Creating and Validating

Connectivity for Amazon EC2

Instances in a Public and Private
Subnet
Introduction
In this hands-on lab, we will meet a few different objectives:

 Review the VPC configuration and understand the components required to provision EC2
instances.
 Review the VPC configuration to identify what makes an instance public vs. private.
 Create an Amazon EC2 instance and a security group in the public subnet, and validate
connectivity using SSH.
 Create an Amazon EC2 instance and a security group in the private subnet, and identify what
makes the instance and the subnet private.

Solution
Log in to the live AWS environment using the credentials provided.
Make sure you're in the N. Virginia (us-east-1) region throughout the
lab.
We will also work in the command line. On a Mac, you may use
Terminal. If you are using a Windows computer and need assistance
with how to connect, you will need to follow different instructions to
log in to the EC2 instance via SSH. Please watch this lesson on how
to connect to a Linux EC2 instance for instructions on how to set up
and use PuTTY.
Review VPC Configuration

1. Once you're logged in to the AWS console, navigate to VPC.

2. Click Subnets in the left-hand menu.
3. Note the IP address associated with the private subnet and the public subnet.
4. Click Route Tables in the left-hand menu.
 There should be three route tables listed: one default (which we will leave alone for
the entirety of the lab) and two others.
 For the two non-default route tables, we need to identify and rename them as private
and public.
 5. Select the first route table listed (not the default route table, which will not have a subnet
associated with it), click the Routes tab lower on the page, and then:
 If its target is listed as local, rename the route table "PrivateRT".
 If one of its targets is listed as an internet gateway, then rename the route table
"PublicRT".
6. Select the other non-default route table, click the Routes tab, and then:
 If its target is listed as local, rename the route table "PrivateRT".
 If one of its targets is listed as an internet gateway, then rename the route table
"PublicRT".
7. Click Network ACLs in the left-hand menu.
 Similar to renaming the route tables, we also need to identify and rename the non-
default NACLs as private and public.
8. Select the first NACL listed (not the default NACL), click the Inbound Rules tab lower on the
page, and then:
 If the source listed is 0.0.0.0/0, rename the NACL "PublicNACL".
 If the source listed is a specific IP address associated with one of our subnets,
rename the NACL "PrivateNACL".
9. Select the other non-default NACL, click the Inbound Rules tab, and then:
 If the source listed is 0.0.0.0/0, rename the NACL "PublicNACL".
 If the source listed is a specific IP address associated with one of our subnets,
rename the NACL "PrivateNACL".

Create an Amazon EC2 Instance in the Public Subnet

1. Navigate to EC2, and click Launch Instance.

2. On the AMI page, select the Amazon Linux 2 AMI.
3. Leave t2.micro selected, and click Next: Configure Instance Details.
4. On the Configure Instance Details page:
 Network: Leave default
 Subnet: Public
 Auto-assign Public IP: Enable
5. Click Next: Add Storage, and then click Next: Add Tags.
6. On the Add Tags page, add the following tag:
 Key: Name
 Value: PublicInstance
7. Click Next: Configure Security Group.
8. Click to Create a new security group, and set the following values:
 Security group name: PublicSG
 Description: PublicSG
9. Click Review and Launch, and then Launch.
10. In the key pair dialog, select Create a new key pair.
11. Give it a Key pair name of "pubinstssh".
12. Click Download Key Pair, and then Launch Instances.
13. Click View Instances, and give it a few minutes to enter the running state.
14. Once it's running, select it and click Connect.
15. Copy the chmod command listed.
Verify Connectivity to Public Instance Using SSH

1. Open a terminal session, and change to your downloads directory.

2. Run the chmod command to change the permissions on our .pem file.
3. In the AWS console, copy the ssh command.
4. Run the ssh command to log in to the instance.

Create an Amazon EC2 Instance in the Private Subnet

1. In the AWS console, on the instances dashboard, click Launch Instance.

2. On the AMI page, select the Amazon Linux 2 AMI.
3. Leave t2.micro selected, and click Next: Configure Instance Details.
4. On the Configure Instance Details page:
 Network: Leave default
 Subnet: Private
 Auto-assign Public IP: Disable
5. Click Next: Add Storage, and then click Next: Add Tags.
6. On the Add Tags page, add the following tag:
 Key: Name
 Value: PrivateInstance
7. Click Next: Configure Security Group.
8. Click to Create a new security group, and set the following values:
 Security group name: PrivateSG
 Description: PrivateSG
9. Click Review and Launch, and then Launch.
10. In the key pair dialog, select Choose an existing key pair.
11. Select our pubinstssh key pair.
12. Click Launch Instances.
13. Click View Instances, and give it a few minutes to enter the running state.

Conclusion
Congratulations on completing this hands-on lab!