This architecture includes:
A public EC2 instance running Apache, accessible via the internet.
A private EC2 instance with Git installed, accessible only through the public EC2 instance.
NAT Gateway to enable internet access for the private instance.
Step 1: Writing the CloudFormation Template
You can download the YAML file [here]
AWSTemplateFormatVersion: '2010-09-09' Description: CloudFormation template to create create a vpc with 1 public subnet with 1 ec2 instance with apache and make sure the website is working on its public ip. Then create a private subnet with nat gateway and create a private server and install git using userdata. SSH to the private server to make sure git is installed.
Step 2: Deploy the CloudFormation Stack
Upload the Template: Go to the AWS Management Console:
Navigate to CloudFormation > Create Stack.
Upload the template and provide parameters like CIDR blocks and key pair name.
Step 3: Access the Public EC2 Instance
To access the public EC2 instance:
Ensure SSH is enabled in the public instance's security group.
Use the following command from your local machine:
ssh -i "<key123.pem>" ubuntu@<Public_EC2_Public_IP>
Verify Apache is running: Open a browser and enter the public IP of the instance:
http://<Public_EC2_Public_IP>
Step 4: Accessing the Private EC2 Instance via Public EC2
Since the private EC2 instance is in a private subnet, it’s not directly accessible from the internet. You’ll use the public EC2 instance as a bastion host to connect to the private EC2 instance. Here's how:
Steps
- Copy the Key to the Public EC2 Instance
On your local machine(gitbash/powershell), copy the private key (key123.pem
) to the public EC2 instance using the scp
command:
scp -i "<key123.pem>" <key123.pem> ubuntu@<Public_EC2_Public_IP>:~/
chmod 400 <key123.pem>
Replace <key123.pem>
with the path to your private key file.
Replace <Public_EC2_Public_IP>
with the public IP address of the public EC2 instance.
SSH into the Public EC2 Instance
ssh -i "<key123.pem>" ubuntu@<Public_EC2_Public_IP> ls chmod 400 <key123.pem>
SSH into the Private EC2 Instance
ssh -i "<key123.pem>" ubuntu@<Private_EC2_Private_IP>
Verify Git Installation
Once logged into the private EC2 instance, confirm Git is installed:
git --version
Alternative: Using SSH-Agent for Accessing Private EC2 via Public EC2(Bastion Host) in windows OS
Steps on Local Machine(Git Bash)
Add your private key to the agent:
eval "$(ssh-agent)" ssh-add <your-key>.pem
Replace
k8skey.pem
with the path to your private key.Verify the loaded key:
ssh-add -l
This lists the identities added to the
ssh-agent
.SSH into the bastion host with agent forwarding:
ssh -A ubuntu@<public-server-IP>
The
-A
flag enables agent forwarding, allowing you to use the private key on the bastion host.SSH from the bastion host to the private server:
ssh -A ubuntu@<private-server-IP>
Agent forwarding allows you to connect securely without needing to copy the private key to the bastion host.
Final Step: Clean-Up Instance
After successfully deploying and testing your infrastructure, it’s important to clean up the resources to avoid unnecessary costs. Here’s how:
Delete the CloudFormation Stack
Navigate to the AWS CloudFormation Console.
Select your stack and click Delete.
AWS will automatically delete all resources created by the stack, such as the VPC, elastic IP, subnets, EC2 instances, NAT Gateway, and more.