Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Save more on your purchases! discount-offer-chevron-icon
Savings automatically calculated. No voucher code required.
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
AWS Networking Cookbook

You're reading from   AWS Networking Cookbook Powerful recipes to overcome the pain points of optimizing your Virtual Private Cloud (VPC)

Arrow left icon
Product type Paperback
Published in Aug 2017
Publisher Packt
ISBN-13 9781787123243
Length 366 pages
Edition 1st Edition
Tools
Concepts
Arrow right icon
Authors (2):
Arrow left icon
Satyajit Das Satyajit Das
Author Profile Icon Satyajit Das
Satyajit Das
Jhalak Modi Jhalak Modi
Author Profile Icon Jhalak Modi
Jhalak Modi
Arrow right icon
View More author details
Toc

Table of Contents (10) Chapters Close

Preface 1. Getting Started with AWS Networking Components FREE CHAPTER 2. Building Your Own Custom VPC 3. VPC Advanced Components 4. Configuring Global Scale Infrastructure 5. Working with Infrastructure Automation 6. Working with Route 53 7. Cloud Security and Network Compliance 8. Troubleshooting and VPC Limits 9. Pricing of VPC and Related Components

Creating NAT on EC2 instance

In this recipe, you'll learn how to create a NAT instance on EC2 instances created in a public subnet. The private subnet does not have any Internet Gateway attached to it, so EC2 on private subnet cannot directly communicate with the outside world.

Getting ready

We need an AWS account and user with proper permissions for creating a NAT instance on EC2. Create an EC2 in the same way as the previous recipe. The only difference is, you don't put any Advanced Details in the Choose Network page. In the security group page, create NATSG security group and attach the same with instance with the following rules. We are allowing all traffic for simplicity. However, you should only put the required CIDR ranges.

NATSG: Rules

Inbound

Type

Protocol

Port range

Source

HTTP

TCP

80

0.0.0.0/0 and ::/0

HTTPS

TCP

443

0.0.0.0/0 and ::/0

SSL

TCP

22

0.0.0.0/0 and ::/0

Outbound

Destination

Protocol

Port range

Comments

All traffic

TCP

ALL

0.0.0.0/0 and ::/0

You can use the same key pair created before for this instance as well. In the Add tag page, put Nat Instance in value for Name and Key. We also need to create an Elastic IP for attaching it to a NAT instance. This we shall show in the recipe.

How to do it...

  1. I have created one more EC2 instance as visible in the Instances section of the EC2 console.
EC2 created for NAT
  1. Click on Elastic IPs in the left menu bar.
Elastic IP dashboard
  1. Click on Allocate new address.

Elastic IP creation page
  1. Click on Allocate.
Elastic IP creation success message
  1. Click on Close. The Elastic IP page will be visible. Choose Elastic IP and click on Actions | Associate address.

Elastic IP Action menu
  1. Choose Instance in the Resource type. Select Nat Instance from the Instance drop-down menu. Click on Associate. A success message is shown.

Elastic IP association with EC2 instance
  1. Go to the Instances menu. You can see that the public DNS and IPv4 public IP has changed. You can see Change Source/Dest. Check is true for the instance.
EC2 instance with Elastic IP
  1. Select Actions | Networking | Change Source/Dest. Check.
Changing Source/Dest Check for NAT instance
  1. You can see that Change Source/Dest. Check is now false.
NAT instance details
  1. We need to update the main Route Table attached to the VPC. Let's go back to the VPC dashboard and select our VPC.
VPC dashboard
  1. Click on the Route Tables starting with rtb.

Main Route Table
  1. Select the Route Table and navigate to the Routes tab. Click on the Edit button. Add 0.0.0.0/0 in the destination and the NAT instance ID in Target. Click Save.
Attach NAT in main Route Table

How it works...

By default, EC2 instance can either be a source or destination for network traffic request or response. However, NAT instances need to forward requests to the internet that were originated from a private subnet and return the response back to them. That's why we need to disable the source destination check for NAT instance.

There's more...

NAT instance does not support IPv6. To support NAT for IPv6 we need to create an Egress-Only Internet Gateway from the VPC console and attach it to main Route Table.

You have been reading a chapter from
AWS Networking Cookbook
Published in: Aug 2017
Publisher: Packt
ISBN-13: 9781787123243
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image