Day 30: How to Enable Internet Access for Private EC2 using NAT Instance | AWS Networking

Welcome to Day 30 of the AWS & Cloud DevOps Series! In this video, we will learn how to provide internet access to a private EC2 instance using a NAT Instance. This is a practical AWS networking scenario where private servers need outbound internet connectivity without being directly exposed to the public internet. ---------------------------------------------------------------------------- STEP 1: Login & Find Existing Resources Go to VPC → Subnets → find xfusion-priv-subnet Note down: Its CIDR block (e.g. 10.1.1.0/24) Its Availability Zone (e.g. us-east-1a) Go to VPC → Your VPCs → find xfusion-priv-vpc Note its CIDR block (e.g. 10.1.0.0/16) STEP 2: Create Public Subnet VPC → Subnets → Create subnet VPC: xfusion-priv-vpc Name: xfusion-pub-subnet AZ: same as private subnet CIDR: a different range e.g. if private is 10.1.1.0/24 use 10.1.2.0/24 STEP 3: Create & Attach Internet Gateway VPC → Internet Gateways → Create Name: xfusion-igw After creation → Actions → Attach to VPC → select xfusion-priv-vpc STEP 4: Create Public Route Table VPC → Route Tables → Create route table Name: xfusion-pub-rt VPC: xfusion-priv-vpc Routes tab → Edit routes → Add route: Destination: 0.0.0.0/0 Target: xfusion-igw Subnet associations tab → Edit → associate xfusion-pub-subnet STEP 5: Create Security Group for NAT Instance EC2 → Security Groups → Create Name: xfusion-nat-sg VPC: xfusion-priv-vpc Inbound rules: All traffic — Source: private subnet CIDR (e.g. 10.1.1.0/24) SSH — Source: 0.0.0.0/0 Outbound: All traffic 0.0.0.0/0 (default) STEP 6: Launch NAT Instance EC2 → Launch Instance Name: xfusion-nat-instance AMI: Amazon Linux 2023 Type: t3.micro Network: xfusion-priv-vpc Subnet: xfusion-pub-subnet Auto-assign public IP: ENABLE ✅ Security group: xfusion-nat-sg STEP 7: Disable Source/Destination Check ⚠️ Don't skip! EC2 → select xfusion-nat-instance Actions → Networking → Change source/destination check Check the "Stop" box ✅ → Save STEP 8: Configure NAT on the Instance Connect via EC2 Instance Connect, then run: Install iptables sudo dnf install -y iptables-services Enable IP forwarding echo "net.ipv4.ip_forward=1" | sudo tee /etc/sysctl.d/nat.conf sudo sysctl -p /etc/sysctl.d/nat.conf Confirm forwarding is on (must output 1) cat /proc/sys/net/ipv4/ip_forward Check your interface name ip link show Look for the interface that is UP — likely ens5 Add NAT rule (replace ens5 if different) sudo iptables -t nat -A POSTROUTING -o ens5 -j MASQUERADE Save and enable sudo service iptables save sudo systemctl enable iptables sudo systemctl start iptables Verify rule is in place sudo iptables -t nat -L -v STEP 9: Update Private Subnet Route Table VPC → Route Tables → find the route table associated with xfusion-priv-subnet Edit routes → Add route: Destination: 0.0.0.0/0 Target: Instance → select xfusion-nat-instance STEP 10: Verify Wait 2 minutes, then: S3 → xfusion-nat-9963 → check for xfusion-test.txt ✅ ------------------------------------------------------------ By the end of this video, you will understand how private EC2 instances communicate with the internet using a NAT Instance and how routing works inside an AWS VPC. 👍 Like, Share & Subscribe for more AWS, Azure, Cloud Custodian, DevOps, and Cloud Security tutorials. 🔔 Upcoming Topics: AWS NAT Gateway VPC Peering Transit Gateway AWS Security Best Practices #AWS #EC2 #NATInstance #AWSNetworking #VPC #CloudComputing #DevOps #PrivateSubnet #PublicSubnet #CloudEngineer #AWSCloud #MultiCloudSupport