AWS Classroom Series – 07/Nov/2020

Aws NAT Instance & NAT Gateway

  • Lets create a vpc with 4 subnets
    • web and mgmt public
    • app & db private
  • Create one ec2 instance in public subnet (web) and check the whether you are able to access internet
    • From ec2 instance in web subnet we are able to ping internet Preview
  • Create one ec2 instance in private subnet (app) and check the whether you are able to access internet (use web ec2 instance as bastion host)
    • ec2 instance in private subnet is unable to connect to internet Preview
  • In many cases we would not want machines in private subnet connected from internet but we would want these machine to connect to internet.
  • How can i enable internet to machines in private subnet without making them public?
  • To understand this lets understand our home internet connection. Preview
  • So in AWS, if we can create NAT Server as mentioned in the above image, machines in private subnet can connect to internet. AWS gives us two options
    • NAT-instance:
      • Create an ec2 instance with NAT software in it
      • Assign static public ip address (Elastic IP Address)
      • Change the Route table rules of private router to forward 0.0.0.0/0 to NAT-instance
      • Disadvantages:
        • Since we are creating ec2 instance, os maintenance should be managed by us
        • If this server fails troubleshooting or recreating is our responsibility
    • NAT-gateway
      • NAT as a service
      • AWS will create and manage NAT.
      • We just need to manage routes in our private router.
  • Now lets create a NAT gateway in our public subnet and modify the private route table routes Preview Preview Preview Preview Preview Preview
  • Now lets verify if the machine in private subnet is able to connect to internet or not Preview Preview
  • Note: Nat Gateway is chargable, so delete nat-gateway and release elastic ip address

Multi-Network Scenarios

  • Scenario 1: Both Networks in AWS
    • Lets assume we have a web server in a vpc and app server in a different vpc
    • For the application to work web server should communicate with app server.
    • We don’t public connectivity b/w app and web server. How can we establish private connectivity b/w two servers in two different vpc’s Preview
    • Solution: VPC Peering Connection
  • Scenario 2: One Network on premise and VPC
    • Your application has a database which is on-premise
    • Webserver is running in AWS VPC, How can i establish a private connectivity b/w webserver and app server Preview
    • Solution: AWS VPN Connections (Point to site and Site to Site)/Direct Connect

What is a Virtual Private Network (VPN)?

Preview

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About learningthoughtsadmin