NAT Gateways
- Private subnets in AWS will not be able to be accessed from internet directly, which is the primary motive.
- But vms in private subnets might require to access internet which will not be provide by AWS VPC
- If your complete VPC is private and requires internet connection, you can use egress internet gateways.
- AWS has NAT Gateway which needs a public ip address and we add a route in route table of private subnet to forward the packets to NAT Gateway.
- As demonstrated in the class the machines in private subnet have no access to internet
- Lets create a NAT Gateway in the public subnet
- Now add a new route to private route table to forward the packets to NAT Gateway
Activity1 : Use AWS CLI to create a VPC
-
Steps:
- Create VPC with cidr range of 192.168.0.0/23
- Create and attach internet gateway
- Create a public subnet of range 192.168.0.0/24
- Create a public route table and associate public subnet to public rt
- Add a route to internet gateway
- Create a private subnet of range 192.168.1.0/24
- Create a private route table and associate private subnet to public rt
- Add a route to internet gateway
- Create a security group which opens
- ICMP from anywhere
- HTTP from anywhere
- SSH from anywhere
- Configuring AWS CLI: Refer Here for image demonstration
- What we have executed so far
# Create VPC
aws ec2 create-vpc --cidr-block "192.168.0.0/23" --tag-specifications "ResourceType=vpc,Tags=[{Key=Name,Value=activity1}]"
# vpc-00e47bed2b1784ce7
# Create internet gateway
aws ec2 create-internet-gateway --tag-specifications "ResourceType=internet-gateway,Tags=[{Key=Name,Value=activity1}]"
# igw-0230a9d2bcc4d0f04
# attach internet gateway
aws ec2 attach-internet-gateway --vpc-id "vpc-00e47bed2b1784ce7" --internet-gateway-id "igw-0230a9d2bcc4d0f04"
