PROJECT: With a Custom VPC, connect to a Private Instance Using a Bastion Host on EC2

  1. Create a Custom VPC CIDR 10.0.0.0/16
  2. Create a Private Subnet CIDR 10.0.2.0/24
  1. Custom VPC CIDR 10.0.0.0/16
  • Open and Sign-in to the AWS Console, find and open VPC
  • Click on Your VPCs, Create VPC, Add a Name, Enter your VPC CIDR, Add a Tag (Get use to using tags)
Newly Created VPC
  • Select Subnets, Create subnet, from drop down menu Select the VPC ID you created above
  • Add a Name, select your Availability Zone, enter/select your Private subnet CIDR block, Add a Tag
Newly Created Subnet
  • Click Create subnet, from drop down menu Select the VPC ID you created above
  • Add a Name, select your Availability Zone, enter/select your Public subnet CIDR block, Add a Tag
Newly Created Subnet
Two New Subnets Identified
  • Subnets, Select Subnet designated for Public traffic
  • Click Actions and from Drop down menu, select Modify auto-assign IP settings then check the box under Enable Auto-assign IPv4
Subnet with Enable Auto Assign IPv4
  • Internet Gateways, Create Internet Gateway, Add a name, Create IGW
Created Internet Gateway
  • Internet Gateways, Actions, from drop down menu select Attach to VPC
VPC with Attached IGW
  • Route Tables, Create route table, Add a name, select VPC to attach
Newly Created Route-Table
  • Select New Route Table, Route tab, Edit Routes, Add route, add in route 0.0.0.0/0 and choose the IGW as Target
Route Table with Edited and New added Route
  • Subnet Associations tab, Edit Subnet Associations, Select your Public Subnet
Public Route Table now Associated to Subnet with Private IPv4
  • From AWS Services, Open EC2 Dashboard, Instances, Launch Instances,
  • Select Amazon Linux (Free tier eligible) 64-bit, Select t2.micro (Free tier eligible under Type, Next
  • Configure Instance Details, verify your Network is your VPC and Subnet is your Public Subnet, Auto-assign Public IP setting is Use Subnet Settings (Enabled), Next, Next, Add a Tag(s)
  • Create Security group, Assign a NEW security group, Add a name
  • Change Source to My IP, Review and Launch, Launch
  • Create New Key Pair, Download Key Pair, Launch Instances
EC2 Instance for Public Subnet
  • Launch Instances, Select Amazon Linux (Free tier eligible) 64-bit, Select t2.micro (Free tier eligible under Type, Next
  • Configure Instance Details, verify your Network is your VPC and Subnet is your Private Subnet, Leave Storage as is, Add a Tag(s)
  • Configure Security Group, Keep the existing SSH Rule, but modify the source, Select Custom, for the text box, select your Public Security Group (Bastion Host)
  • Review and Launch, Launch, Select the existing Key Pair created for the Public Group, Select acknowledgement and Launch instances
EC2 Instance with Private IPv4
  1. PuTTy
  2. PuTTYgen
  3. Pageant
  • If you are not using a Windows Operating System, please substitute the method according to your OS.
  1. Launch PuTTy, Enter the Public IPv4 address in Host Name box
  2. Under Category, Navigate to Connection, SSH, Auth
  3. Under Authentication parameters, check box for Allow agent forwarding
  4. Click Browse, double click .ppk file
  5. Click Open, in the command window, enter ec2-user to login to your Public EC2 instance
  1. Enter this command(s) in the same command window that opened the Public connection
  • SSH ec2-user@<Private IP Address>
  • Echo “Test One was a Success” > file.test
  • Cat file.txt

--

--

--

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Returning a Lambda Expression from a Lambda Expression

Audio Steganography : The art of hiding secrets within earshot (part 2 of 2)

Clone Graph: Leetcode — Blind 75 (Graph)

Encore — Video transcoding at its core

Flutter Bad Code Smells

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Eric P Ingram

Eric P Ingram

More from Medium

GitHub Actions on Google Cloud Platform via Cirun.io

Backup & Archive with AWS

AWS WAF Captcha

CI/CD system with AWS Codepipeline and Elastic Beanstalk for any docker project