Creating a vpc using NAT gateway

 Problem statement:

process of connecting DB server using NAT gateway using VM server

Different services that used as part of NAT gateway for instance are:

What is NAT gateway?

• NAT gateway is used to connect the internet from instances. It prevents the internet from connecting to instances directly.

1. VPC

• subnets
• routing table
• internet gateway
• VPC
• Elastic IP

      2. Security groups

      3. Ec2 instance

      4. Putty

Brief introduction about the above-mentioned services

      1. What is a VPC?

           VPC is a virtual private cloud which helps us to connect multiple instances or servers at a             time in a hub VPC is mostly used for internal communications it does not use public IP  .

       2. What is a subnet?

            subnet can be simply said as range of IP address

                    /8 - 255.0.0.0

                    /9 - 255.128.0.0

                    /10 - 255.192.0.0

                    /16 - 255.255.0.0

                    /24 - 255.255.255.0

       3. What is routing table?

             Routing tables consists set of rules which allows network traffic from subnets or                      gateway desired once this will be discussed further.

       4. What is an internet gateway?

               ·        The Internet gateway is used to provide access point for routing table allows                             internet and perform network address translation (NAT)

                ·        IPv4-it is a 32bit number which consists less range than IPv6

               ·        IPv6-it is a 128 bit and it is bigger than it can many no of IP ranges which will                             never end, or the user doesn’t require that many

       5. What is an Elastic IP?

              ·        Elastic IP address is an IPV4 address which is used for cloud computing. If the                         instance or server is rebooted or stopped the IP address will be changed to                             overcome this problem Elastic IP is used. Elastic IP is a static IP that will remain                     the same after the system failure. 

             

Creating a VPC using NAT gateway

As detailed in previous go to amazon web services

    1.     Create a VPC 

    

    Now go to subnets and create a subnet according to the details mentioned below

    

    Create another subnet as AWS-NAT using below details

     

        

        Use modify auto-assign IP and enable IPv4

        2.     Create a NAT gateway and select subnet

        

        Create a NAT gateway using above details don’t use a DB server which is AWS-NAT                server which will directly expose to the internet, also allocate Elastic IP which will                     create an IP at the NAT gateway elastic IP will be automatically created

    3.     Create a routing table and add NAT subnet to it

    

·        Add NAT subnet to the routing table in edit subnet association.

                  ·        don’t enable second subnet which will directly add instance to the internet                               gateway which is a security issue.

    

    Now edit routes and add destination as 0.0.0.0/0 and select the target as NAT gateway and save

    

    Create another routing table for second subnet and edit routes and subnet association             sections as below and create an internet gateway for the second subnet 

    

    

    

    4.     Deploy VM in public subnet and server in a private subnet

          Now create an instance with details given below

    

    Now select AWS-server and network interface IP as 10.1.1.100, add storage and tags

    

    

    

    Now create a new security group as details mentioned above and launch the instance

    Create a new key pair or download an existing keypair

    Again, create another instance DB1 server 

    

    Under the network interface give primary IP as 10.1.5.100, add storage and tags. give             security group which was already created and download keypairs

    

    5.     Try to connect DB1 server using public IP and it should fail

          Now copy public DNS of DB1 and open putty

    

    We need to convert the key pairs into PPK format for putty. So, we need to use putty gen to convert     the PEM files 

    

    copy public DNS in the hostname and go to SSH select keypairs which are in PPK format        and open 

    

    It showed be appear as below

    

    In the scenario, we can say that NAT gateway was not allowing to connect DB1 directly

    Now try to connect VM1 using the same process 

    

    It has connected to the VM1 using internet gateway directly

    Now use following commands for connecting to DB1 from VM1

    Command:

    ·        $ sudo su - (for the root user)

    

    6.     Now connect to DB1 using VM1

            Ping to DB1 using IP 10.1.5.100 it should ping 

    

    Now to connect to DB1 using PEM file for authorization use below steps     

    ·        Open PEM file using visual studio code

    

    Copy entire private key in the pem file and create a file in VM1 using nano editor

    

    ·        Nano AWS.pem

    

    paste in the file and save it for use ctrl+o and exit use ctrl+x

    

    We need to change read and write permissions for that use command as

    ·        Chmod 400 AWS.pem (read and write permissions)

    

    Now connect DB1 from VM1 using the command below  

    ·        SSH -I AWS.pem ec2-user@10.1.5.100 (connecting and authorization)

    

    7.     Now ping www.google.com and it should work