Question 3 | AWS Solutions Architect Exam
How to enable the internet for the EC2 instances running into the private subnet?
Here's a step-by-step guide on how to enable internet access for EC2 instances running in private subnets in AWS:
Step 1: Create a NAT Gateway
1. Open the Amazon VPC Console:
◦ Go to the Amazon VPC Console.
2. Create a NAT Gateway:
◦ Navigate to NAT Gateways in the left-hand menu.
◦ Click Create NAT Gateway.
◦ Select the subnet where you want to place the NAT Gateway (typically a public subnet).
◦ Allocate an Elastic IP for the NAT Gateway.
◦ Click Create NAT Gateway.
Step 2: Update Route Tables
1. Locate the Route Table:
◦ In the VPC console, navigate to Route Tables.
◦ Find the route table associated with your private subnets.
2. Edit Routes:
◦ Select the route table and go to the Routes tab.
◦ Click Edit routes.
◦ Add a new route with the following details:
▪ Destination: 0.0.0.0/0
▪ Target: Select the NAT Gateway created in Step 1.
◦ Save the changes.
Step 3: Configure Security Groups
1. Open the EC2 Console:
◦ Go to the Amazon EC2 Console.
2. Update Security Groups:
◦ Navigate to Security Groups in the left-hand menu.
◦ Select the security group associated with your EC2 instances in the private subnets.
◦ Ensure that the necessary outbound rules are set to allow traffic to the internet. For example, add an outbound rule:
▪ Type: All traffic
▪ Protocol: All
▪ Port Range: All
▪ Destination: 0.0.0.0/0
Step 4: Test the Configuration
1. Launch an EC2 Instance:
◦ If not already running, launch an EC2 instance in the private subnet.
2. Check Internet Access:
◦ Connect to the instance using SSH.
◦ Test the internet access by running a command such as ping google.com or using curl to access a website.
Summary
By following these steps, you will:
1. Create a NAT Gateway in a public subnet.
2. Update the route table for the private subnets to route internet-bound traffic through the NAT Gateway.
3. Ensure that the security groups allow outbound internet access.
4. Test the configuration by checking internet access from an EC2 instance in the private subnet.
This setup allows your instances in private subnets to access the internet for updates, patches, and other outbound communications, while keeping them inaccessible from the internet for inbound traffic.
