VPC (Contd..)
Public Networking & Routing
- As of now our network looks as shown below
- This network is private, Now we want to connect machines/instances in web subnet from internet
- In AWS if we want our subnets to be public we need to create an internet gateway.
- Atttach internet gateway to your vpc
- In AWS when we create a vpc a default route table is created. AWS VPC by default enables all intranet (With in vpc) communications.
- Our problem statement is web subnet should be able to communicate with/from internet
- We already have internet gateway which can enable internet communications, so we need web subnet to forward packets to internet gateway
- We create a route-table and we associate route table with web subnet. In the route table we will be adding a route which is if the destiation address is any ip other than vpc cidr forward to internet gateway
- Create a route table, add a route to internet gateway and associate with web subnet
- Exercise: Associate management subnet to public route table
- Lets test what we have created. Lets create 3 ec2 instances
- one in web subnet
- one in app subnet
- one in mgmt subnet
- B4 that lets try to understand concept of Elastic network interface
- In AWS we can create vms (ec2 instances) in subnet, the connection b/we ec2 instance and subnet is create by elastic network interface(ENI). This ENI will recieve a private ip address and you can attach public ip if you want.
- Ec2 instance in web subnet and security group will have everything opened
- Now lets try to login into the ec2 instance using public.
- Now lets look at elastic network interface
- So lets do the same thing for ec2 instance in mgmt subnet
- Now lets login into ec2 instance
- Lets create a ec2 instance in app subnet
- Now lets try to login into this instance
- So app,db subnets are private bcoz they dont have route to igw. web and mgmt subnet are public bcoz they have route to igw.
- If we want to connect to machines in private subnet.
- First connect to machine in public subnet
- From this machine access machines in private subnet using private ip.