AWS Networking
- Route table can be associated with subnet, if it is not associated main route table acts as route table for this subnet
- Subnet associated with a route table (explicitly or implicitly) which has route to internet gateway is public subnet and if it doest not have route to internet gateway it is considered to be private subnet.
- In the below image, web is public subnet and app,db are private subnets
- Lets create this vpc
- create a vpc with 3 subnets web, app, db
- Create a route table called as custom
- Create internet gateway and attach to vpc
- Modify route table association of web subnet to use custom route table
- Now navigate to custom route table & add route to internet gateway
- Lets create a security group which allows ping from anywhere call it as allowping
- Now create an ec2 instance in web subnet and one ec2 instance in app/db with public ip for both instances
- Experiments:
- ping ec2 instance from your system
- web (public subnet)
- app (private subnet)
- web (public subnet)
- Login into public ec2 instance by enabling ssh from other security group. ping ec2 instance in private subnet from public subnet
- ping with public ip fails (this is expected)
- ping with private ip succeds as there is route within vpc and security group allows ping.
- ping ec2 instance from your system
- Any instance which helps connecting to private instances is called as bastion.
- Instances in private subnet will not have access to internet, to provide access to internet for private subnets we need to take help from NAT Services of AWS (NAT-instance/NAT Gateway)
Exercises
- What is smallest subnet size allowed in AWS
- In aws why the formula fr number of devices in subnet is
2^n -5
