AWS Classroom Series – 13/Jul/2020

How do i enable internet access (one direction) to private subnets

  • To do this lets understand how our home internet connection is working
    • When we send a packet from source to destination, destination should be able to access/ping source Preview
    • Theres should be happening in ISP(Internet Service Provider) Network
    • ISP Providers will have NAT servers on public network (generally with static ip address). This NAT server when the mobile tries to acces google.com, translates the source of the packet from mobile to NAT Server public ip address and forwards to public internet. When it receives response, it translates the response packets destination from NAT server public ip to your mobile ip. Preview
  • We can adopt similar approach to recieve internet to private subnets. Amazon provides NAT in two ways
    • NAT instance: Ec2 instance with NAT image created in public subnet with static ip (Elastic ip). If this server fails its our responsibility to fix. Here you pay for ec2 machine
    • NAT Gateway: NAT as a service, you will recieve a NAT with public ip, failures of NAT will be handled by aws. NAT has its own pricing.
  • Elastic IP address are charged when you create and don’t use. when you are using Elastic IP there are no charges.
  • We would create a nat gateway in public subnet and then we configure routes in private rt to forward the traffic other than vpc range (0.0.0.0/0) to nat gateway Preview Preview Preview Preview Preview Preview Preview Preview
  • Now lets create/use ec2 instances one in public and other in private subnet Preview Preview
  • Now lets login in to machine in public subnet and check internet connectivity Preview
  • Now try to login into private subnet ec2 instance from public subnet ec2 instance Preview
  • After succesful login, now check internet connectivity. This ping should pass if you configured nat gateway and route table correctly Preview

Exercise: Create the following VPC

  • Create a vpc with any range consisting of three subnets

    • web
    • business
    • db Preview

  • Web Subnet will be the public subnet

  • Both business and db subnets will be private

  • Also complete the network diagram with

    • Subnet ranges
    • Route tables
    • internet gateways

  • Setup and configure your laptop with aws cli Watch Here

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About learningthoughtsadmin