In day 30 Enable Internet Access for Private EC2 using NAT Instance i faces an issue

sherdil · March 16, 2026, 7:32pm

in day 30 of cloud i face any issue after doing all the configuration as expected but still got no files in s3 bucket ,
1 : scenrio ami is not in free tier so far for that i used general ami
2: all the iptables configuration for nat instance has been enable as describe in officaial documentation.
3: watch all solving vedios on yt and read every medium blog but did not work any of them.

anyone who can reachout so we can do it togegther if anyone does it recently
kindly guide me

rob_kodekloud · March 16, 2026, 8:58pm

Not sure TBH. I’m looking into this.

rob_kodekloud · March 16, 2026, 9:50pm

Not sure why you had trouble on the image. Please take a look at this solution guide – it worked for me.

Alistair_KodeKloud · March 17, 2026, 8:49pm

I guess you were trying to do it via the AWS console, unlike the solution suggested by Rob which does it all from the lab terminal. As you can probably tell from the github solution, there are many steps to this problem.

To create a public subnet requires all of this
1. Create an Internet Gateway and associate with the VPC
2. Create the subnet
3. Create a route table for the subnet with an entry for 0.0.0.0/0 that points to the internet gateway
  These steps are what makes the subnet public.
Amazon Linux 2 is deprecated and will be completely retired at the end of June (I asked Engineering to update the instructions). The default option when launching instance is now Amazon Linux 2023. This is still fine, but when configuring NAT you will also have to install iptables via yum as it isn’t on this image by default.
You must create a custom security group for the NAT instance that allows external connections or you will not be able to connect to it to configure iptables.

sherdil · March 18, 2026, 7:48pm

dears,
i did all the configuration using ui base but let what comes out a i am trying it again will update accordingly, however if noting work we may discusss it an bit althought thank for putting the issue forword regarding instruction update , thanks for time.

sherdil · March 25, 2026, 5:51am

nautilus-test.tx was not found in s3 . could you help to to sort out this task.

sherdil · March 25, 2026, 7:09am

nautilus-test.tx was not found in s3 . could you help to to sort out this task. i already done all the trailing solutions too.

Srikanth_Reddy · March 27, 2026, 9:11am

Hi @sherdil,
The doc has been updated, you can use it as a reference. You can perform the task via AWS console as well, however make sure you don’t miss any step.

rob_kodekloud · March 28, 2026, 3:46am

As Srikanth points out, we’ve updated a few things. The main things are:

We now use Amazon Linux 2023 rather than Amazon Linux 2
You need to install iptables on nat-instance, because AL 2023 does not do that by default.
The iptables code is a little different, because the main interface on the virtual is now enX0, rather than eth0 as it used to be.

The new guide covers these things, and is a good way to figure out the task.

ramakris · April 20, 2026, 10:02pm

I’m unsuccessful with the NAT instance task. Despite following the CLI guide exactly, the text file isn’t being created in S3. I’ve confirmed my NAT instance is running AL2023 and I’ve applied the iptables rules . Is there a common reason why the outbound connection from the private subnet might still be failing?

rob_kodekloud · April 20, 2026, 10:06pm

Which guide are you using? We changed the distribution used for the task to Amazon Linux 2023, and that changes how you solve the task slightly. If you set up iptables correctly for that distribution, it should work.

ramakris · April 21, 2026, 2:54am

yes I am using Amazon Linux 2023. The guide that I used is -

github.com

Srikanth0824/kodekloud-engineer/blob/main/100_Days_of_Cloud-AWS/Day30.md

## Task: Enable Internet Access for Private EC2 using NAT Instance
The Nautilus DevOps team is tasked with enabling internet access for an EC2 instance running in a private subnet. This instance should be able to upload a test file to a public S3 bucket once it can access the internet. To minimize costs, the team has decided to use a NAT Instance instead of a NAT Gateway.

The following components already exist in the environment:
1. A VPC named `xfusion-priv-vpc` and a private subnet named `xfusion-priv-subnet` have been created.
2. An EC2 instance named `xfusion-priv-ec2` is already running in the private subnet.
3. The EC2 instance is configured with a cron job that uploads a test file to the S3 bucket `xfusion-nat-31533` every minute. Upload will only succeed once internet access is established.

Your task is to:
- Create a new public subnet named `xfusion-pub-subnet` in the existing VPC.
- Launch a NAT Instance in the public subnet using an Amazon Linux 2023 AMI and name it `xfusion-nat-instance`. Configure this instance to act as a NAT instance. Make sure to use a custom security group for this instance.

After the configuration, verify that the test file `xfusion-test.txt` appears in the S3 bucket `xfusion-nat-31533`. This indicates successful internet access from the private EC2 instance via the NAT Instance.

**Note**: `iptables` is not installed by default on `Amazon Linux 2023`. You will need to install and enable it before configuring NAT setup.

---

## Solution

This file has been truncated. show original

Also, these are the commands that I used for iptables-
IFACE=$(ip -o route get 1.1.1.1 | awk ‘{for(i=1;i<=NF;i++) if ($i==“dev”) print $(i+1)}’)
iptables -t nat -A POSTROUTING -o “$IFACE” -j MASQUERADE
iptables -A FORWARD -i “$IFACE” -o “$IFACE” -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i “$IFACE” -o “$IFACE” -j ACCEPT

ramakris · April 21, 2026, 10:09pm

Hi, any update? i tried with NAT gateway it worked just fine, but I was unable to complete the task as it expects the route to NAT EC2 instance. Please help, so that I can move to next exercise. It won’t let me move to the next exercise.

rob_kodekloud · April 21, 2026, 11:08pm

If you follow the guide carefully, it should work. I actually used the guide as a loose framewark and did pretty much the whole thing in the console. You do need to make sure to set up the routing tables right. I also logged into the instance to create the iptables invocations – you can check ip addr to make sure that you have the right interface.

MIQDAD · April 23, 2026, 6:30am

refer to this tutorial
KodeKloud-100-Days-Of-AWS/Day-30 at main · MiqdadProjects/KodeKloud-100-Days-Of-AWS · GitHub

MIQDAD · April 23, 2026, 6:31am

try this KodeKloud-100-Days-Of-AWS/Day-30 at main · MiqdadProjects/KodeKloud-100-Days-Of-AWS · GitHub