In a cloud environment, the Virtual Private Cloud (VPC) is the backbone that connects your resources to the Internet. A VPC is a logically isolated network within Amazon Web Services (AWS), allowing you to launch Amazon Elastic Compute Cloud (EC2) instances, Amazon Relational Database Service instances, and other Amazon Web Services resources in a virtual network. By default, your VPC is created without any internet connectivity. This means that the resources launched in the VPC do not have access to the internet.
In this tutorial, you will learn how to connect your VPC to the Internet using NAT Gateway. NAT Gateway is a highly available AWS managed service that makes it easy to enable Internet access for your instances within your VPC. With NAT Gateway, your instances remain private, and only the traffic that you choose is routed through the Internet Gateway.
Prerequisites
Before we get started, you need to ensure that you have the following:
- An AWS account;
- Basic knowledge of AWS services, including EC2 instances, VPC, and subnets.
Step 1 – Creating a VPC
The first step involves creating a VPC. Follow the steps below to create a VPC:
- Log in to your AWS Management Console;
- Enter “VPC” in the search bar and click on the “VPC” link under the “Networking and Content Delivery” category;
- In the left menu, click on “Your VPCs” and then click on the “Create VPC” button;
- In the “Create VPC” window, specify the following:
- Name tag: Enter a name tag for your VPC (e.g., “MyVPC”);
- IPv4 CIDR block: Specify a CIDR block for your VPC (e.g., 10.0.0.0/16). Note that you cannot change the CIDR block after creating the VPC, so choose a block that can accommodate all your resources;
- IPv6 CIDR block: Choose the “No IPv6 CIDR block” option;
- Tenancy: Choose the “Default” option.
- Click on the “Create VPC” button.
Step 2 – Creating Subnets
After creating your VPC, the next step is to create subnets. A subnet is a range of IP addresses in your VPC. AWS recommends that you create at least two subnets in each Availability Zone (AZ) to provide high availability and fault tolerance for your resources.
Follow the steps below to create two subnets:
- In the left menu, click on “Subnets” and then click on the “Create subnet” button;
- In the “Create subnet” window, specify the following:
- Name tag: Enter a name tag for your subnet (e.g., “PublicSubnet”);
- VPC: Select the VPC that you previously created;
- Availability Zone: Select an AZ in which to create the subnet (e.g., us-west-2a);
- IPv4 CIDR block: Specify a CIDR block for your subnet (e.g., 10.0.1.0/24).
- Click on the “Create subnet” button.
Follow the same steps to create a private subnet. However, use a different CIDR block for the private subnet (e.g., 10.0.2.0/24).
Step 3 – Creating an Internet Gateway
The next step is to create an Internet Gateway (IGW). An IGW is a horizontally scaled, redundant, and highly available virtual appliance that allows communication between instances in your VPC and the internet.
Follow the steps below to create an IGW:
- In the left menu, click on “Internet Gateways” and then click on the “Create internet gateway” button;
- In the “Create internet gateway” window, specify the following:
- Name tag: Enter a name tag for your IGW (e.g., “MyIGW”);
- Click on the “Create internet gateway” button.
- Select the IGW that you just created and click on the “Actions” button. Then, click on the “Attach to VPC” button and select the VPC that you previously created.
Step 4 – Creating a NAT Gateway
The next step is to create a NAT Gateway. NAT Gateway is a highly available AWS managed service that makes it easy to enable Internet access for your instances within your VPC.
Follow the steps below to create a NAT Gateway:
- In the left menu, click on “NAT Gateways” and then click on the “Create NAT Gateway” button;
- In the “Create NAT Gateway” window, specify the following:
- Subnet: Select the public subnet that you previously created;
- Elastic IP allocation ID: Choose “Create new EIP”;
- Name tag: Enter a name tag for your NAT Gateway (e.g., “MyNATGateway”);
- Click on the “Create NAT Gateway” button.
Step 5 – Updating Route Tables
After creating a NAT Gateway, the next step is to update the route tables for your subnets. A route table contains a set of rules, called routes, that determines where network traffic is directed.
Follow the steps below to update the route tables:
- In the left menu, click on “Route Tables”;
- Select the public route table that is associated with your public subnet;
- Click on the “Edit routes” button and then click on the “Add route” button;
- In the “Add route” window, specify the following:
- Destination: Enter “0.0.0.0/0”;
- Target: Select the NAT Gateway that you previously created;
- Click on the “Save routes” button.
Follow the same steps to update the route table for your private subnet. However, use a different target for the private subnet – a network interface of a NAT Gateway.
Step 6 – Testing Connectivity
Now that you have completed the necessary configurations, it’s time to test connectivity between your instances and the internet.
Follow the steps below to test connectivity:
- Launch an EC2 instance in your private subnet;
- SSH into the EC2 instance using a SSH client of your choice (e.g., PuTTY);
- Run the following command to install Apache Web Server:
sudo yum install httpd -y
- Start the Apache Web Server by running the following command:
sudo service httpd start
- In your web browser, enter the public IP address of your NAT Gateway. You should see the Apache default page.
Congratulations! You have successfully connected your VPC to the internet using NAT Gateway.
Conclusion
In this tutorial, you learned how to connect your VPC to the internet using NAT Gateway. NAT Gateway is a highly available AWS managed service that makes it easy to enable Internet access for your instances within your VPC. By following the steps outlined in this tutorial, you can ensure that your instances remain private, and only the traffic that you choose is routed through the Internet Gateway.