Private Routing about project2 HOT 1 CLOSED

Launch a NAT Server Instance (We’ll use an instance rather than the NAT Gateway service as the AWS Educate accounts don’t allow for the Gateway service at this point in time). AWS has some prepackaged AMI types with the NAT function preconfigured that you can use for launching the EC2 instance for NAT purposes.

• Read the NAT instance documentation completely: https://docs.aws.amazon.com/vpc/latest/userguide/VPC_NAT_Instance.html
• Amazon provides pre-packaged ready to go Nat Instance AMIs. All have this in their name if you search for them in the AMI list: amzn-ami-vpc-nat
• In the docs take note of what an EC2 instance does when launched with a NAT Instance AMI !
• More on the preferred NAT AMI for each region – MAKE SURE to use the suggested AMI for your region (see table at bottom of page): https://aws.amazon.com/amazon-linux-ami/
• You WILL have to create a NAT Security Group for use with the NAT Instance – that should be created in Template #1.
• In template #1 you’ll either need to create a private route table with private routes setup as needed – which would include the default route (0.0.0.0/0) going to the Nat Instance or modify the main route table associate with the VPC to include the NAT Instance. These new tables need to be associate with the WEB INSTANCES as that gives them a route out to the Internet when the communications is initiated from the Web Instance itself.
• Normally the Web Instances down in the private subnets respond back to requests coming from the load balancer in the public subnet – since all are in the SAME VPC that traffic is allowed. Now however we are talking about a request to an outside website coming from the web instance in the private subnet – hence the need for the change to the routing table.
• The NAT instance itself should be built in Template #1 as we are considering it part of the networking infrastructure.
• The NAT instance should reside in the first public subnet.
• You will need to turn off Source/Destination Check in your template ( SourceDestCheck will be set to false )
• Use a T2 Micro instance type
• To test the NAT server you will need to also construct the Bastion host below so you can login to it and then SSH on to one of the Web Servers and see if you can pull updates or simply access the web from one of the web instances.

from project2.