AWS Assignment
Table of contents
- 1] Provide peering connection between 3 VPC, check transitive connection.
- 2] Create transit gateway and connect 3 VPC, check transitive connection here
- 3] Create a single Nat-instance and access internet from 2 private ec2 instances launched in two 2 different AZ's.
- 4] Create NAT-gateway and access internet from 2 private ec2 instances present in different AZ's
- 5] Setup 2 Flow-logs for VPC, and store each in Cloudwatch-logs and S3.
- 6] Setup private connection between ec2 and S3. Use both Gateway and Interface endpoints.
- 7] Block any 2 to 3 ips. Pick these ips from flow-logs entries.
1] Provide peering connection between 3 VPC, check transitive connection.
Create 3 VPC's
Create 2public & 2private subnets in different availability zones for all VPC's
Add those subnets to respective route tables
Create internet gateways for each VPC's & attach it to VPC
Route the IG to public RT
Create peering connection
Add it in the Route table
Now ping to private instance of other VPC & it will ping
2] Create transit gateway and connect 3 VPC, check transitive connection here
Create Transit gateways
Create Transit gateway attachments
you can see the changes in the Transit gateway route tables
Editing the main route tables of the instances and attaching tgw attachments
Now try to ping instances of different VPC, it will ping
3] Create a single Nat-instance and access internet from 2 private ec2 instances launched in two 2 different AZ's.
Creating NAT Instance
Attach elastic IP
Edit the Rout table
Now try to ping, it will ping
4] Create NAT-gateway and access internet from 2 private ec2 instances present in different AZ's
Create a NAT gateway
Edit routs
Now ping
5] Setup 2 Flow-logs for VPC, and store each in Cloudwatch-logs and S3.
Through S3
VPC -> Select public VPC (my-vpc-01) -> Flow logs -> Create flow log -> Name -> Filter -> Maximum Aggregation interval -> Destination -> create flow logs
Go to S3 bucket, there you can find aws logs
Through Cloud Watch
Create an IAM role & provide CloudWatchFullAccess
Create Cloud watch Log Group
now select VPC & create a flow log
go to cloud watch log group & see Log streams
6] Setup private connection between ec2 and S3. Use both Gateway and Interface endpoints.
Gateway Endpoint
Attach IAM S3 full access to private EC2 instance
Go to End point in VPC & create one
Route table will be automatically updated
Interface Endpoint
Network interface will be created after doing all this
7] Block any 2 to 3 ips. Pick these ips from flow-logs entries.
Create the Network ACL
