Deploy NAT instance (DONE)

I followed this one guide to build a working NAT instance:

https://docs.aws.amazon.com/vpc/latest/userguide/work-with-nat-instances.html

Issues Encountered:

Issue #1: My private EC2’s could ping out to the internet, but they were unable to download any packages from the online RHEL repositories.

Fix #1: This was a security group issue. My NAT instance security group needs to have the following to allow HTTPS downloads from the online repositories:

  • Inbound rule must allow HTTPS to from the EC2 private subnet
  • Outbound rule must allow HTTPS to anywhere (towards the Internet Gateway of the public subnet)

Notes:

Disable source/destination checks on the NAT instance

“iptables” package is used on the NAT instance to allow port forwarding

A route entry must be added to the private subnet Route Table. When destination is Anywhere – 0.0.0.0/0, it is routed directly to the public Elastic Network Interface of the NAT Instance.