AWS Classroom Series – 31/Oct/2020

VPC (Contd..)

Public Networking & Routing

  • As of now our network looks as shown below
  • This network is private, Now we want to connect machines/instances in web subnet from internet
  • In AWS if we want our subnets to be public we need to create an internet gateway.
  • Atttach internet gateway to your vpc
  • In AWS when we create a vpc a default route table is created. AWS VPC by default enables all intranet (With in vpc) communications.
  • Our problem statement is web subnet should be able to communicate with/from internet
    • We already have internet gateway which can enable internet communications, so we need web subnet to forward packets to internet gateway
    • We create a route-table and we associate route table with web subnet. In the route table we will be adding a route which is if the destiation address is any ip other than vpc cidr forward to internet gateway
  • Create a route table, add a route to internet gateway and associate with web subnet
  • Exercise: Associate management subnet to public route table
  • Lets test what we have created. Lets create 3 ec2 instances
    • one in web subnet
    • one in app subnet
    • one in mgmt subnet
  • B4 that lets try to understand concept of Elastic network interface
  • In AWS we can create vms (ec2 instances) in subnet, the connection b/we ec2 instance and subnet is create by elastic network interface(ENI). This ENI will recieve a private ip address and you can attach public ip if you want.
  • Ec2 instance in web subnet and security group will have everything opened
  • Now lets try to login into the ec2 instance using public.
  • Now lets look at elastic network interface
  • So lets do the same thing for ec2 instance in mgmt subnet
  • Now lets login into ec2 instance
  • Lets create a ec2 instance in app subnet
  • Now lets try to login into this instance
  • So app,db subnets are private bcoz they dont have route to igw. web and mgmt subnet are public bcoz they have route to igw.
  • If we want to connect to machines in private subnet.
    • First connect to machine in public subnet
    • From this machine access machines in private subnet using private ip.

Leave a ReplyCancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Please turn AdBlock off
Animated Social Media Icons by Acurax Responsive Web Designing Company

Discover more from Direct DevOps from Quality Thought

Subscribe now to keep reading and get access to the full archive.

Continue reading

Exit mobile version
%%footer%%