NAT Gateways

• Private subnets in AWS will not be able to be accessed from internet directly, which is the primary motive.
• But vms in private subnets might require to access internet which will not be provide by AWS VPC
• If your complete VPC is private and requires internet connection, you can use egress internet gateways.
• AWS has NAT Gateway which needs a public ip address and we add a route in route table of private subnet to forward the packets to NAT Gateway.
• As demonstrated in the class the machines in private subnet have no access to internet
• Lets create a NAT Gateway in the public subnet
  
  
  
  
• Now add a new route to private route table to forward the packets to NAT Gateway
  
  

Activity1 : Use AWS CLI to create a VPC

• Steps:
  • Create VPC with cidr range of 192.168.0.0/23
  • Create and attach internet gateway
  • Create a public subnet of range 192.168.0.0/24
    • Create a public route table and associate public subnet to public rt
    • Add a route to internet gateway
  • Create a private subnet of range 192.168.1.0/24
    • Create a private route table and associate private subnet to public rt
    • Add a route to internet gateway
  • Create a security group which opens
    • ICMP from anywhere
    • HTTP from anywhere
    • SSH from anywhere
• Configuring AWS CLI: Refer Here for image demonstration
• What we have executed so far

# Create VPC
aws ec2 create-vpc --cidr-block "192.168.0.0/23" --tag-specifications "ResourceType=vpc,Tags=[{Key=Name,Value=activity1}]"
# vpc-00e47bed2b1784ce7


# Create internet gateway
aws ec2 create-internet-gateway --tag-specifications "ResourceType=internet-gateway,Tags=[{Key=Name,Value=activity1}]"
# igw-0230a9d2bcc4d0f04

# attach internet gateway
aws ec2 attach-internet-gateway --vpc-id "vpc-00e47bed2b1784ce7" --internet-gateway-id "igw-0230a9d2bcc4d0f04"