Enable you to launch AWS services into a virtual network.

Step summary:

  1. create a VPC
  2. Create a public and private Subnet
  3. Create internet gateway

The same way you have a virtual private network.

  1. you can either create your public and private subnets.
  2. Launching resources with your own private ip address.

Now we are going to create a private subnet.

You’ll notice our internet gateway is detached. We have to attach our internet gateway to our VPC.

Now we will create a route to the public subnet.

Now lets check out our instances.

Now create a Linux instance. Except, when you choose your network, choose the one you created just now!

For the first instance we are creating, choose the subnet labeled public.

Now follow the guide until it is finished.

Now create another linux instance, this time we will make it the private subnet.

Now continue until the guide is finished.

Name them public and private respectively.

Now lets connect your linux instances.

Now in your terminal lets ping a website.

[ec2-user@ip-10-0-1-190 ~]$ ping

Now click control c to close this.

This was connected to our public subnet and because of that it is able to ping. Now we will try to open a private instance through our public network.

Now open your terminal in sftp, and add your private pem to the remote public connection.

In order to use our private instance we have to go through our public instance.

Now that we dragged in our private pem to the public connection. We can go to our terminal that is switched to the remote access, indicated by [ec2-user@ip-10–0–1–190 ~]$ and check to make sure our pem is there.

[ec2-user@ip-10-0-1-190 ~]$ ls

Now that we’ve confirmed its there, we can get the private ip of our private instance.

[ec2-user@ip-10-0-1-190 ~]$ sudo ssh -i "LinuxPrivateNet.pem" ec2-user@YourPrivateIP

This command will connect us with our private instance.

Lets try to ping a public website.

Now we have accessed the private instance through our public instance that shares a VPC.

For accessing the private instance in any public instance u first need to create those public instances in public subnet of the similar VPC(used by both private and public subnet).

The NAT (Network address translator) instance creates a bridge from the public instance to the private instance. The public instance can access any public website on the internet. The private instance cannot access any public website. A NAT can also help a private instance access public websites on the internet. A NAT isn’t the only way to connect a localhost to the internet. NAT is AWS specific.

Now choose configure.


Click continue in the warning.

Now create an elastic ip and connect it to your nat instance.

Click on edit route table association

Now open your terminal.

Lets create a connection for your nattest.pem

If you try to connect, and you are having some troubles double check and make sure your source is correct and matches accordingly:

Looks like our sources don’t match our subnet, also change your outbound rules to Anywhere.

When configuring the nat instance we should have chosen a public subnet, not a private subnet.

Should have chosen select an existing security group, then clicked “Copy to new” under actions.

We should have also added ssh as a type after copying over .