AWS VPC
- In one vpc we can have multiple route tables
- Route tables can be associated with subnets. If any subnet is not associated with route table then it will get associated with default route table.
- Default route table will have the value of Main as yes
- Lets create two more route tables in the vpc
- Now lets associate subnet 1, subnet 2 and subnet 3 with public route table and other subnets to private route table
- Lets make subnets 1,2 and 3 public. Public subnet is a subnet which is accesible from internet and also can connect to internet
- To make this lets make changes in the route of the public route table to have route to the internet gateway
- Now lets create an ec2 instance in the public subnet and verify if i can access from my laptop
- Now lets connect to the machine using ssh command
ssh -i <path to pem file> ec2-user@publicip
- So machines in the public subnet can be connected from/to internet
- Now lets try to create an ec2 instance in any private subnet and then try to access from our laptop.
- Just bcoz we have a public ip doesn’t mean it is connected to internet. Having a route to internet gateway matters
- We can communicate to the machine in the subnet 1 (public subnet)
- If we want to communicate with the machine in private subnet we cannot connect directly. In AWS default route table rule is to allow all the traffic with in vpc. So we can use machine in the public subnet (subnet1) to connect to machine in private subnet (subnet4) using private ip
- To connect to the machine we need pem file so lets copy the pem file to the public subnet machine
- Machines in the private subnet cannot be connected to/from internet
- In some case we might need machines in the private subnet to connect to internet but cannot be from internet.
- So how to resolve this? This leads to the concept of Network Address Translation (NAT)
Exercise: Lets create the following network
- Reference diagram
