Now Launch Instances in newly created custom VPC and verify.
1.Launching an Instance in Custom VPC and selected to launch under “Public Subnet”.
2. As this is a first instance launching under Custom VPC,we have to create new security group and need to open required ports and protocols.
3. Now try to connect to the instance over the internet and verify the status as this is launched in Public Subnet,you can connect without any issues and you can browse the internet also in Instance.
And we have successfully connected to the Instance, That means this instance is internet- faced and we can access anywhere from the world.
4. Now Launching another Instance in“Custom VPC”and selected to launch under“Private Subnet”
5. And try to connect to the Private Subnet launched instance. When you browse for Username and password for instance connectivity,you’ll get a Private IP address and we cannot use this to connect to the Launched instance.
a.But we can connect to the same instance from the Public Subnets launched Instance.
b.Remember as this is a private subnet instance,we will not get Internet in the Private Subnet instances.
We have successfully connected to the Private Subnet instance from public Subnet instance,But We are not able to get internet connectivity in private subnet instance.TO get Internet in private Hosted instances we need to launch a NAT Instance or NAT gateway.
Launching NAT Instance:
To launch NAT instance go to EC2 Dashboard and initiate an instance launch and Select “Community AMI”and Search for“NAT”as shown in below image and choose any of the instance.
Select one of the instances from the listed instances, and choose NAT instance with t2.micro and follow the instance launch wizard same as a regular instance.
Note:The amount of traffic that NAT instances supports,depends on the instance size.If you are bottle necking,increase the instance configuration.
Note: Make sure your NAT instance security group is opened with Http and Https.
Note: NAT Instance must be launched in Custom VPC’s Public Subnet.
We need to disable Source/Destination check for NAT instance.
Each EC2 instance performs source/destination checks by default.This means that the instance must be the source or destination of any traffic it sends or receives.However,a NAT instance must be able to send and receive traffic when the source or destination is not itself.Therefore,you must disable source/destination checks on the NAT instance.
To disable source/destination check,Select the NAT Instance,Go to Actions,Networking and choose“Change Source/Destination Check”and select“Yes,Disable”.
Now we have to edit“Custom VPCs Main Route table”and need to add a route through the NAT Instance,then the private subnet instances will get the internet connectivity.
Select the Edit option and enter the Destination as 0.0.0.0/0 and select the target as NAT Instance.
Now we will get the internet for our Private subnet instances through the NAT instances. And here is the output.
More Information :https://www.fgrade.com/aws/