Home [AWS Solution Architect] Follow Along - NAT Gateway, VPC Endpoints
Post
Cancel

[AWS Solution Architect] Follow Along - NAT Gateway, VPC Endpoints

Yuha on Jan 17, 20222022-01-17T15:56:00+09:00
Updated Jan 17, 20222022-01-17T15:56:00+09:00 2 min read

NAT Gateway (Network Address Translation)

Instruction https://uzzing.github.io/posts/NAT/

  • ⭐️ If you have a private networking need to help gain outbound access to the internet, you need to use a NAT gateway to rempat the Private IPs.

  • ⭐️ NAT Gateways is a managed service which launches redundant instances within the selected AZ.

  • ⭐️ You have to launch a NAT gateway per AZ

    • NAT gateway doesn’t do launch them automatically across other AZs for you.

Follow along

the way we’re going to get a route to the internet is by creating a NAT instacne or a NAT gateway. Generally you wanna use a NAT gateway. If you were trying to save mondy, you can definitely save money by having to manage a NAT instance by itself.

But we’re gonna learn how to do NAT gateway, let’s do it!

  • switch over to VPC
    • because that’s where the NAT gateway is. Screen Shot 2022-01-17 at 3 04 23 PM Screen Shot 2022-01-17 at 3 05 16 PM
  • launch a NAT gateway in a public subnet
    • NAT gateway do cost money, but they’re not terribly expensive.
    • Create NAT gateway
      1. select public one subnet
      2. Create Elastic IP
    • Edit route table Screen Shot 2022-01-17 at 3 06 07 PM Screen Shot 2022-01-17 at 3 06 49 PM Screen Shot 2022-01-17 at 3 07 11 PM

  • test Screen Shot 2022-01-17 at 3 09 00 PM

  • we have one inbound traffic, but we definitely want outbound, because we wold probably want to update packages on our EC2 instance.
    • if we did ‘sudo yum update’, we wouldn’t be able to do this without a outbound connection. Screen Shot 2022-01-17 at 3 12 09 PM
  • it’s a way of getting access to the internet, only for the thing that we need for outbound connections.

VPC Endpoints

  • how we can set an outbound connection to the internet.
    • let’s talk about how we could access other AWS services via our private EC2 instances here.
    • so s3 would be a very common one to utilize.

Instructions https://uzzing.github.io/posts/VPC-Endpoints/

  • switch over to s3
    • we get a IAM role permissions to access that stuff there. Screen Shot 2022-01-17 at 3 16 26 PM
  • aws s3 ls

    • we can definitely see that we have a way of accessing s3 via the CLI Screen Shot 2022-01-17 at 3 19 40 PM

    • Q. what it happen when we remove that NAT gateway, would we still be able to access s3?
    • A. No. it no longer has anyway to access s3. Screen Shot 2022-01-17 at 3 21 39 PM
    • So the way to use EC2 instance through CLI is it’s going to go out to the internet and come back into AWS network to access s3.

    • since there’s no outbound way of connection to the internet, there’s no way we’re gonna be able to connect to s3.

    • Q. why doesn’t you just keep the traffic within the network?
    • A. because we’re already on EC2 within AWS network and s3 is with Eva’s network.
    • that bring us to endpoints which is how we can create our own private tunnel within AWS network, we don’t have to leave up the internet.

  • we can connect to s3 without having outbound connect.

  • Create a new Endpoints
    • select VPC Screen Shot 2022-01-17 at 3 29 04 PM
    • select S3 Screen Shot 2022-01-17 at 3 29 04 PM

    • selete a route table associated with private subnet Screen Shot 2022-01-17 at 3 34 11 PM

    • result Screen Shot 2022-01-17 at 3 35 52 PM Screen Shot 2022-01-17 at 3 36 40 PM

Words

  • switch over to N

…..???!!!

The copyright of all material here is on this video

https://www.youtube.com/watch?v=Ia-UEYYR44s
This post is just for studying AWS SAA.

Development, AWS
aws certification eng
This post is licensed under CC BY 4.0 by the author.
Recent Update
Contents

[AWS Solution Architect] Follow Along - Security Groups, NACL and Bastion

[AWS Solution Architect] Follow Along - VPC Flow logs

Comments powered by Disqus.