-
Notifications
You must be signed in to change notification settings - Fork 0
/
Lab5.txt
69 lines (58 loc) · 3.33 KB
/
Lab5.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
Lab5
Step1
On VScode terminal navigate to directory AWSLabs and run command git pull https://github.com/awscloudessentials/intro-to-aws-lab.git
Open the new file(Lab5) in the editor, to allow you add steps you took to complete the lab.
Step 2:
Go to your default VPC dashboard and select NAT gateways
Click "create NAT gateway", give it a name "NAT"
Select a subnet, Connectivity type "Public"
Click on "Allocate Elastic IP"
Create NAT gateway
Step 3
Go to your default VPC dashboard and select create a new route table
Give it name "privateRT", select your VPC
Create route table
Select the newly created route table,click on "Routes"
Click "edit routes", click "add route"
Under destination input "0.0.0.0/0" and target Nat gateway, select the NATGW created in Step 2
Save changes
Select the default route table,click on subnet associations, unselect one of your subnets,note the subnet ID(this is the subnet where you would be creating your private instance)
Click save associations
Select the new route table you created,click subnet associations ->edit subnet associations-->select the subnet you unselected in the step above -->save associations
Step 4 (Use same keypair to create both EC2 instances)
Create an EC2 with a public IP with name " public-ec2" and access to internet and ssh connection
Create another EC2 with only a private IP address with name "private-ec2"
Edit the "Network settings" and select the subnet in step 3 with route to the NATGW, also change "Auto-assign public IP" to disable
The security group for the private-ec2 should allow "All IPv4" from source "Private IP address of the public instance" and SSH from All.
Step 5 (setting up ssh agent forwarding)
On WSL, get to the location of your keypair and run the following commands
<<<<<<< HEAD
eval $(ssh-agent)
ssh-add -k <keypair name> (this will request for the pin generated by the first command)
(**This private key will be ignored.***ignore the message and run command below)
chmod 400 <keypair name>
ssh-add -k <keypair name>
<keypair name> ec2-user@<public IP of public-ec2>
=======
mv <keypairname> ~/.ssh/<keyname> (remove the .pem extension in the name)
eval $(ssh-agent)
chmod 400 ~/.ssh/<keypair name>
ssh-add -k ~/.ssh/<keypair name>
#ssh -A -i ~/.ssh/<keypair name> ec2-user@<public IP of public-ec2>
>>>>>>> 5167fd9b6b62051182f8c983390530bc7fec278d
Step 6(Verify connectivity)
Run command "ping google.com"
Send screenshot
Run command "ping <private IP of private-ec2>"
Send screenshot
Run command "ssh ec2-user@<private IP of private-ec2>" (this connects you into the private EC2,verify that the IP address is different)
Send screenshot
Run command "ping google.com" (this should connect because of the attached NATGW giving access to internet)
Send screenshot
Note: For the private ec2, make sure your NATgw, subnets configurated properly. This is where most issues connection issues happens.
Ensure that your subnet is carefully selected for the private ec2. Create the private subnet first and note the its subnet -
for your NAT and the public ec2 default subnet that aws choose for you.
Connecting to private EC2 from bastion and NATGW
Step 7
Once confirmed, kindly clean up your AWS account.(Remember to delete your Elastic IP manually)
Edit the text file in VSCode editor, save and push to your personal remote repo.