Day 45: Configure NAT Gateway for Internet Access in a Private VPC

Lab Information

The Nautilus DevOps team is tasked with enabling internet access for an EC2 instance running in a private subnet. This instance should be able to upload a test file to a public S3 bucket once it can access the internet. To achieve this, the team must set up a NAT Gateway in a public subnet within the same VPC.

1) A VPC named nautilus-priv-vpc and a private subnet nautilus-priv-subnet have already been created.
2) An EC2 instance named nautilus-priv-ec2 is already running in the private subnet.
3) The EC2 instance is configured with a cron job that uploads a test file to a bucket nautilus-nat-22701 once internet is accessible.

Your task is to:

Create a public subnet named nautilus-pub-subnet in the same VPC.
Create an Internet Gateway and attach it to the VPC.
Create a route table nautilus-pub-rt and associate it with the public subnet.
Allocate an Elastic IP and create a NAT Gateway named nautilus-natgw.
Update the private route table to route 0.0.0.0/0 traffic via the NAT Gateway.
Once complete, verify that the EC2 instance can reach the internet by confirming the presence of the test file in the S3 bucket nautilus-nat-22701. After completing all the configuration, please wait a few minutes for the test file to appear in the bucket, as it may take 2–3 minutes.

Lab Solutions

Step 1: Create a Public Subnet

Go to VPC → Subnets → Create subnet

Configure:

VPC: nautilus-priv-vpc

Subnet name: nautilus-pub-subnet

Availability Zone: Any (same region)

IPv4 CIDR block: Example

10.1.2.0/24

Click Create subnet

Enable Auto-Assign Public IP

Select nautilus-pub-subnet

Click Edit subnet settings

Enable:

Auto-assign public IPv4 address ✔

Save changes

Step 2: Create and Attach Internet Gateway

Go to VPC → Internet Gateways

Click Create internet gateway

Name:

nautilus-igw

Click Create

Select the IGW → Actions → Attach to VPC

Choose:

nautilus-priv-vpc

Attach

Step 3: Create Public Route Table

Go to VPC → Route Tables → Create route table

Configure:

Name: nautilus-pub-rt

VPC: nautilus-priv-vpc

Click Create

Add Internet Route

Select nautilus-pub-rt

Go to Routes → Edit routes

Add route:

Destination: 0.0.0.0/0
Target: Internet Gateway (nautilus-igw)

Save changes

Associate with Public Subnet

Go to Subnet associations → Edit

Select:

nautilus-pub-subnet

Save

Step 4: Create NAT Gateway

Allocate Elastic IP

Go to EC2 → Elastic IPs

Click Allocate Elastic IP

Allocate

Create NAT Gateway

Go to VPC → NAT Gateways → Create NAT Gateway

Configure:

Name: nautilus-natgw

VPC: nautilus-priv-vpc

Elastic IP: Select allocated EIP

Click Create NAT Gateway

Wait until status becomes:

Available

Step 5: Update Private Route Table

Go to VPC → Route Tables

Select the route table associated with:

nautilus-priv-subnet

Go to Routes → Edit routes

Add route:

Destination: 0.0.0.0/0
Target: NAT Gateway (nautilus-natgw)

Save changes

Associate with Public Subnet

Go to Subnet associations → Edit

Select:

nautilus-priv-subnet

Save

Step 6: Verify Internet Access via S3 Upload
What Happens Automatically

nautilus-priv-ec2 already has a cron job

Once internet access works, it uploads a file to:

s3://nautilus-nat-22701

⏳ Wait 2–3 minutes

Verify in S3

Go to S3 → Buckets → nautilus-nat-22701

Check Objects

✅ You should see a new test file uploaded

---

Resources & Next Steps

📦 Full Code Repository: KodeKloud Learning Labs

📖 More Deep Dives: Whispering Cloud Insights - Read other technical articles

💬 Join Discussion: DEV Community - Share your thoughts and questions

💼 Let's Connect: LinkedIn - I'd love to connect with you

---

Credits

• All labs are from: KodeKloud

• I sincerely appreciate your provision of these valuable resources.

---