A network address translation (NAT) gateway to enable instances in a private subnet to connect to the internet or other AWS services, and then sends the response back to the instances but prevent the internet from initiating a connection with those instances.
When traffic goes to the Internet, the source IPv4 address is replaced with the NAT device’s address and similarly, when the response traffic goes to those instances, the NAT device translates the address back to those instances’ private IPv4 addresses.
In the above diagram, Router will act as NAT, it will translate the request from PC to internet and get a response from internet give it to PC. But no one can’t access the PC because PC having a private address.
Public Subnet: – Subnet which is associated to internet gateway is called public subnet.
Private Subnet: – Subnet which is not associate to internet gateway is called private subnet.
Scenario if you want to run a public-facing web application while maintaining back-end servers that aren’t publicly accessible.
Here first we are going to Configure network and instance then will test instance with private will internet or not and how it got internet.
- Once login to AWS account on search bar type VPC( Virtual Private Cloud)
- Chose ‘your VPCS’ then click on Create VPC, it will ask you name and ipv4 CIDR, then click on ‘Create’.
- We created VPC, under VPC we are creating 2 Subnets by giving name called public and private with CIDR.
Chose subnets –> Create Subnet –> give a name(Public-Subnet) –> select your VPC –> give IPV4, then click on Create
- Here I created 2 subnets with the name public and private.
- Availability Zone, if you want you can select or the system will select one by default.
- We need to create Internet Gateway and need to add to VPC
- Internet Gateway allows communication between instances in your VPC and the Internet.
(Internet Gateway –> Create Internet Gateway –> give name –> Create)
(Internet Gateway –> Select Internet Gateway –> Action à Attach to VPC –> Select Respective VPC –> Attach.)
- Attach Internet Gateway to Main Route Table
(Route Table –> Select Route table –> go to Routes –> Edit –> Add another route table[0.0.0.0/0—-IGW-XXXX] –>save.)
- Go to NAT Gateway
(NAT Gateway–> Create NAT Gateway –> Select Public subnet –> Give Elastic IP–>Create a NAT Gateway.)
- Create Custom Route Table
(Route table –> Create Route table –>Select your VPC –> click on Create)
- Attach NAT Gateway to Custom Route Table
(Route Table –> Select Route table –> go to Routes –> Edit –> Add another route table[0.0.0.0/0—-NAT-XXXX] –>save.)
Then Associate Private Subnet To this route Table
Configure network setup done
- Create EC2 instance on both the subnets under your network.
Go to services select EC2 service
- Chose instance, click on create instance
Under public subnet enable public IP in your VPC
Under Private Subnet Disable Public IP in your VPC
With Default setting Launch instance
Public IP Instance we can able to connect from your machine and system will get internet.
Private IP Instance we can’t connect from your machine, Take remote from public IP instance and Test Internet connectivity.
For the test, how instance getting internet use CMD, [ tracert 126.96.36.199 ] the first IP is the NAT Private IP.
This instance getting internet from NAT Gateway.