AWS Task 13 level 2

The Nautilus DevOps team has been tasked with demonstrating the use of VPC Peering to enable communication between two VPCs. One VPC will be a private VPC that contains a private EC2 instance, while the other will be the default public VPC containing a publicly accessible EC2 instance.

1. There is already an existing EC2 instance in the public vpc/subnet:

• Name: xfusion-public-ec2

2. There is already an existing Private VPC:

• Name: xfusion-private-vpc
• CIDR: 10.1.0.0/16

3. There is already an existing Subnet in xfusion-private-vpc:

• Name: xfusion-private-subnet
• CIDR: 10.1.1.0/24

4. There is already an existing EC2 instance in the private subnet:

• Name: xfusion-private-ec2

5. Create a Peering Connection between the Default VPC and the Private VPC:

• VPC Peering Connection Name: xfusion-vpc-peering

6. Configure Route Tables to enable communication between the two VPCs.

• Ensure the private EC2 instance is accessible from the public EC2 instance.

7. Test the Connection:

• Add /root/.ssh/id_rsa.pub public key to the public EC2 instance’s ec2-user’s authorized_keys to make sure we are able to ssh into this instance from AWS client host. You may also need to update the security group of the private EC2 instance to allow ICMP traffic from the public/default VPC CIDR. This will enable you to ping the private instance from the public instance.
• SSH into the public EC2 instance and ensure that you can ping the private EC2 instance.

Use below given AWS Credentials: (You can run the showcreds command on aws-client host to retrieve these credentials)

Console URL https://211125603807.signin.aws.amazon.com/consol

I was able to acheive almost 90% of the task
Can u help me on how to acheive this
7) Test the Connection:

• Add /root/.ssh/id_rsa.pub public key to the public EC2 instance’s ec2-user’s authorized_keys to make sure we are able to ssh into this instance from AWS client host. You may also need to update the security group of the private EC2 instance to allow ICMP traffic from the public/default VPC CIDR. This will enable you to ping the private instance from the public instance.

Private EC2 instance is in priavte subnet, so either i have to confihure a bastion to connect or i have attach a internet gateway to the private subnet to make it public subnet.

Even if i do this not sure will i be able to get the authorised keys from the private ec2 instance or not

So you’re being asked to ensure you can SSH from the AWS client host (the lab terminal) to the public EC2 instance. So you need the public key from the client host’s .ssh directory added to public EC2’s authorized_keys

You should be able to get a terminal on the EC2 instances by right clicking on them in the EC2 console view and clicking “connect”. Then you can edit the authorized_keys file and paste in the key.
Get the public IP address of the public server and SSH to it from AWS client host.

Ensure that you can ping the private host from the public host.

To resolve this issue and complete the task successfully please follow below steps:

1. You need to copy the content of id_rsa.pub from aws_client machine to the authorized_keys file of pubic machine appropriately. Also validate the content with “cat authorized_keys” command under .ssh directory.
2. chmod 400 id_rsa file from both machines

The asked is to connect aws_client machine to connect with public instance . we don’t need to create bastion or don’t need to configure anything on private instance.

@Alistair_KodeKloud

Screenshot 2025-01-08 at 4.15.05 PM1920×1076 164 KB

@sawant.akshay.1305 Have tried, still getting the same, please let me know if iam missing anything here.

This implies that the way you need to connect to the public EC2 instance is

ssh ec2-user@<public IP>

NOT

ssh root@<public-ip>

which from the screenshot is what you configured. So you have copied the public key to the wrong user’s authorized_keys on the public instance.