AWS Classroom series – 01/Mar/2020 - Direct DevOps from Quality Thought

Virtual Private Networks in AWS

Private: When you create a EC2 machine we generally get private and public ip (optional). Private IP is always static
Public: Public Ip to Network Interface is changed every time EC2 is stopped and started. Public ip is dynamic by default.
To create static public IP, AWS offers Elastic IP Address
Billing of Elastic IP Address
- When your Ec2 machine is running bill is zero
- When you stop EC2 machine then billing starts till your ec2 machine is started again
Elastic Ip is Allocated and associated with network interface or Released

Preview

When we create a public subnet it can be connected from/to internet, Where as private subnet is not connected from/to internet.
But if we want to connect private machine to internet, we use NAT
IN AWS we have two popular ways of creating NAT
- NAT Instance:
  - EC2 machine with Elastic IP address and NAT instance AMI in public subnet
  - Now add a rout in private rt to route all the traffic to internet to NAT instance
  - Is completely managed by users
- NAT Gateway
  - NAT as a service
  - Just specify you need a NAT, AWS does the rest
  - Change route table
  - NAT Instance Management is done by AWS
Now create NAT Gateway in Public subnet and change the route table of private subnet
Exercise:
- Create a VPC with 2 subnets
- Make one subnet private and other subnet public
- create ec2 machines one in public and other in private
- now try to connect to private ec2 machine using public ec2 mahine and then check for internet connectivity (you will not have it)
- Now create a NAT Gateway in Public subnet
- Add a route in private rt to forward all packets apart from vpc’s range to be forwarded to NAT Gateway