Step by step Guide to create VPC, subnet mask and creating EC2 instances to public and private subnet.
and connecting private instances to internet.
What is VPC
- VPC is a logical boundary to allow communication witin the subnet.
- You can call VPC as your company building.
- Subnet is kind of datacenter with server, network connectivity.
- Public Subnet can access to internet since it is mapped with public IP
- Private subnet is not mapped with public IP so can't directly communicate outside subnet.
A. Create VPC # note: mask bit can not be less than 16.
1. Go to AWS Dashboard
2. Search for VPC -> Your VPC
3. Create VPC
Name: DC-VPC IPv4: 192.169.0.0/16
4. Click on create
B. Create Public Subnet
5. Click on Subnets from VPC Dashboard
Name: DC-PUB-Subnet VPC: DC-VPC
VPC CIDR: 192.168.0.0/16 - Associated
IPv4 CIDR: 192.168.10.0/24
6. Click on Yes Create
C. Create Private Subnet
7. Now, you on VPC Dashboard under subnets
8. Click on create subnet
Name: DC-PVT-Subnet VPC: DC-VPC
VPC CIDR: 192.168.0.0/16
IPv4 CIDR Block: 192.168.20.0/24
9. Click on Yes Create
D. Create Internet Gateway
10. Now, click on Internet Gateways
11. Click on create internet Gateway
Name Tag: DC-IGW
12. Click on Yes Create
13. Click on DC-IGW and click on Attach to VPC
14. Select DC-VPC and click on Yes Attach
E. Create Public Route table
- Here you will associate public subnet with public route
- And
15. Click on Route Tables
16. Click on Create Route Table
Name: DC-Pub-route VPC: DC-VPC
17, Click on Yes create.
18. Click on Route Tables you just created
19. Click on Subnet Associations and click on Edit
20. Select the DC-Public-Subnet and click on SAVE.
21. Click on Routes and click on Add another route
Destination: 0.0.0.0/0 Target: DC-IGW
22. Click on Save
23. Again click on Create route table
Name: DC-Pvt-route VPC: DC-VPC
24. Click on Yes Create
25. Select the private route you just created and click on Subnet Associations Tab
26. Click on Edit and select DC-Pvt-Subnet
27. Click on Save.
27. Click on Router
F. Create AWS instances on private and public subnet
28. Launch EC2 instances on pub subnet (internet access) and private subnet.
- To login to private subnet machine, first login to pub machine and from there login to private
G. How to allow internet access to private subnet
29. Create a NAT Gateway in public subnet
30. Go to private route table and add NAT-GW rule to allow private machines to have internet.
===========================================
How to connect to private VM in AWS ?
1. Create VM on Private and Public Subnet.
2. Login to public VM and create a directory with full permission.
3. Copy the keys there.
$ ssh -i "mykey.pem" ec2-user@pub-IP_of-inst
# mkdir /mykeys; chmod 777 /mykeys
# exit
4. Copy private key to public VM
$ scp -i mykey.pem <my-keyfile> ec2-user@pub-inst-IP:/mykeys
$ scp -i mykey.pem mykey.pem ec2-user@55.230.15.34:/mykeys
5. Now, login to your public VM again. Go to /mykeys.
6. Now, initiate a ssh connection to private VM.
$ cd /zkeys
$ ssh -i <key*.pem> ec2-user@<PVT_IP>
Create Nat Instance
launch in public subnet
No comments:
Post a Comment