The following is an overview diagram of our setup. Note that this post does not cover HA setup although it is possible to extend it further by running the instances in multiple AZs. In our VPC, we have public and private subnets: in our public subnet, we have the openVPN instance and in our private subnet we have the web server (server 1). This configuration allows you to separate public & private traffic by terminating all internet traffic at the public subnet layer. It is possible to have your internal instances in the public subnet where your VPN instance is located but the above model provides more isolation. The steps To configure your VPN, perform the following: Create a...
Continue reading...
Understanding the distinction between “private” and “public” subnets in Amazon VPC requires an understanding of how IP routing and network address translation (NAT) works in general, and how they are specifically implemented in VPC. The core differentiation between a public and private subnet in VPC is defined by what that subnet’s default route is, in the VPC routing tables.. This configuration, dictates the validity of using, or not using, public IP addresses on instances on that particular subnet. Each subnet has exactly one default route, which can be only one of two things: The VPC’s “Internet Gateway” object, in the case of a “public” subnet An EC2 instance, performing the “NAT instance” role, in the case of a “private” subnet....
Continue reading...