Access the Private instance via bastion host(Jump server)

Dharmendra ChourasiyaDharmendra Chourasiya
3 min read

#Bastion host (Jump server) always available in public subnet to access the private subnet.

Prerequisite

→ AWS Account

→ VPC

→ Internet Gatway

→ Subnet (Public and Private)

→ Route Table

→ Ec2 Instance(VM)

**Process**

  1. Vpc Creation

  1. Internet gatway

Attach Internet gatway with VPC to enable traffic inside VPC from outside world.
You can now attach Internet gatway to a VPC to enable the VPC to communicate with the internet.

Subnet creation

  1. Route Table Creation

Associate public Route table with public subnet

Public RT is associate with public subnet

when we are working with public RT which is associate with public subnet. we have not provided Internet acces to perticulat RT and internet gatway yet.

Now define Route so perticular subnet have internet access

Create Private RT

Associate Private RT with Private Subnet

Note: This is private subnet RT and it does not need internet Access.so I am going to stick with default route with this IP address 12.0.0.0/16
which mean that it will not have internet access but it will have an internal access within the vpc. any resource which is running into private subnet will be be access by public subnet and vise versha.

Basic understanding
To access a public subnet from a private subnet in Amazon Virtual Private Cloud (VPC), you can use a NAT device:

  1. Create public and private subnets for the VPC

  2. Create a NAT gateway in the public subnet

  3. Use the bastion server to connect the private subnet

    Here are some other things to know about public and private subnets:

  • Public subnets: Have a direct route to an internet gateway, allowing resources to access the public internet

  • Private subnets: Do not have a direct route to an internet gateway, so resources require a NAT device to access the public internet

  • VPC resource map: Visualizes your network architecture

  • Auto-assign public IP: Enable this in the network settings to create a Linux server and access the internet

  • Elastic IP: Apply for one and attach it to the Linux server if you need a static IP

  • Security group: Check that the SSH port and access IP segment are enabled

  1. Ec2 Creation

    Private ec2

    use same public key

    Now access the ec2 instance of Bastion host

    → Access the Instance which is inside private subnet

    → copy the private key from local to bastion host and use ssh to private instance

0
Subscribe to my newsletter

Read articles from Dharmendra Chourasiya directly inside your inbox. Subscribe to the newsletter, and don't miss out.

vpcsubnetjumpserverBastion Hosts

Written by

Dharmendra Chourasiya
Dharmendra Chourasiya