Scribd
Upload
70 views4 pages

Creating and Validating Connectivity For Amazon EC2 Instances in A Public and Private Subnet

This document outlines steps to create EC2 instances in public and private subnets within a VPC and validate connectivity. It reviews the VPC configuration including subnets, route tables and network ACLs. It then provides instructions to: 1) Create an EC2 instance in the public subnet and security group and validate SSH connectivity 2) Create an EC2 instance in the private subnet and security group but identify that it is not accessible publicly due to being launched in the private subnet 3) Overall the document sets up different scenarios to demonstrate the differences between public and private subnets.

Uploaded by

Quốc Dũng
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
70 views4 pages

Creating and Validating Connectivity For Amazon EC2 Instances in A Public and Private Subnet

This document outlines steps to create EC2 instances in public and private subnets within a VPC and validate connectivity. It reviews the VPC configuration including subnets, route tables and network ACLs. It then provides instructions to: 1) Create an EC2 instance in the public subnet and security group and validate SSH connectivity 2) Create an EC2 instance in the private subnet and security group but identify that it is not accessible publicly due to being launched in the private subnet 3) Overall the document sets up different scenarios to demonstrate the differences between public and private subnets.

Uploaded by

Quốc Dũng
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

Creating and Validating

Connectivity for Amazon EC2


Instances in a Public and Private
Subnet
Introduction
In this hands-on lab, we will meet a few different objectives:

 Review the VPC configuration and understand the components required to provision EC2
instances.
 Review the VPC configuration to identify what makes an instance public vs. private.
 Create an Amazon EC2 instance and a security group in the public subnet, and validate
connectivity using SSH.
 Create an Amazon EC2 instance and a security group in the private subnet, and identify what
makes the instance and the subnet private.

Solution
Log in to the live AWS environment using the credentials provided.
Make sure you're in the N. Virginia (us-east-1) region throughout the
lab.
We will also work in the command line. On a Mac, you may use
Terminal. If you are using a Windows computer and need assistance
with how to connect, you will need to follow different instructions to
log in to the EC2 instance via SSH. Please watch this lesson on how
to connect to a Linux EC2 instance for instructions on how to set up
and use PuTTY.
Review VPC Configuration

1. Once you're logged in to the AWS console, navigate to VPC.


2. Click Subnets in the left-hand menu.
3. Note the IP address associated with the private subnet and the public subnet.
4. Click Route Tables in the left-hand menu.
 There should be three route tables listed: one default (which we will leave alone for
the entirety of the lab) and two others.
 For the two non-default route tables, we need to identify and rename them as private
and public.
5. Select the first route table listed (not the default route table, which will not have a subnet
associated with it), click the Routes tab lower on the page, and then:
 If its target is listed as local, rename the route table "PrivateRT".
 If one of its targets is listed as an internet gateway, then rename the route table
"PublicRT".
6. Select the other non-default route table, click the Routes tab, and then:
 If its target is listed as local, rename the route table "PrivateRT".
 If one of its targets is listed as an internet gateway, then rename the route table
"PublicRT".
7. Click Network ACLs in the left-hand menu.
 Similar to renaming the route tables, we also need to identify and rename the non-
default NACLs as private and public.
8. Select the first NACL listed (not the default NACL), click the Inbound Rules tab lower on the
page, and then:
 If the source listed is 0.0.0.0/0, rename the NACL "PublicNACL".
 If the source listed is a specific IP address associated with one of our subnets,
rename the NACL "PrivateNACL".
9. Select the other non-default NACL, click the Inbound Rules tab, and then:
 If the source listed is 0.0.0.0/0, rename the NACL "PublicNACL".
 If the source listed is a specific IP address associated with one of our subnets,
rename the NACL "PrivateNACL".

Create an Amazon EC2 Instance in the Public Subnet

1. Navigate to EC2, and click Launch Instance.


2. On the AMI page, select the Amazon Linux 2 AMI.
3. Leave t2.micro selected, and click Next: Configure Instance Details.
4. On the Configure Instance Details page:
 Network: Leave default
 Subnet: Public
 Auto-assign Public IP: Enable
5. Click Next: Add Storage, and then click Next: Add Tags.
6. On the Add Tags page, add the following tag:
 Key: Name
 Value: PublicInstance
7. Click Next: Configure Security Group.
8. Click to Create a new security group, and set the following values:
 Security group name: PublicSG
 Description: PublicSG
9. Click Review and Launch, and then Launch.
10. In the key pair dialog, select Create a new key pair.
11. Give it a Key pair name of "pubinstssh".
12. Click Download Key Pair, and then Launch Instances.
13. Click View Instances, and give it a few minutes to enter the running state.
14. Once it's running, select it and click Connect.
15. Copy the chmod command listed.
Verify Connectivity to Public Instance Using SSH

1. Open a terminal session, and change to your downloads directory.


2. Run the chmod command to change the permissions on our .pem file.
3. In the AWS console, copy the ssh command.
4. Run the ssh command to log in to the instance.

Create an Amazon EC2 Instance in the Private Subnet

1. In the AWS console, on the instances dashboard, click Launch Instance.


2. On the AMI page, select the Amazon Linux 2 AMI.
3. Leave t2.micro selected, and click Next: Configure Instance Details.
4. On the Configure Instance Details page:
 Network: Leave default
 Subnet: Private
 Auto-assign Public IP: Disable
5. Click Next: Add Storage, and then click Next: Add Tags.
6. On the Add Tags page, add the following tag:
 Key: Name
 Value: PrivateInstance
7. Click Next: Configure Security Group.
8. Click to Create a new security group, and set the following values:
 Security group name: PrivateSG
 Description: PrivateSG
9. Click Review and Launch, and then Launch.
10. In the key pair dialog, select Choose an existing key pair.
11. Select our pubinstssh key pair.
12. Click Launch Instances.
13. Click View Instances, and give it a few minutes to enter the running state.

Conclusion
Congratulations on completing this hands-on lab!

You might also like