AWS Classroom Series – 07/Nov/2020

Aws NAT Instance & NAT Gateway

  • Lets create a vpc with 4 subnets
    • web and mgmt public
    • app & db private
  • Create one ec2 instance in public subnet (web) and check the whether you are able to access internet
    • From ec2 instance in web subnet we are able to ping internet Preview
  • Create one ec2 instance in private subnet (app) and check the whether you are able to access internet (use web ec2 instance as bastion host)
    • ec2 instance in private subnet is unable to connect to internet Preview
  • In many cases we would not want machines in private subnet connected from internet but we would want these machine to connect to internet.
  • How can i enable internet to machines in private subnet without making them public?
  • To understand this lets understand our home internet connection. Preview
  • So in AWS, if we can create NAT Server as mentioned in the above image, machines in private subnet can connect to internet. AWS gives us two options
    • NAT-instance:
      • Create an ec2 instance with NAT software in it
      • Assign static public ip address (Elastic IP Address)
      • Change the Route table rules of private router to forward 0.0.0.0/0 to NAT-instance
      • Disadvantages:
        • Since we are creating ec2 instance, os maintenance should be managed by us
        • If this server fails troubleshooting or recreating is our responsibility
    • NAT-gateway
      • NAT as a service
      • AWS will create and manage NAT.
      • We just need to manage routes in our private router.
  • Now lets create a NAT gateway in our public subnet and modify the private route table routes Preview Preview Preview Preview Preview Preview
  • Now lets verify if the machine in private subnet is able to connect to internet or not Preview Preview
  • Note: Nat Gateway is chargable, so delete nat-gateway and release elastic ip address

Multi-Network Scenarios

  • Scenario 1: Both Networks in AWS
    • Lets assume we have a web server in a vpc and app server in a different vpc
    • For the application to work web server should communicate with app server.
    • We don’t public connectivity b/w app and web server. How can we establish private connectivity b/w two servers in two different vpc’s Preview
    • Solution: VPC Peering Connection
  • Scenario 2: One Network on premise and VPC
    • Your application has a database which is on-premise
    • Webserver is running in AWS VPC, How can i establish a private connectivity b/w webserver and app server Preview
    • Solution: AWS VPN Connections (Point to site and Site to Site)/Direct Connect

What is a Virtual Private Network (VPN)?

Preview

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Please turn AdBlock off
Social Network Widget by Acurax Small Business Website Designers

Discover more from Direct DevOps from Quality Thought

Subscribe now to keep reading and get access to the full archive.

Continue reading

Visit Us On FacebookVisit Us On LinkedinVisit Us On Youtube