Creating and Validating Connectivity for Amazon EC2 Instances in a Public and Private Subnet

Hands-On Lab

 

Photo of Tia  Williams

Tia Williams

AWS Training Architect II in Content

Length

00:30:00

Difficulty

Beginner

In this hands-on lab, we will meet a few different objectives: Review the VPC configuration and understand the components required to provision EC2 instances. Review the VPC configuration to identify what makes an instance public vs. private. Create an Amazon EC2 instance and a security group in the public subnet, and validate connectivity using SSH. Create an Amazon EC2 instance and a security group in the private subnet, and identify what makes the instance and the subnet private.

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

Creating and Validating Connectivity for Amazon EC2 Instances in a Public and Private Subnet

Introduction

In this hands-on lab, we will meet a few different objectives:

  • Review the VPC configuration and understand the components required to provision EC2 instances.
  • Review the VPC configuration to identify what makes an instance public vs. private.
  • Create an Amazon EC2 instance and a security group in the public subnet, and validate connectivity using SSH.
  • Create an Amazon EC2 instance and a security group in the private subnet, and identify what makes the instance and the subnet private.

Solution

Log in to the live AWS environment using the credentials provided. Make sure you're in the N. Virginia (us-east-1) region throughout the lab.

We will also work in the command line. On a Mac, you may use Terminal. If you are using a Windows computer and need assistance with how to connect, you will need to follow different instructions to log in to the EC2 instance via SSH. Please watch this lesson on how to connect to a Linux EC2 instance for instructions on how to set up and use PuTTY.

Review VPC Configuration

  1. Once you're logged in to the AWS console, navigate to VPC.
  2. Click Subnets in the left-hand menu.
  3. Note the IP address associated with the private subnet and the public subnet.
  4. Click Route Tables in the left-hand menu.
    • There should be three route tables listed: one default (which we will leave alone for the entirety of the lab) and two others.
    • For the two non-default route tables, we need to identify and rename them as private and public.
  5. Select the first route table listed (not the default route table, which will not have a subnet associated with it), click the Routes tab lower on the page, and then:
    • If its target is listed as local, rename the route table "PrivateRT".
    • If one of its targets is listed as an internet gateway, then rename the route table "PublicRT".
  6. Select the other non-default route table, click the Routes tab, and then:
    • If its target is listed as local, rename the route table "PrivateRT".
    • If one of its targets is listed as an internet gateway, then rename the route table "PublicRT".
  7. Click Network ACLs in the left-hand menu.
    • Similar to renaming the route tables, we also need to identify and rename the non-default NACLs as private and public.
  8. Select the first NACL listed (not the default NACL), click the Inbound Rules tab lower on the page, and then:
    • If the source listed is 0.0.0.0/0, rename the NACL "PublicNACL".
    • If the source listed is a specific IP address associated with one of our subnets, rename the NACL "PrivateNACL".
  9. Select the other non-default NACL, click the Inbound Rules tab, and then:
    • If the source listed is 0.0.0.0/0, rename the NACL "PublicNACL".
    • If the source listed is a specific IP address associated with one of our subnets, rename the NACL "PrivateNACL".

Create an Amazon EC2 Instance in the Public Subnet

  1. Navigate to EC2, and click Launch Instance.
  2. On the AMI page, select the Amazon Linux 2 AMI.
  3. Leave t2.micro selected, and click Next: Configure Instance Details.
  4. On the Configure Instance Details page:
    • Network: Leave default
    • Subnet: Public
    • Auto-assign Public IP: Enable
  5. Click Next: Add Storage, and then click Next: Add Tags.
  6. On the Add Tags page, add the following tag:
    • Key: Name
    • Value: PublicInstance
  7. Click Next: Configure Security Group.
  8. Click to Create a new security group, and set the following values:
    • Security group name: PublicSG
    • Description: PublicSG
  9. Click Review and Launch, and then Launch.
  10. In the key pair dialog, select Create a new key pair.
  11. Give it a Key pair name of "pubinstssh".
  12. Click Download Key Pair, and then Launch Instances.
  13. Click View Instances, and give it a few minutes to enter the running state.
  14. Once it's running, select it and click Connect.
  15. Copy the chmod command listed.

Verify Connectivity to Public Instance Using SSH

  1. Open a terminal session, and change to your downloads directory.
  2. Run the chmod command to change the permissions on our .pem file.
  3. In the AWS console, copy the ssh command.
  4. Run the ssh command to log in to the instance.

Create an Amazon EC2 Instance in the Private Subnet

  1. In the AWS console, on the instances dashboard, click Launch Instance.
  2. On the AMI page, select the Amazon Linux 2 AMI.
  3. Leave t2.micro selected, and click Next: Configure Instance Details.
  4. On the Configure Instance Details page:
    • Network: Leave default
    • Subnet: Private
    • Auto-assign Public IP: Disable
  5. Click Next: Add Storage, and then click Next: Add Tags.
  6. On the Add Tags page, add the following tag:
    • Key: Name
    • Value: PrivateInstance
  7. Click Next: Configure Security Group.
  8. Click to Create a new security group, and set the following values:
    • Security group name: PrivateSG
    • Description: PrivateSG
  9. Click Review and Launch, and then Launch.
  10. In the key pair dialog, select Choose an existing key pair.
  11. Select our pubinstssh key pair.
  12. Click Launch Instances.
  13. Click View Instances, and give it a few minutes to enter the running state.

Conclusion

Congratulations on completing this hands-on lab!