In this video, you'll learn how to connect to an EC2 instance in a private subnet using a bastion or jump host in public subnet in AWS.
-
Facebook: / gokcedbsql
-
Video Transcript
-
Hi guys, this is Abhi from Gokcedb. In this video, you're going to learn how to connect to an ec2 instance in a private subnet using a Bastion or a jump host. Let's start by navigating to the VPC service and then clicking on your VPCS.
Here, we can see our default VPC with a cider block of 172.31.0.0 and a subnet mask of 16. Let's use a subnet calculator to look at the cider IP range. For this block, as you can see, there are 65536 IPS in this range.
Now, let's look at these subnets in this VPC. There are six default subnets, one for each availability zone. All of them have Auto assigned IP addresses enabled which means they're all public subnets.
Copy and paste the Cider block of one of the subnets and use the subnet calculator to calculate the IPS. In this range, looks like there are 4096 IPS in the cider IP range. For our private subnet, I'm going to use the cider block of172.31.96.0 with a subnet mask of 20.
Click on create subnet then choose the default VPC from the drop-down. Give your subnet a name then choose an availability zone. Enter a cider block then hit create a subnet.
Click on the subnet ID and confirm that the auto-assign public IP address is set to no which means it is indeed private. Next, click on the routing table in the left menu then hit create route table. Give your route table a name, select default VPC then click on create route table.
Go to the subnet associations tab then click on edit subnet Association. Select the private subnet then hit save. In the routes section, you can see there's only one local route available and there is no internet gateway.
That means, our private subnet won't have access to the internet. If we look at the main route table which is associated with our public subnets, you'll see that we have both the local route and the internet gateway route available. Next, we're going to create two ec2 instances.
The first one is the public, which has access to the internet via the internet gateway, and the second one is the private subnet which does not have access to the internet. Now, let's navigate to the ec2 service and then click on instances. Click on the launch instance and give it a name.
I'm going to call it private subnet ec21 because we're launching it in our private subnet. Scroll down to the key pair section and select a key pair. Click on the edit in the network settings the select the private subnet from the subnet drop-down.
I'm going to leave all the other settings to default and then click on launch instance. Hit refresh and you should see your private subnet instance in a pending state. Let's launch one more instance this time in our public subnet.
Give it a name, select a key pair, and in network settings select a public subnet. I'm going to leave everything else to default then hit launch instance. If we go back to our ec2 dashboard and click on the private subnet ec2 instance.
You'll see that we do not have a public IP address. However, for our public subnet ec2 instance, we see a public IP address attached to it as expected. Click on connect and go to the SSH client tab.
Here, you'll find the instructions to connect to your public subnet ec2 instance. I'm going to use the curl command to see if I can access google.com from this public subnet ec2 instance. Looks like it worked as expected.
Since the private subnet ec2 instance does not have a public IP address, we can not connect to it directly. We'll have to use SSH AGENT forwarding to connect to the private subnet ec2 instance. Start by using the SSH hyphen add command to add the private key to the authentication agent.
Next, use a hyphen for a flag that enables agent forwarding. After you're logged into the public subnet ec2 instance grab the private IP address of the private subnet ec2 instance. Now, use the SSH command to jump to the private subnet ec2 instance.
You can confirm that the private subnet ec2 instance does not have access to the internet by using the curl command. There you have it. Make sure you like, subscribe, and turn on the notification bell.
Until next time.