Allow that only instance A can connect to instance B and Prevent the others on a public internet trying to connect to instance B

Case 1: Only instance A can connect to instance B and instance B can’t initiate a connection to a public internet.

Conditions

  • Instance A can initiate a connection to a public internet
  • A public internet can initiate a connection to instance A with its public IP address
  • Instance A can make a connection to instance B with private IP address
  • Instance B has no public IP address
  • A public internet can’t initiate a connection with instance B

How to define

  1. Create your VPC
    VPC Name: my_vpc
  2. Create an internet gateway  and attach it to VPC
    • Create an internet gateway: ig_for_my_vpc
    • Attach ‘ig_for_my_vpc‘ to ‘my_vpc‘: Click ‘Attach to VPC
    •  

      This slideshow requires JavaScript.

  3. Create a subnet ‘subnet_external’
    • In ‘VPC’ box, select a VPC that you created
    • IPv4 CIDR block:
      • Declare that this subnet use IP prefix 156.147.1.0,
      • ‘IPv4 CIDR block:’ 156.147.1.0/24
    • Screen Shot 2017-07-17 at 5.50.08 PM
    • Add a routing rule to VPC’s internet gateway on ‘subnet_external’s routing table
    • subnet_external_rt
      Click a routing table text

      subnet_external_rt_edit
      Write a routing rule to an internet gateway
  4. Create a routing table for internal network
    • Routing table name: rt_subnet_internal
      Select VPC that you created.
      rt_create
  5. Create a subnet ‘subnet_internal’
    • In ‘VPC’ box, select a VPC that you created
    • IPv4 CIDR block:
      • Declare that this subnet use IP prefix 156.147.2.0,
      • ‘IPv4 CIDR block:’ 156.147.2.0/24

        subnet_internal
        Write information for ‘subnet_internal’
  6. Create an EC2 instance with ‘subnet_external’
    ec2_external
    EC2 external instance configuration

    ec2_external_status
    EC2-external: Public IP = 13.124.183.176, Private IP = 156.147.1.228
  7. Create an EC2 instance with ‘subnet_internal’
    • You have to select ‘Disabled‘ for ‘Auto-assign Public IP
      ec2_internal.png
      EC2 configuration

      ec2_internal_status
      EC2-external: Private IP = 156.147.2.159
  8. Try to check if you can connect to EC2 internal instance after logging onto EC2 external instance.


Sunjoo:~ sunjoo$ ssh -i key.pem ubuntu@13.124.183.176
Warning: Permanently added '13.124.183.176' (ECDSA) to the list of known hosts.
ubuntu@ip-156-147-1-228:~$ hostname
ip-156-147-1-228
ubuntu@ip-156-147-1-228:~$ ssh ubuntu@156.147.2.159
Warning: Permanently added '156.147.2.159' (ECDSA) to the list of known hosts.
ubuntu@ip-156-147-2-159:~$ hostname
ip-156-147-2-159
ubuntu@ip-156-147-2-159:~$

Advertisements

Author: all4dich

http://webchat.freenode.net/?channels=node.js

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s