AWS Task 13 level 2

Cloud AWS
#1

The Nautilus DevOps team has been tasked with demonstrating the use of VPC Peering to enable communication between two VPCs. One VPC will be a private VPC that contains a private EC2 instance, while the other will be the default public VPC containing a publicly accessible EC2 instance.

  1. There is already an existing EC2 instance in the public vpc/subnet:
  • Name: xfusion-public-ec2
  1. There is already an existing Private VPC:
  • Name: xfusion-private-vpc
  • CIDR: 10.1.0.0/16
  1. There is already an existing Subnet in xfusion-private-vpc:
  • Name: xfusion-private-subnet
  • CIDR: 10.1.1.0/24
  1. There is already an existing EC2 instance in the private subnet:
  • Name: xfusion-private-ec2
  1. Create a Peering Connection between the Default VPC and the Private VPC:
  • VPC Peering Connection Name: xfusion-vpc-peering
  1. Configure Route Tables to enable communication between the two VPCs.
  • Ensure the private EC2 instance is accessible from the public EC2 instance.
  1. Test the Connection:
  • Add /root/.ssh/id_rsa.pub public key to the public EC2 instance’s ec2-user’s authorized_keys to make sure we are able to ssh into this instance from AWS client host. You may also need to update the security group of the private EC2 instance to allow ICMP traffic from the public/default VPC CIDR. This will enable you to ping the private instance from the public instance.
  • SSH into the public EC2 instance and ensure that you can ping the private EC2 instance.

Use below given AWS Credentials: (You can run the showcreds command on aws-client host to retrieve these credentials)

Console URL https://211125603807.signin.aws.amazon.com/consol

I was able to acheive almost 90% of the task
Can u help me on how to acheive this
7) Test the Connection:

  • Add /root/.ssh/id_rsa.pub public key to the public EC2 instance’s ec2-user’s authorized_keys to make sure we are able to ssh into this instance from AWS client host. You may also need to update the security group of the private EC2 instance to allow ICMP traffic from the public/default VPC CIDR. This will enable you to ping the private instance from the public instance.
#2

Screenshot 2024-12-25 at 6.46.20 PM
Screenshot 2024-12-25 at 6.46.20 PM1866×542 24.9 KB

#3

Private EC2 instance is in priavte subnet, so either i have to confihure a bastion to connect or i have attach a internet gateway to the private subnet to make it public subnet.

Even if i do this not sure will i be able to get the authorised keys from the private ec2 instance or not

#4

So you’re being asked to ensure you can SSH from the AWS client host (the lab terminal) to the public EC2 instance. So you need the public key from the client host’s .ssh directory added to public EC2’s authorized_keys

You should be able to get a terminal on the EC2 instances by right clicking on them in the EC2 console view and clicking “connect”. Then you can edit the authorized_keys file and paste in the key.
Get the public IP address of the public server and SSH to it from AWS client host.

Ensure that you can ping the private host from the public host.