This is a continuation to the lab ‘Creating and Using Amazon VPC – Part 1’. We will use NAT instance and NAT gateway to allow the private server to access internet in a secure way.
Steps:
-
Launch a new EC2 instance as NAT instance
-
Select an AMI with NAT configuration (e.g. one that starts with amzn-ami-vpc-nat from community AMIs).
-
Select our VPV and select our public subnet.
-
Create / Select a security group with HTTP and HTTPS. Can reuse the same security group used for the public instance and add HTTPS.
-
HTTPS is not actually required, but good to have as per Amazon recommendation.
-
-
-
Once instance is started disable Source/Destination check for the instance under Actions > Networking.
-
Go to VPC Dashboard > Route Tables and select default Route table for our VPC (not the public route table we created).
-
Click Edit
-
Provide a route out entry: Destination as 0.0.0.0/0, Target as our NAT instance.
-
Click save
-
-
SSH into private instance through the public instance (as we did in previous lab).
-
Try running: yum update -y
-
Update should be successful.
-
-
Terminate the NAT instance
-
Try installing mysql: yum install mysql –y
-
It will get stuck at download packages as there is no valid route out.
-
-
Go to VPC Dashboard and go to NAT Gateways
-
Click Create NAT Gateway
-
Provide public subnet
-
Click on Create New Elastic IP (May reuse if you already have on in pool)
-
Click Create a NAT Gateway
-
On success, it will show a message that: In order to use your NAT Gateway, ensure that you edit your route tables to include a route with a target of <nat-gateway-name>.
-
-
Go to Route Tables and select default Route table for our VPC (not the public route table we created).
-
Click Edit
-
Delete the obsolete entry for NAT instance (status should be Black Hole).
-
Provide a route out entry: Destination as 0.0.0.0/0, Target as our NAT gateway.
-
Save
-
-
Try installing mysql: yum install mysql –y
-
It should install mysql successfully.
-
- heartin's blog
- Log in or register to post comments
Recent comments