Public-Private Cloud Architecture
Nihal Shardul
Problem Statement: A company prioritizing data security seeks to implement a hybrid cloud architecture that safeguards sensitive information while enabling secure employee access. The architecture must utilize a public-private strategy where employees can connect to private instances through a VPN, ensuring that no external entities can access these private resources. Additionally, the private instances must maintain internet access for essential activities like package updates without exposing them to the public internet. This design requires a balance between security and functionality, ensuring robust access controls and effective network configurations to protect against unauthorized access while facilitating necessary operations.
Solution: The following architecture we will follow,
As we have configured VPN to make our infrastructure private (https://nshardul.hashnode.dev/configure-vpn-to-make-your-infrastructure-private) but we can our ec2 instance in private subnet can’t access to internet.
We will be configuring this step in this blog.
Please follow (https://nshardul.hashnode.dev/configure-vpn-to-make-your-infrastructure-private) blog information before proceeding this. As we have covered how we can set up our VPN and and create our private infrastructure.
Connect to VPN before going forward. Now, we will create private subnet in our VPN and also create NAT gateway in Public subnet. NAT Gateway should be in Public subnet because Internet gateway is attached to Public subnet and NAT Gateway will act as mediator between Private subnet and Internet Gateway. Which will provide internet access to private subnet. Also, create EC2 instance in Private subnet and try to update ec2 instance. It will not update as it does not have internet access and should pop up below error.
Now, let try to set up NAT Gateway in Public Subnet.
Once NAT Gateway is created we will create a route table for our private subnet and add NAT Gateway entry in it.
Once its done, Our EC2 instance should have access to internet.
Hooray !!! our private instance has internet access.
Please let me know your comments.
Thanks.
Subscribe to my newsletter
Read articles from Nihal Shardul directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by
Nihal Shardul
Nihal Shardul
Enthusiast Cloud and Security with expertise in AWS and DevOps. Proficient in Python, Bash, Git, Jenkins, and container orchestration tools like Docker and Kubernetes, I focus on automation and CI/CD practices. I leverage security tools such as NMAP, Nessus, and Metasploit to identify and mitigate vulnerabilities. Passionate about learning and collaboration, I thrive on enhancing cloud security and efficiency. Always eager to advance my skills, I aim to contribute to the tech community.