Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- * create VPC
- ** "vpc_env"
- ** "192.168.0.0/16"
- * create subnet
- ** "us-east-1a"
- ** "192.168.1.0/24"
- * create instance
- ** "Free tier only"
- ** image: "Microsoft Windows Server 2012 R2 Base - ami-eb1ecd96"
- ** key pair: "vpc_env_keypair"
- ** get public IP (for RDP)
- ** get password:
- *** Administrator
- *** 4K.T8rsvhIZ?tDSOALAz9s2t@P?aI(MA
- ** RDP
- ** security group - allow RDP (default inbound is allowed)
- ** security group - allow response for RDP to go back (outbound - random port 1025 - 65535)
- ** subnet - auto-assign IP
- * subnet - route table
- * how to verify now ec2 can access to the Internet from within
- ** first: rdp to ec2
- ** windows:
- *** ping -t 8.8.8.8|cmd /q /v /c "(pause&pause)>nul & for /l %a in () do (set /p "data=" && echo(!date! !time! !data!)&ping -n 2 8.8.8.8>nul" > ping.txt
- ** Linux:
- *** ping www.google.fr | while read pong; do echo "$(date): $pong"; done > ping.txt
- ** second: change 0.0.0.0/0 from internet gateway to nat gateway
- ** wait a minute
- ** third: change 0.0.0.0/0 from gat gateway to internet gateway
- ** rdp to ec2
- ** final: check our log file to see whether the ping continues without long interruption
- -----------------------------
- (Virginia)
- (Oregon)
- VPC:
- * test_st_envsetup
- * 10.99.0.0/16
- Subnet:
- * test_st_envsetup_public
- * 10.99.1.0/24
- Routing:
- * default: local is set
- NACL:
- * "test_st_envsetup"
- * default: all is allowed
- Internet gateway:
- * test_st_envsetup_igw
- * create one
- * attach to VPC
- Routing:
- * 0.0.0.0/0 to internet gateway
- -----------------------------
- NAT
- (After setting up public subnet: )
- NAT:
- * add an Elastic IP
- * create an NAT
- * attach this NAT to our public subnet
- Create a private subnet:
- ** test_st_envsetup_private
- ** 10.99.2.0/24
- Routing:
- ** attention: we are still using the default routing table
- *** create a new routing table
- *** test_st_envsetup_private
- *** private subnet: direct 0.0.0.0/0 to NAT gateway
- *** attach the new routing table to our private subnet
- NACL:
- * default: all is allowed
- ------------------------------
- EC2-Linux:
- * create
- * add security group
- ** allow ssh inbound
- ** allow icmp "outbound" (attention: we are gonna send icmp from within) ??
- * "test_st_envsetup_keypair_final02"
- (* ping )
- * name it "test_st_envsetup_private"
- * ephemeral port
- ** "32768-61000"
- EC2-Windows:
- * create
- * add security group
- ** allow RDP inbound
- ** allow ICMP inbound
- * "test_st_envsetup_keypair_final"
- * RDP to Windows
- * close firewall
- error tryout:
- * remove internet gw
- * add back
- * remove sg icmp setting (give it some time ... )
- * add back
- * remove nacl all rules
- * add nacl icmp blocking inbound
- * add nacl icmp blocking outbound
- ------------------------------
- Test: add a bastion host
- * create a new ec2 linux instance
- * "test_st_envsetup_public"
- * auto-assign public IP: enable
- * Must choose the same key pair used for private subnet
- * name it
- Putty:
- * convert private key to .ppk format for Putty connection
- ** "test_st_envsetup_keypair_final02"
- * add this ppk-format file to your pageant
- * putty
- ** hostname: "ec2-user@52.91.156.32"
- ** Connection-SSH-Auth- click allow agent forwarding
- ** save "linux_rhel_ec2-user_final"
- * ssh to the ec2 linux instance in the private subnet
- ** "ssh ec2-user@10.99.2.168"
- * ping test
- error tryout:
- * remove sg outbound rules for ICMP
- ** add back
- * add and remove sg inbound rules for ICMP
- ** to prove it's stateful
- ------------------------------
- * make it sleep
- delete NAT gateway
- stop instances
- release elastic IP
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement