Welcome to this challenge lab!
In this lab, you will be creating a centralized egress internet environment. You will be given access to two VPCs. In the workload VPC, a subnet will be provisioned and an EC2 instance will be available in this subnet for you to connect to. You will start off by deploying three subnets and an internet gateway. Once deployed, you will proceed with deploying a transit gateway and a NAT gateway before finishing the configuration with route table modifications. Finally, you’ll test web site access from an EC2 instance in one of the VPCs.
To complete this lab, you should have an understanding of all of the technologies mentioned above, as well as knowledge of the AWS Management Console.
Good luck, Cloud Gurus!
Learning Objectives
Successfully complete this lab by achieving the following learning objectives:
- Create Transit Gateway and Attach to the New Transit Gateway Subnets in Each VPC
In this objective, you will be creating a transit gateway. Once this has been created, you will then create transit gateway attachments and configure these for the newly created subnets in the
WorkloadVPCandEgressVPC.Use the following information for this objective:
Creating a transit gateway
Name = Transit-Gateway-01 Description = WorkloadVPC-EgressVPCWorkloadVPC transit gateway attachment
Name = WorkloadVPC-TGW-Att Transit gateway ID = Transit-Gateway01 Attachment type = VPC VPC ID = WorkloadVPC Subnet ID = WorkloadVPCTransitUsEast1aEgressVPC transit gateway attachment
Name = EgressVPC-TGW-Att Transit gateway ID = Transit-Gateway01 Attachment type = VPC VPC ID = EgressVPC Subnet ID = EgressVPCTransitUsEast1a- Create NAT Gateway
In this objective, we will be deploying a NAT gateway called EgressVPCNGW in the public subnet of our VPC.
Use the following settings for this objective:
Name = EgressVPCNGW Subnet = EgressVPCNATUsEast1a Connectivity type = Public Elastic IP allocation ID = Allocate Elastic IP- Configure VPC Route Tables
In this objective, we will configure the route tables for traffic to flow from the EC2 instance through the environment to the target website. For the transit gateway, make sure you add this as a static route.
WorkloadVPCPrivateRouteTable
0.0.0.0/0 --> Transit GatewayEgressVPCTransitRouteTable
0.0.0.0/0 --> NAT GatewayEgressVPCNATRouteTable
0.0.0.0/0 --> Internet Gateway 10.0.0.0/16 --> Transit GatewayConfigure Transit Gateway Route Table
Transit Gateway Route Table
0.0.0.0/0 --> EgressVPC-TGW-Att- Test Website Connectivity from EC2Instance1
Using EC2Instance1 test connectivity to https://acloudguru.com.
Connect to EC2Instance1 using the connection option in the EC2 console and selct the Session Manager tab. Once connected, issue the following commands to test.
curl https://acloudguru.comIssue this command:
curl ifconfig.meVerify IP address displayed is the same as the public IP address of the NAT gateway.
- Create VPC Subnets and Link to Route Tables
In this objective, you will create the foundations for the lab by provisioning the subnets required for the lab.
Create Subnet in Workload VPC
VPCID = WorkloadVPC SubnetName = WorkloadVPCTransitUsEast1a Availability Zone = us-east-1a IPv4 CIDR Block = 10.0.0.0/28Map to route table WorkloadVPCTransitRouteTable.
Create Subnets in Egress VPC
VPCID = EgressVPC SubnetName = EgressVPCTransitUsEast1a Availability Zone = us-east-1a IPv4 CIDR Block = 10.1.0.0/28Map to route table EgressVPCTransitRouteTable.
VPCID = EgressVPC SubnetName = EgressVPCNATUsEast1a Availability Zone = us-east-1a IPv4 CIDR Block = 10.1.0.16/28Map to route table EgressVPCNATRouteTable.
- Create Internet Gateway and Attach to the Egress VPC
In this objective, you will need to create an Internet Gateway and attach this to the Egress VPC.
Name = EgressVPCIGW Attach to VPC = EgressVPC
