AWS NAT Instance Basics

aws_nat_basic.md

NAT Instance on AWS - Basics

References:

• [Setting up the NAT Instance] (http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_NAT_Instance.html)
• [Setting Up A NAT Server] (https://www.youtube.com/watch?v=V3pbUzAjdxo)
• [Comparison of NAT Instances and NAT Gateways] (http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-nat-comparison.html)
• [Creating the NATSG Security Group] (http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_NAT_Instance.html)
• [Securely connect to Linux instances running in a private Amazon VPC] (https://blogs.aws.amazon.com/security/post/Tx3N8GFK85UN1G6/Securely-connect-to-Linux-instances-running-in-a-private-Amazon-VPC)

Method

1. Create a VPC with an internet gateway, if one doesn't exist
2. Create a public subnet, if one doesn't exist
3. Create a private subnet, if one doesn't exist

• 172.30.21.0/24
• us-east-1a
• tag: private

4. Launch NAT server

• search on nat in community images
• amzn-ami-vpc-nat-hvm-2016.03.0.x86_64-ebs - ami-311a1a5b * Amazon Linux AMI 2016.03.0 x86_64 VPC NAT HVM EBS * Root device type: ebs; Virtualization type: hvm
• t2.nano
• launch in public subnet with Public IP address to be assigned
• storage to GP2 from Magnetic
• Tag Name as NAT
• Security group: [NATSG] (http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_NAT_Instance.html#NATSG)
• Once launched: Console>Actions>Networking>Change Source/Dest. Check>Disable

5. Launch instance in private subnet

• Ubuntu
• t2.nano
• Security group: all traffic

6. Create new routing table

• Go to VPC
• name: private-for-NAT
• 0.0.0.0/0 to NAT instance
• check that status goes to Active on save
• edit subnet associations so private subnet associated

7. Copy .pem file to NAT instance
8. Login into private instance through NAT instance (see also bastion server)

See Also

ssh-agent bash

ssh-add -c [key].pem