Enable you to launch AWS services into a virtual network.

Step summary:

  1. Create a public and private Subnet
  2. Create internet gateway

The same way you have a virtual private network.

  1. you can either create your public and private subnets.
  2. Launching resources with your own private ip address.
Click VPCs
Click Close
The one with the name is the one you have created. Choose that one.
Click Close

Now we are going to create a private subnet.

You’ll notice our internet gateway is detached. We have to attach our internet gateway to our VPC.

Now we will create a route to the public subnet.

I made a mistake, name it ‘public’
rename it to public if it isn’t public.
Click edit routes

Now lets check out our instances.

Now create a Linux instance. Except, when you choose your network, choose the one you created just now!

For the first instance we are creating, choose the subnet labeled public.

Now follow the guide until it is finished.

Now create another linux instance, this time we will make it the private subnet.

Now continue until the guide is finished.

Name them public and private respectively.

Now you’ll notice your elastic ips are available and connected.

Now lets connect your linux instances.

Now in your terminal lets ping a website.

[ec2-user@ip-10-0-1-190 ~]$ ping

Now click control c to close this.

This was connected to our public subnet and because of that it is able to ping. Now we will try to open a private instance through our public network.

Now open your terminal in sftp, and add your private pem to the remote public connection.

add your private pem to the remote public connection, by dragging it in (shown right)

In order to use our private instance we have to go through our public instance.

Now that we dragged in our private pem to the public connection. We can go to our terminal that is switched to the remote access, indicated by [ec2-user@ip-10–0–1–190 ~]$ and check to make sure our pem is there.

[ec2-user@ip-10-0-1-190 ~]$ ls

Now that we’ve confirmed its there, we can get the private ip of our private instance.

Grab the private IP address.
[ec2-user@ip-10-0-1-190 ~]$ sudo ssh -i "LinuxPrivateNet.pem" ec2-user@YourPrivateIP

This command will connect us with our private instance.

Should show this.

Lets try to ping a public website.

Now we have accessed the private instance through our public instance that shares a VPC.

For accessing the private instance in any public instance u first need to create those public instances in public subnet of the similar VPC(used by both private and public subnet).

The NAT (Network address translator) instance creates a bridge from the public instance to the private instance. The public instance can access any public website on the internet. The private instance cannot access any public website. A NAT can also help a private instance access public websites on the internet. A NAT isn’t the only way to connect a localhost to the internet. NAT is AWS specific.

Whatever you want
Whatever you want
Choose the VPC you created.
Manually type the same source for these Inbound rules.
We can have them both be “Anywhere” for outbound rules.
Hopefully you will see your security group is successfully created.
Now launch instance.

Now choose configure.


You should see your types in the security group you created.

Click continue in the warning.

Click Next.
Go to your instances and name it something nat related.

Now create an elastic ip and connect it to your nat instance.

We disabled this nat instance as a destination, so instead it will act as a bridge between the public and private instance.
Click Close
Click edit routes

Click on edit route table association

Now open your terminal.

Lets create a connection for your nattest.pem

Copy the public ip

If you try to connect, and you are having some troubles double check and make sure your source is correct and matches accordingly:

Looks like our sources don’t match our subnet, also change your outbound rules to Anywhere.

When configuring the nat instance we should have chosen a public subnet, not a private subnet.

Should have chosen select an existing security group, then clicked “Copy to new” under actions.

We should have also added ssh as a type after copying over .



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store