AWS Classroom Series – 31/Oct/2020

VPC (Contd..)

Public Networking & Routing

  • As of now our network looks as shown below Preview
  • This network is private, Now we want to connect machines/instances in web subnet from internet
  • In AWS if we want our subnets to be public we need to create an internet gateway. Preview Preview
  • Atttach internet gateway to your vpc Preview Preview
  • In AWS when we create a vpc a default route table is created. AWS VPC by default enables all intranet (With in vpc) communications. Preview
  • Our problem statement is web subnet should be able to communicate with/from internet
    • We already have internet gateway which can enable internet communications, so we need web subnet to forward packets to internet gateway
    • We create a route-table and we associate route table with web subnet. In the route table we will be adding a route which is if the destiation address is any ip other than vpc cidr forward to internet gateway Preview
  • Create a route table, add a route to internet gateway and associate with web subnet Preview Preview Preview Preview Preview Preview Preview Preview Preview
  • Exercise: Associate management subnet to public route table Preview
  • Lets test what we have created. Lets create 3 ec2 instances
    • one in web subnet
    • one in app subnet
    • one in mgmt subnet
  • B4 that lets try to understand concept of Elastic network interface
  • In AWS we can create vms (ec2 instances) in subnet, the connection b/we ec2 instance and subnet is create by elastic network interface(ENI). This ENI will recieve a private ip address and you can attach public ip if you want.
  • Ec2 instance in web subnet and security group will have everything opened Preview Preview Preview
  • Now lets try to login into the ec2 instance using public. Preview
  • Now lets look at elastic network interface Preview
  • So lets do the same thing for ec2 instance in mgmt subnet Preview Preview Preview
  • Now lets login into ec2 instance Preview
  • Lets create a ec2 instance in app subnet Preview Preview
  • Now lets try to login into this instance Preview
  • So app,db subnets are private bcoz they dont have route to igw. web and mgmt subnet are public bcoz they have route to igw.
  • If we want to connect to machines in private subnet.
    • First connect to machine in public subnet
    • From this machine access machines in private subnet using private ip. Preview

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About learningthoughtsadmin