Pre-requisites
- AWS account (https://youtu.be/SFaSB6vgp8k)
- puTTY (https://apps.microsoft.com/detail/xpfnzksklbp7rj?hl=en-US&gl=US)
1.) Steps to create a Bastion Host
- To create your VPC go to the VPC icon on console or search VPC and click on it.
- Put in the required details, but for the subnet I would be using 10.0.0.0/16.
- We would go ahead and create subnets by clicking on the subnet button. And this would be for both public and private. It is recommended to create two for each subnets both public and private for high availability. I would be using 10.0.10.0/27 for a zone, 10.0.20.0/27 for b zone in the public subnets and 10.0.30.0/27 for a zone and 10.0.40.0/27 for b zone in private subnets.
- Create a NAT gateway and add the private subnets to it,Note: The NAT gateway should have a public IP, that is to say you could use any of the public subnet. I would be using the public a zone.
- Also create an internet gateway and attach to the public subnet for VPC.
Create route table for public subnet with the created internet gateway.
Also, a route table for the private subnet would be create using the NAT gateway.
2.) Create both private and public EC2 with respective subnets in VPC.
- Go to EC2 and launch instance to create EC2 for subnets.
- For private instance add a private subnet, and public subnet for public instance.
- Make sure both instances are in running state.
3.) Configure puTTY to connect to host and add both keys to pagent.
- First add the keypairs to the pagent by opening pagent and adding keys.
- Open your puTTY. Add your public IP for Bastion host i.e public subnet on seesion.
- Enable agent for forwading on puTTY by going to SSH and Auth. Then click agent forwarding.
- Go to seesion. Click ok and accept to launch the Bastion EC2.
4.) On Bastion host access private server.
- Use command ssh@hostname of private host to access it
- Accept by typing yes to gain access to private host.
5) Test pinging.
- Use ping google.com to see if NAT is working effectively,
- Ctrl C to cancel.
Conclusion:
The Bastion host which is used to gain access to the private host is how users can access private network outside of the VPC.