đ¤What is NAT , BASTION HOST OR JUMP SERVER and How to Create VPC with private and public subnet and NAT gateway in AWS
đ¤What is NAT ?
NAT Gateway (Network Address Translation Gateway) is a managed service provided by Amazon Web Services (AWS) that enables instances in a private subnet of a Virtual Private Cloud (VPC) to initiate outbound traffic to the internet. NAT Gateway must reside in private subnet for access a internet
đ¤What is Bastion host or jump server ?
A Bastion host (or jump server) is a server that acts as an intermediary between an internal network and external networks, typically used to securely access and manage devices or servers within a private network.
Use Case:
Imagine a company has a private network of servers hosting databases, web applications, or internal services that shouldn't be directly accessible from the internet. To securely manage these resources, the company might deploy a Bastion host in a DMZ (Demilitarized Zone), where external users connect to the Bastion host first. Once authenticated, users can access the internal network through the Bastion host.
This setup provides an extra layer of security by ensuring that sensitive internal servers are not exposed to the outside world directly, and that access is tightly controlled and monitored.
Create VPC with name âDemo-VPCâ and CIDR is 10.0.0.0/18
Click on Create vpc and vpc will create.
VPC created
2. Now create public and private subnet with created vpc.
Selecting the created VPC
Public Subnet
Private subnet
Subnetâs have been created.
3 . What is CIDR?
CIDR block (Classless Inter-Domain Routing) refers to an address range notation used for specifying the IP address range assigned to a VPC. e.g. 10.0.0.0/18
For Internet access of vpc, you have to create Internet gateway. Go to vPC dashboard and create Internet Gateway.
Click on Create internet gateway
Click on Attach internet gateway
Click on Action and select Attach to VPC. Internet Gateway will get attach.
NAT Gateway (Network Address Translation Gateway) is a managed service provided by Amazon Web Services (AWS) that enables instances in a private subnet of a Virtual Private Cloud (VPC) to initiate outbound traffic to the internet. NAT Gateway must reside in private subnet for access a internet.
4. Create NAT Gateway.
Click on Allocate Elastic IP, You will get Elastic IP automatically.
NAT Gateway has been created
5. Create of Route Table.
A route table contains a set of rules, known as routes, that define how network traffic should be directed. Each route consists of a destination and a target, specifying where the traffic should be sent.
Note : While creating route table, select VPC which you have created.
Creating Route table for public subnet.
Creating Route Table for Private subnet
Select Edit routes by clicking on Public-Route-Table
Add internet gateway to the Public route table by adding route 0.0.0.0/0
Now goto subnet association and add public subnet into it.
6. For private route table , you have to add NAT Gateway as Destination route.
Donât forget ,NAT Gateway must be in private route table
Edit subnet association of private route table and add private subnet in it.
7. Create public instance and private instance.
In Security Group allow SSH,HTTP and HTTPS rule
8. Connect public instance and do following.
update the instance
Install nginx web server
Test, if nginx is running or not
đBASTION HOST OR JUMP SERVER
9. Create udemy-project.pem file and paste the public key in it and give permission to it.
vi key-pair-name.pem
chmod 600 key-pair-name.pem
Note:
Take IP of private instance and connect it.
ssh -i key-pair-name.pem ec2-user@private-ip-address
10. After saying yes, You will be in private instance.
See you are in private Instance
Yayy !! You have done it âŚ.đ
In Conclusion , We can access our private instance via public instance and it will provide security to private instance.
Keep learning..âď¸