This lab illustrates how an EC2 instance running in a private subnet can be configured to access the internet with the help of a service called Nat gateway.

 

Architecture Diagram

Overview

In order to achieve the goal of this lab, you will have to go through the following steps:

Step 1 - Run Lab-002

Repeat all of the steps described in lab-002, making sure that any reference to lab-002 are replaced by lab-003.

Step 2 - Create a NAT Gateway

Create a NAT gateway in the public subnet. Note that an elastic public IP must be allocated before a NAT gateway can be created.

  

Step 3 - Create a Route Table

Create a new route table with the Name tag private and with a default route to the NAT gateway created in step 2.

      

Step 4 - Associate the Route Table to the Private Subnet

Associate the newly created route table to the private subnet.

   

The goal of this lab is to demonstrate how to access an EC2 instance launched in a private subnet using a bastion host.

 

Architecture Diagram

Overview

In order to achieve the goal of this lab, you will have to go through the following steps:

Step 1 - Create VPC

Create a new VPC with the Name tag lab-002 and the IPv4 CIDR block 192.168.0.0/16.

  

Step 2 - Create an Internet Gateway

Create an Internet gateway with the Name tag lab-002 and attach it to lab-002 VPC.

    

Step 3 - Create the Public Subnet

Create a public subnet on lab-002 VPC with the Name tag public and IPv4 CIDR block 192.168.100.0/24.

  

Step 4 - Enable Auto-assign IPv4

Enable Auto-assign IPv4 in the newly created public subnet.

 

Step 5 - Create a Route Table

Create a new route table with the Name tag public and with a default route to the internet gateway created in step 2.

       

Step 6 - Associate the Route Table to the Public Subnet

Associate the newly created route table to the public subnet.

 

Step 7 - Create the Private Subnet

Create a private subnet on lab-002 VPC with the Name tag private and the IPv4 CIDR block 192.168.200.0/24.

  

Step 8 - Launch the EC2 Instances

Launch two EC2 instances using the procedure described in lab-001; make sure that each subnet has one of the instances.

Note that the EC2 instance that you will create in the public subnet (labeled as A in the diagram) is necessary so you can later connect to the EC2 instance in the private subnet (labeled as B in the diagram). EC2 A is normally called bastion host or jump host.

The goal of this lab is to launch a single EC2 instance in a public subnet accessible over the Internet via SSH. Here is a mind map of EC2.

 

Architecture Diagram

Overview

In order to achieve the goal of this lab, you will have to go through the following steps:

1. Choose the operating system by selecting the Amazon Machine Image (AMI).
2. Define the virtual hardware configuration by choosing an Instance Type.
3. Review the network settings.
4. Review the storage settings.
5. Create tags (optional).
6. Configure the Security Group rules (firewall).
7. Launch the instance (choosing or creating an EC2 key pair).

Let's begin!!! Go to AWS Console and login with your credentials. Click on Services at the top left, then choose EC2 in the Compute section.

Step 1 - Choose the AMI

In the EC2 service menu, click on Launch instance and select Launch Instance.

Select Amazon Linux 2 AMI. An AMI is a template that contains the software configuration (operating system, application server, and applications) required to launch your instance. In this first lab, we will stick to the x86 architecture.

Step 2 - Define the Instance Type

The instance type defines the CPU and memory capacity. It also specifies the storage architecture that the instance will suppport, along with network perfomance available. You can use the suggested free-tier eligible instance type, and then go on to Next: Configure Instance Details.

Step 3 - Network Settings

Make sure you select the public default subnet and that the Auto-assign Public IP setting is enabled for that subnet. You may leave all the other settings with their default values.

Go on to Next: Add Storage.

Step 4 - Storage Settings

You can accept the default settings which creates an EBS root volume.

Go on to Next: Add Tags.

Step 5 - Tags

Tags is a way to add textual metadata to AWS Resources to help you manage your cloud environment. For now, you can skip this step.

Go on to Next: Configure Security Group.

Step 6 - Security Group

The Security Group is a firewall for the instance. Create a new security group named ssh-access with a rule that allows SSH from anywhere (or choose My IP if you prefer).

Go on to Review and Launch.

Step 7 - Launch Instance

You can review all the settings until this step in the next screen.

If everything is Ok, go on to Launch. In the new windows, for the key-pair you can create a new key pair (name it lab-001). Download the key pair to your computer (the file will be named lab-001.pem).

You will be forwarded to a new screen with the launch status.

Go on to View Instances to return to the EC2 Console. There you will a list of existing instances and the new instance you just created.

Test & Validation

Once your instance is up and running, select it on the EC2 console and click on Connect.

From the new window, copy the example ssh command-line. It will have the following format:

$ ssh -i "lab-001.pem" ec2-user@ec2-100-25-181-143.compute-1.amazonaws.com

The ec2-user is the default user name in Amazon Linux AMIs. The hostname ec2-100-25-181-143.compute-1.amazonaws.com is the DNS name for your instance that AWS automatically defines. Open a terminal window and move to the folder where you saved the downloaded key file lab-001.pem. Change the permissions of the key file:

$ chmod 400 lab-001.pem

Paste and run the ssh command. You should be able to log into your instance. If you are a Windows user, you can also use Putty to connect. Follow this link for instructions.