Day 30: Enable Internet Access for Private EC2 using NAT Instance

☁️ Day 30: Enable Internet Access for Private EC2 using NAT Instance | 100 Days of Cloud (AWS) Welcome to Day 30 of the 100 Days of Cloud (AWS) series! In this lab, you’ll configure a NAT Instance to provide internet access for a private EC2 instance so it can upload files to S3. 📌 Lab Objective: Enable internet access for a private EC2 instance using a NAT Instance and verify S3 upload connectivity. 🛠️ Task Requirements: VPC: nautilus-priv-vpc Private Subnet: nautilus-priv-subnet Public Subnet: nautilus-pub-subnet NAT Instance Name: nautilus-nat-instance Private EC2: nautilus-priv-ec2 S3 Bucket: nautilus-nat-5333 Region: us-east-1 💻 What You’ll Do in This Lab: 🔹 Create a public subnet for NAT Instance 🔹 Launch NAT Instance using Amazon Linux 2023 🔹 Create and attach a custom security group 🔹 Enable IP forwarding on NAT instance 🔹 Install and configure iptables for NAT 🔹 Update route table for private subnet 🔹 Verify S3 upload from private EC2 💻 Step-by-Step Configuration: 🔹 1. Create Public Subnet aws ec2 create-subnet \ --vpc-id VPC_ID \ --cidr-block 10.0.2.0/24 \ --availability-zone us-east-1a \ --tag-specifications 'ResourceType=subnet,Tags=[{Key=Name,Value=nautilus-pub-subnet}]' 🔹 2. Launch NAT Instance aws ec2 run-instances \ --image-id ami-xxxxxxxx \ --instance-type t2.micro \ --subnet-id PUBLIC_SUBNET_ID \ --associate-public-ip-address \ --tag-specifications 'ResourceType=instance,Tags=[{Key=Name,Value=nautilus-nat-instance}]' 🔹 3. Create Security Group for NAT aws ec2 create-security-group \ --group-name nautilus-nat-sg \ --description "NAT Instance SG" \ --vpc-id VPC_ID 🔹 4. Allow All Traffic (for NAT routing) aws ec2 authorize-security-group-ingress \ --group-id SG_ID \ --protocol -1 \ --cidr PRIVATE_SUBNET_CIDR 🔹 5. Enable IP Forwarding (on NAT Instance) sudo sysctl -w net.ipv4.ip_forward=1 🔹 6. Configure iptables NAT Rule sudo yum install iptables-services -y sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE sudo service iptables save 🔹 7. Update Route Table (Private Subnet) aws ec2 create-route \ --route-table-id PRIVATE_ROUTE_TABLE_ID \ --destination-cidr-block 0.0.0.0/0 \ --instance-id NAT_INSTANCE_ID 🔹 8. Verify S3 Upload from Private EC2 aws s3 ls s3://nautilus-nat-5333 👉 Look for: nautilus-test.txt 📚 What You’ll Learn: NAT Instance vs NAT Gateway Private subnet internet access design Route table configuration IP forwarding and iptables AWS networking architecture S3 connectivity validation 🌟 Why This Lab Matters: In real-world cloud architectures, private EC2 instances often require controlled internet access. NAT Instances provide a cost-effective way to enable outbound connectivity while keeping resources private. 🎯 Series: 100 Days of Cloud (AWS) Build real-world AWS networking and infrastructure skills step by step. 🔔 Follow OtterTech for more AWS, Azure, Kubernetes, Linux, Docker, and DevOps tutorials! #AWS #NATInstance #VPC #EC2 #S3 #CloudNetworking #AWSCLI #DevOps #100DaysOfCloud #OtterTech #Day30