Accessing an EC2 Instance in a Private Subnet from a Public Subnet Instance on AWS

 


When setting up a complex network architecture on Amazon Web Services (AWS), you might need to establish communication between instances located in different subnets. One common scenario involves accessing an EC2 instance located in a private subnet from another EC2 instance located in a public subnet. In this blog, we'll guide you through the steps to achieve this setup using Linux instances. We'll leverage AWS VPC (Virtual Private Cloud) capabilities to securely access a private subnet instance from a public subnet instance.


**Table of Contents:**


1. **Understanding the Architecture**

2. **Creating a Virtual Private Cloud (VPC)**

3. **Setting Up Subnets**

4. **Launching EC2 Instances**

5. **Configuring Security Groups**

6. **Establishing SSH Key Pairs**

7. **Enabling Traffic Routing**

8. **Accessing Private Subnet EC2 Instance**


**1. Understanding the Architecture:**

In this scenario, you'll have a Virtual Private Cloud (VPC) with two subnets: a public subnet and a private subnet. The public subnet will host an EC2 instance that acts as a gateway to access the private subnet. The private subnet will contain the target EC2 instance that you want to access.


**2. Creating a Virtual Private Cloud (VPC):**

1. Log in to your AWS Management Console.

2. Navigate to the VPC dashboard.

3. Create a new VPC with an appropriate CIDR block.


**3. Setting Up Subnets:**

1. Create a public subnet and a private subnet within the VPC.

2. Define CIDR blocks for each subnet.


**4. Launching EC2 Instances:**

1. Launch an EC2 instance in the public subnet.

2. Launch another EC2 instance in the private subnet.


**5. Configuring Security Groups:**

1. Create security groups for both instances:

   - For the public subnet instance, allow inbound SSH (port 22) traffic.

   - For the private subnet instance, allow inbound SSH traffic only from the security group of the public subnet instance.


**6. Establishing SSH Key Pairs:**

1. Create an SSH key pair if you haven't already.

2. Associate the key pair with both instances.


**7. Enabling Traffic Routing:**

1. Configure the public subnet instance to act as a NAT (Network Address Translation) gateway by enabling IP forwarding and modifying the route table.

Also Read: A Step-by-Step Guide to VPC Peering Across Multiple Regions

**8. Accessing Private Subnet EC2 Instance:**

1. SSH into the public subnet instance using your SSH key pair.

2. From the public subnet instance, SSH into the private subnet instance using its private IP address.


Conclusion:

By following the steps outlined in this guide, you've successfully set up a secure way to access an EC2 instance in a private subnet from another EC2 instance in a public subnet. This architecture enables you to control access to your resources while maintaining a high level of security within your AWS VPC. Keep in mind that security best practices and proper configuration are crucial to ensure the integrity and confidentiality of your data and resources.