I created the public subnet and private subnet ,Internet gateway associated the public subnet. Now the webserver was provisioned or installed in private subnet but how do we access any content from private subnet ,why was the server installed. in the lecture ? Also, say for example if I install mysql db in private , how do i access the db from outside? in other words how do i access the webserver/db running in private subnet from public or http?
0
votes
2 Answers
1
votes
If you want to access your private subnet from outside of the VPC you need to add a bastion host to the public subnet. The bastion host should have a security group which only allows connections from the IP of your personal machine (if this is where your accessing from). And the security group of the insurance in the private subnet should allow traffic from the bastion host's security group. (The private subnet NACL, allows all by default).
If your trying to access the private subnet from within the VPC. Then you don't need to configure anything by default. As the private subnet NACL by default allows all local traffic. (Security groups by default deny all traffic, so ensure the dB instance, if in a security group, allows traffic from the public subnet, ideally limiting to the specific protocol).
0
votes
You can access to your private subnet in ssh or rdp by using a bastion host which you have to install to your public subnet. But you have to configure well your security groups and your NACL.
For internet access of your private subnet, you have to install a NAT Gateway in your public subnet (for example for your db)
For more information, this is an interesting link for you:
https://cloudacademy.com/blog/aws-bastion-host-nat-instances-vpc-peering-security/
Hope it will help
