Amazon_VPC_26
Don’t define NAT gateway in the private subnet, to avoid the risk of exposing the private subnet to the internet
From Portal:
Note: In order to do this, you need to change the route table or create a new NAT Gateway. Following are the steps:
1. Sign in to the Amazon VPC console at https://console.aws.amazon.com/vpc/
2. Choose NAT Gateways
3. Before doing the step below, make sure that it is possible to temporary disable internet access of the instances associated with this Gateway.
3. Find the Gateway that reside in a private subnet, and click delete.
4. Create a new NAT gateway, associate it in a public subnet – subnet that routes to the internet through Internet Gateway. Choose the Elastic IP of the previous Gateway.
From Command Line:
“`
aws ec2 delete-nat-gateway –nat-gateway-id NAT_GATEWAY_ID
then
aws ec2 create-nat-gateway –subnet-id PUBLIC_SUBNET_ID –allocation-id PREVIOUS_ELASTIC_IP_ID
“`
Referencess:
1. https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html
2. https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ec2/delete-nat-gateway.html
3. https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ec2/create-nat-gateway.html
Want to Know More?
Learn how our partners are managing their cloud security and compliance with Cloudlytics.
I hereby accept the GDPR and Privacy Policy, by subscribing to the newsletters.
