NAT-GW

What happens if the subnet default route is not pointing to IGW? The subnet is classified as a private subnet with no connectivity to the internet. However, some of situation, your VM in private subnet needs to access to the Internet. For example, download some security patch.

In this case, you can setup NAT-GW. It allows you access to the internet from the private subnet. However, it allows outgoing traffic only, so you cannot assign public IP address for a private subnet. Therefore, it is suitable for backend instances, such as the database.

Let's create NAT-GW and configure a second subnet (192.168.1.0/24) as a private subnet that routes to NAT-GW using the following steps:

  1. NAT-GW needs a Global IP address, so create Elastic IP (EIP):
$ aws ec2 allocate-address
{
   "PublicIp": "18.232.18.38",
   "AllocationId": "eipalloc-bad28bb3",
   "Domain": "vpc"
}
  1. Create NAT-GW on the public subnet (subnet-6296863f) and assign EIP (eipalloc-bad28bb3). Then, capture NatGatewayId.
Since NAT-GW needs to access the internet, it must be located on the public subnet instead of the private subnet.

Input the following command:

$ aws ec2 create-nat-gateway --subnet-id subnet-6296863f --allocation-id eipalloc-bad28bb3
{
   "NatGateway": {
       "CreateTime": "2018-04-14T18:49:36.000Z",
       "NatGatewayAddresses": [
            {
               "AllocationId": "eipalloc-bad28bb3"
            }
       ],
       "NatGatewayId": "nat-0b12be42c575bba43",
       "State": "pending",
       "SubnetId": "subnet-6296863f",
       "VpcId": "vpc-69cfbd12"
    }
}
  1. Create the route table and capture RouteTableId:
$ aws ec2 create-route-table --vpc-id vpc-69cfbd12
{
   "RouteTable": {
       "Associations": [],
       "PropagatingVgws": [],
       "RouteTableId": "rtb-70f1870c",
       "Routes": [
            {
               "DestinationCidrBlock": "192.168.0.0/16",
               "GatewayId": "local",
               "Origin": "CreateRouteTable",
               "State": "active"
            }
        ],
       "Tags": [],
       "VpcId": "vpc-69cfbd12"
    }
}
  1. Set the default route (0.0.0.0/0) of the route table (rtb-70f1870c) to NAT-GW (nat-0b12be42c575bba43):
$ aws ec2 create-route --route-table-id rtb-70f1870c --nat-gateway-id nat-0b12be42c575bba43 --destination-cidr-block 0.0.0.0/0
  1. Associate route table (rtb-70f1870c) to private subnet (subnet-ce947da9):
$ aws ec2 associate-route-table --route-table-id rtb-70f1870c --subnet-id subnet-ce947da9
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.139.86.18