 10.0.0.0/16 and keep Default in Tenancy dropdown.   Step 2: Create a VPC B with CIDR Range 172.16.0.0/16 and keep Default in Tenancy dropdown.  Step 3: Enter Name tag as SubNetA and map to VPC A in VPC dropdown. Note that VPC CIDRs of VPC A is auto-populated and status as associated. Selecting Availability zone is not mandatory. However, AWS will select one of the Availability Zone when we create a subnet. Enter 10.0.1.0/24 as IPv4 CIDR block and then click on Create button. Step 4: Create SubNet A and map to VPC B in VPC dropdown. Note th...