AWS Classroom series – 01/Mar/2020

Virtual Private Networks in AWS

  • AWS Supports two kinds of VPN’s
    • Point to Site
    • Site to Site
  • AWS has two gateways
    • Gateway in AWS to connect to On-premise network
      • Virtual Private Gateway (Site-to-Site)
      • Transit Gateway (Site-to-multiSite)
    • Gateway on-premise (Generaly hardware VPN Device)
      • Customer Gateway

Static IP Address

  • Private: When you create a EC2 machine we generally get private and public ip (optional). Private IP is always static
  • Public: Public Ip to Network Interface is changed every time EC2 is stopped and started. Public ip is dynamic by default.
  • To create static public IP, AWS offers Elastic IP Address
  • Billing of Elastic IP Address
    • When your Ec2 machine is running bill is zero
    • When you stop EC2 machine then billing starts till your ec2 machine is started again
  • Elastic Ip is Allocated and associated with network interface or Released

Private Subnet Not Connecting to Internet

Preview

  • When we create a public subnet it can be connected from/to internet, Where as private subnet is not connected from/to internet.

  • But if we want to connect private machine to internet, we use NAT

  • IN AWS we have two popular ways of creating NAT

    • NAT Instance:
      • EC2 machine with Elastic IP address and NAT instance AMI in public subnet
      • Now add a rout in private rt to route all the traffic to internet to NAT instance
      • Is completely managed by users
    • NAT Gateway
      • NAT as a service
      • Just specify you need a NAT, AWS does the rest
      • Change route table
      • NAT Instance Management is done by AWS Preview

  • Now create NAT Gateway in Public subnet and change the route table of private subnet

  • Exercise:

    • Create a VPC with 2 subnets
    • Make one subnet private and other subnet public
    • create ec2 machines one in public and other in private
    • now try to connect to private ec2 machine using public ec2 mahine and then check for internet connectivity (you will not have it)
    • Now create a NAT Gateway in Public subnet
    • Add a route in private rt to forward all packets apart from vpc’s range to be forwarded to NAT Gateway
Published
Categorized as Uncategorized Tagged ,

By continuous learner

devops & cloud enthusiastic learner

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Please turn AdBlock off
Animated Social Media Icons by Acurax Responsive Web Designing Company

Discover more from Direct DevOps from Quality Thought

Subscribe now to keep reading and get access to the full archive.

Continue reading

Visit Us On FacebookVisit Us On LinkedinVisit Us On Youtube