The goal of this hands-on lab is to fix the broken environment and achieve the goal as outlined below. The first video in this lab presents the scenario and the goal, while the second video provides the solution (if needed). Do your best to solve the connectivity issue without viewing the solution video. **Goal:** Fix the connectivity issue in the AWS environment so that you can update the `yum` package installer (from the command line) on the provided EC2 instance (named “web server”). This environment has been created with security in mind, so the “web server” EC2 instance has been provisioned in a private subnet and placed behind a bastion host and NAT gateway.
Learning Objectives
Successfully complete this lab by achieving the following learning objectives:
- Fix SSH Ingress to Bastion Host
The Issue
SSH traffic is being denied by the security group associated with the bastion host.
How to Fix the Issue
Add an SSH (port 22) allow rule to the security group associated with the bastion host.
- Fix Egress from Web Server to Internet
The Issue
The NACL protecting the web server only allows return traffic to the public subnet, not the internet.
How to Fix the Issue
Add an outbound "all traffic" allow rule to 0.0.0.0/0 to the NACL.
- Fix Web Server Route to Internet
The Issue
The web server does not have a route to the NAT gateway.
How to Fix the Issue
Add a route to the NAT gateway on the route table associated with the private subnet the web server is located in.
