This is likely the first question that comes to mind when dealing with a VPC.
Let’s use the architecture in the image to simplify things further.
Internet Gateway:
The Internet Gateway is essentially the gateway to the external world for your VPC.
Without it, you won’t be able to access any server you deploy in the VPC, nor will the servers be able to access the internet.
Here’s what it allows you to do:
✅ SSH into any public subnet's server, but only if it has a public IP.
✅ Download tools you need onto that server by accessing outside internet.
NAT Gateway:
You could still ssh from your public subnet to the private subnet but what if you need that private subnet to access the outside world (internet)?
The NAT Gateway enables your private subnets to access the internet, but nothing from the internet can directly access your private servers.
IMPORTANT NOTE : NAT Gateway must be placed in public subnet itself for it to be able to access outside internet, because remember any thing inside private subnet can not access internet by default.
Here’s why this is useful:
✅ Increased security ⬆️
✅ You can download tools from the internet onto your server in the private subnet.
Accessing Your Private Server:
To access a private server in this setup, you’ll follow these steps:
- SSH into your server in the public subnet (referred to as "Bastion" in the image).
- From the Bastion server, SSH again into your server in the private subnet (referred to as "Private App").
🤍 I'd love to connect with you on LinkedIn—let's grow our network and share ideas! here
Top comments (0)