Securing your VPC using Public and Private Subnets

Creating a VPC Internet Gateway

Lab Steps

Logging In to the Amazon Web Services Console

Creating a VPC

Creating a Public Subnet

Creating a Bastion Host

Creating a Private Subnet

Creating a Network ACL for a Private Subnet

Adding Rules to a Private Network ACL

Launching an EC2 Instance on a Private Subnet

Launching a Network Address Translation (NAT) Gateway

Testing access of Private Subnet Instances

Highlights of Securing your VPC

Need help? Contact our support team

Here you can find the instructions for this specific Lab Step.

If you are ready for a real environment experience please start the Lab. Keep in mind that you'll need to start from the first step.

You can pause this lab for
(up to) 1h

Introduction

An Internet Gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between instances in your VPC and the Internet. It imposes no availability risks or bandwidth constraints on your network traffic. An Internet gateway serves two purposes:

Provide a target in your VPC route tables for Internet-routable traffic
Perform network address translation (NAT) for instances that have been assigned public IP addresses. (Note: It does not do this for instances with private IP addresses.)

In this lab, you will create an Internet Gateway and associate it to a VPC.

Instructions

1. From the VPC Dashboard, click Internet Gateways in the left navigation pane.

The Internet Gateways page lists all previously created gateways:

alt

Note: Your student account may already have an Internet gateway. If it does, it is likely attached to a default VPC. Regardless, this Lab Step will walk you through creating your own.

2. Click Create internet gateway to begin creating a new gateway with the following:

Name tag: Enter labs-gw

alt

3. Click Create Internet Gateway:

The State of your Internet Gateway will be detached to start. Now you need to attach the new gateway to the VPC you created earlier.

4. Click Actions then Attach to VPC:

alt

5. In the Attach to VPC form, select the cloudacademy-labs VPC from the drop-down menu:

alt

Note: The ID of your VPC will differ slightly.

An Internet Gateway can only be attached to one VPC. Therefore, even if you have another Internet Gateway, and it's already attached to the default VPC, the drop-down menu when attaching your Internet Gateway will only include the detached VPC.

6. Click Attach internet gateway:

7. In the Details tab, you will notice the new Internet Gateway is Attached and available to be used by EC2 instances of the attached VPC:

alt

Summary

In this lab step, you created an Internet Gateway and attached it to the VPC that you created earlier. Instances in the public subnet will route traffic destined for the public internet through the internet gateway.

Validation checks

1Checks

Attached Internet Gateway

Attached the Internet Gateway to the non-default VPC

Networking for AWS