[22/100] #100DaysOfCloud Today, I created an EC2 instance in a private subnet to communicated with the Internet.
In this a VPC is created that has a public subnet and a private subnet. An Internet Gateway is created and attached to the VPC.
A new Route table is created and the private subnet is associated to it.
Internet Gateway is a VPC component that allows communication between your VPC and the Internet. It allows both inbound and outbound access to the internet and allows instances with public IPs to access the internet. You only need one Internet Gateway per VPC. There is no additional cost to use Internet Gateway.
At this stage, both the route tables have access to each other as they are in the same VPC and the route tables have local access to each other. The subnets cannot talk with the Internet even though the Internet Gateway is attached to the VPC. For it to happen, we need to add it to the route table.
By adding it to the route table of the public subnet, the resources in that subnet can have access to and from the Internet.
If the Internet Gateway is added to the route table of the private subnet then it wouldn't be a private subnet as it will have incoming initiations from the Internet.
Next, we create a NAT Gateway in the public subnet. Then we add it to the route table of the priate subnet. Now, the resources in the private subnet can connect to the Internet. The traffic is routed to the NAT Gateway which routes to the Internet Gateway and that to the Internet.
NAT Gateway only allows outbound access. NAT Gateway allows instances with private IPs to access internet but NAT GW itself will block all incoming initiatives from the Internet.. You need one NAT Gateway per Availability Zone (AZ). NAT Gateway incurs charges based on the creation and usage.
You can try do it by yourself by following the steps from the link below:
GitHub
Top comments (0)