Practical

Introduction

In the widget below, we’ll take the following steps:

1. Start by creating a VPC.
   • View VPC configuration.
   • View the default NACL.
   • View the main route table.
2. Create a private subnet in the VPC. When a VPC is created, its main route table only has a local route. This means any new subnets will have no access to the internet and are private.
3. Create a new internet gateway.
4. Attach the newly created internet gateway to our custom VPC. Note that this step won’t enable internet access for resources in the VPC. To allow internet access, the route table of a subnet must have a route to the internet gateway.
5. Create a new route table and add a route to the internet gateway. This means that any subnet associated with this route table is public and will now have access to the internet.
6. Create a new subnet that we want to be public. This subnet is private for now.
7. Attach our custom route table to the new subnet. The custom route table has a route to the internet gateway, so this subnet is now public.
8. Enable the auto-assign-public-ip setting for our public subnet so that new instances have a public IP and can be accessed from the internet.
9. Create a NAT gateway in the public subnet. This step doesn’t allow internet access in the private subnet automatically.
10. Create a route to the NAT gateway in the private subnet route table. This step will allow resources in the private subnet to access the internet while remaining inaccessible from it.
11. Create EC2 instances with a web page in both subnets.
12. Use the public IP (EC2 is a public subnet, so it has a public IP) to access the web page launched on this EC2 instance. EC2 in the private subnet doesn’t have a public IP. Even if we were to assign a public IP to this instance manually, it would remain inaccessible from the internet because its subnet has no route to the internet gateway.
13. SSH into the public subnet EC2 and access the web page on the private subnet EC2 instance using its private IP. Both instances are in the same network; therefore, they can access each other using private IP addresses.

Note: We use the yum install command in our EC2 user data script to install httpd. This command will only execute successfully if the EC2 instance has access to the internet. The web page successfully launches in the private subnet. Therefore, we can be sure that the private subnet has access to the internet via the NAT gateway.