Network Access Translation (NAT) in AWS-enable internet access to non-routable subnets

Posted: April 30, 2017 in Amazon Web Services (AWS), Linux

In previous post we associated subnet to routing table, so VMs in that subnet can access the Internet.

In this one we’ll enable internet access to subnet which won’t be associated to Routing Table

I created 10.0.2.0/24 subnet not associated to Routing Table and 10.0.1.0/24 subnet with internet access

1.png

1.png

I created new AWS instance and assigned “private” subnet

2

3

To enable internet access we need to create NAT instance, after Launching Instance wizard,in step where we need to choose Amazon Machine Image click Community AMIs-under operation system click Amazon Linux-type NAT is search box and choose any of NAT images

4

for network choose custom VPC (created in this post) and select “routable” network (with internet access)

5.PNG

6

It’s essential to allow HTTP/HTTPS access to NAT instance

6-1

7.PNG

After instance starts-select instance-from actions select Networking,Change Source/Dest.Check

8.png

Disable Destination check (any machine in aws is source or destination)

9

Service-VPC-Route Tables-select route table-click Routes-Edit

10.PNG

Add another route

11.PNG

type 0.0.0.0/0 as destination for local select NAT instance

12.png

Because our VM on private network cannot be internet accessible, we need to access to it “indirectly”, via internet-reachable VM

After connecting to internet-facing VM,copy content of pem file,create new file on AWS instance and paste content from clipboard

13.PNG

Try connecting to VM on private network

chmod 400 1.pem ssh -i 1.pem ec2-user@10.0.2.204

 

14.PNG

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s