I have completed the task successfully , still getting error that private route table is not associated with 0.0.0.0/0 to NAT gateway even though I associated

durganaresh1742 · February 23, 2026, 2:12am

Day 30: Enable Internet Access for Private EC2 using NAT Instance

I followed the question and updated but still i am getting an error. Even though the job will run automatically to the S3 bucket, I got an error that the private route table is not associated with the NAT gateway even though I associated

raymond.baoly · February 23, 2026, 7:10am

Hi @durganaresh1742

Please refer to the solution below and try again.

github.com

Srikanth0824/kodekloud-engineer/blob/main/100_Days_of_Cloud-AWS/Day30.md

## Task: Enable Internet Access for Private EC2 using NAT Instance
The Nautilus DevOps team is tasked with enabling internet access for an EC2 instance running in a private subnet. This instance should be able to upload a test file to a public S3 bucket once it can access the internet. To minimize costs, the team has decided to use a NAT Instance instead of a NAT Gateway.

The following components already exist in the environment:
1. A VPC named `xfusion-priv-vpc` and a private subnet named `xfusion-priv-subnet` have been created.
2. An EC2 instance named `xfusion-priv-ec2` is already running in the private subnet.
3. The EC2 instance is configured with a cron job that uploads a test file to the S3 bucket `xfusion-nat-31533` every minute. Upload will only succeed once internet access is established.

Your task is to:
- Create a new public subnet named `xfusion-pub-subnet` in the existing VPC.
- Launch a NAT Instance in the public subnet using an Amazon Linux 2 AMI and name it `xfusion-nat-instance`. Configure this instance to act as a NAT instance. Make sure to use a custom security group for this instance.

After the configuration, verify that the test file `xfusion-test.txt` appears in the S3 bucket `xfusion-nat-31533`. This indicates successful internet access from the private EC2 instance via the NAT Instance.

---

## Solution

### Step 1: Set Variables
```bash

This file has been truncated. show original

durganaresh1742 · February 24, 2026, 5:35am

Hi @ raymond.baoly

As per the github repo you provided, i have followed the same for today but cron job is not happened. But yesterday everything works but failed I am not sure where exactly it denying the connection.

Followed

Srikanth0824/kodekloud-engineer/blob/main/100_Days_of_Cloud-AWS/Day30.md

durganaresh1742 · February 25, 2026, 5:55am

Today also I have followed the same to enable Internet access using the NAT instance, but still the job is not running to upload the file to the S3 bucket.

First created the Subnet with devops-pub-subnet with a private VPC and Enable auto-assign public IPv4 address, and also attached the IGW with the VPC.
created the public route table associated with public subnet
created security group while allowing all traffic with private subnet CIDR and SSH
Created the EC2 instance devops-nat-instance and disabled the source and destination
add the IP tables on the NAT instance following the doc

Attached the Nat Instance to private route table associate with private subnet

Not sure where exactly the internet access is blocking for S3 bucket to run cron job

Please, anyone, help me to finish this task; it will be very help to understand and learn if I am missed any part

raymond.baoly · February 25, 2026, 8:15am

Hi @durganaresh1742

I’ve just checked and it seems the solution is missing the update to the route table. Because of this, the private instance cannot access the NAT instance. The private route table should include a route to the internet through the NAT instance.

durganaresh1742 · February 27, 2026, 11:30am

Thank you for sharing the solution. I have tried that; while generating through CLI, it works, but the manual way is failing with the NAT connectivity.

Thank you once again for completing the task. Day 30

durganaresh1742 · April 10, 2026, 7:05am

Hi @raymond.baoly

I completely understand that earlier I missed the “s” in variables on task 35, and that might have caused the issue.

However, I’m now facing the same problem again on the last task. This time I made sure to use the correct variables file name, ran all the Terraform commands, and completed the task successfully. Despite that, it’s still failing during the final confirmation.

Could you please help me understand why this is happening again even after correcting the mistake and completing all the steps properly?

Thanks for your help!

durganaresh1742 · April 10, 2026, 7:11am

Why does it work every second time instead of first time even after followed the correct syntaxs & correct commands

raymond.baoly · April 14, 2026, 7:16am

This time, you used the wrong name for main.tf, you wrote maint.tf.

Narasimha · April 17, 2026, 3:19am

I followed below steps from command line, but file devops-test.txt not found in S3 bucket. please suggest me.

1) Create Public Subnet

aws ec2 create-subnet
–vpc-id
–cidr-block 10.1.2.0/24
–tag-specifications “ResourceType=subnet,Tags=[{Key=Name,Value=devops-pub-subnet}]”

2) Create and Attach Internet Gateway

aws ec2 create-internet-gateway

Copy the InternetGatewayId, then:

aws ec2 attach-internet-gateway
–internet-gateway-id
–vpc-id

3) Create Public Route Table

aws ec2 create-route-table
–vpc-id

Copy RouteTableId, then:

aws ec2 create-route
–route-table-id
–destination-cidr-block 0.0.0.0/0
–gateway-id

4) Associate Public Subnet

aws ec2 associate-route-table
–subnet-id
–route-table-id

5) Create NAT Security Group

aws ec2 create-security-group
–group-name devops-nat-sg
–description “NAT SG”
–vpc-id

Copy GroupId, then:

Allow private subnet traffic

aws ec2 authorize-security-group-ingress
–group-id
–protocol -1
–cidr 10.1.1.0/24

SSH access

aws ec2 authorize-security-group-ingress
–group-id
–protocol tcp --port 22 --cidr 0.0.0.0/0

Allow all outbound

aws ec2 authorize-security-group-egress
–group-id
–protocol -1
–cidr 0.0.0.0/0

6) Launch NAT Instance (Amazon Linux 2023)

First, get an AMI manually:

aws ec2 describe-images
–owners amazon
–filters “Name=name,Values=al2023-ami-*”
–query “Images[0].ImageId”

Then launch:

aws ec2 run-instances
–image-id
–instance-type t2.micro
–subnet-id
–associate-public-ip-address
–security-group-ids
–tag-specifications “ResourceType=instance,Tags=[{Key=Name,Value=devops-nat-instance}]”

Copy InstanceId.

7) Disable Source/Destination Check

aws ec2 modify-instance-attribute
–instance-id
–no-source-dest-check

8) Configure NAT (SSH into instance)

ssh -i <key.pem> ec2-user@

Install iptables (required for Amazon Linux 2023)

sudo dnf install -y iptables-services

Enable IP forwarding

echo “net.ipv4.ip_forward = 1” | sudo tee -a /etc/sysctl.conf
sudo sysctl -p

Configure NAT

sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

Persist rules

sudo service iptables save
sudo systemctl enable iptables
sudo systemctl start iptables

9) Update Private Route Table

Find route table attached to devops-priv-subnet, then:

aws ec2 create-route
–route-table-id
–destination-cidr-block 0.0.0.0/0
–instance-id

10) Verification

After ~1–2 minutes:

aws s3 ls s3://devops-nat-27807/

raymond.baoly · April 20, 2026, 7:27am

Hi @Narasimha

We have a solution about for this task, please refer to it and try again.