4.1 Create VPC (manual)
steps:-
Create subnet
IPV4-CIDR
192.168.0.0/16
192.168.0.0-192.168.255.255
CIDR of subnet
network-1
192.168.1.0-192.168.1.255
192.168.1.0/24
network-2
192.168.2.0-192.168.2.255
192.168.2.0/24
network-3
192.168.3.0-192.168.3.255
192.168.3.0/24
network-4
192.168.4.0-192.168.4.255
192.168.4.0/24
show all network :- here i change name(NETWORK->SUB-NETWORK)
Internet gateways:-
To connect our vpc to internet we need to attach with an internet gateway so our ec2 instance can communicate outside the VPC.
Attach to VPC
Route tables:-
Create EC2 instance with same vpc:-
create public and private subnet:-
create Route table(private):-
then go to :- "SUB-NETWORK-1-private" > Route table > Edit route table association
same steps follow with "SUB-NETWORK-3-private"
then go to ec2 instance those we created
now create an ec2 instance in private subnet because before we create it's in public subnet.
Now i have try to ssh private ec2 instance but itn't connnect because Route table not allow to connect outside the VPC. so inside the VPC both ec2 instance can communicate each other. ping <private_ip_add.>
So generaly we store the database and sensitive data in our private server. and for public accessable thing store in the public subnet.
connect private subnet ec2 Bastion_host(jump_server) with public subnet ec2 :-
connect local to jump server(Bastion_host)
Now connect Bastion_host(jump) server to private subnet ec2:-
here we can see that our private ec2 successfully connect but can't run internet.
Access internet in Private Instance -
using NAT Instance
using NAT Gateway
NAT Instance:- (generaly we don't use NAT instance because it's very handy to manage all things of instance)
Attatch Elastic IPs to NAT instance :-
using NAT gateways :-
NACL :-
A network access control list (NACL) is an optional layer of security for a VPC in Amazon Web Services (AWS). It acts as a firewall to control traffic in and out of one or more subnets
allow sg public instance:-
now try to another ping another ip address
VPC endpind:-
A VPC endpoint is a virtual device that allows a private connection between an Amazon VPC and AWS services and VPC endpoint services.