Create VPC :
VPC and more
Add VPC name
3 Availability zone
3 private and 3 public subnets
NAT Gateways : none
VPC endpoint: none
click on Create VPC button to create VPC
Create two instances in EC2 instances
Do not forget to select our new created VPC while creating instance.
- Instance one with public subnet.
- Instance two with private subnet.
Security group which used in instances should have ssh of MY IP in inbound rule. So, do update that security group.
Now try to connect with public instance => you will be able to connect ( How to connect with instance
Now try to connect with private instance => you will not be able to connect to private route because private instance only be able to connect from public subnet only. so we will need to connect this private intance from our public instance.
Now we have to upload our .pem file on our public instance so that we can use that while we try to connect with private intance.
To upload .pem file from local to ec2 instance we will need "WinSCP" software.
To install WinSCP follow below steps
- sudo dpkg --add-architecture i386
- wget -qO - https://dl.winehq.org/wine-builds/winehq.key | sudo apt-key add -
- sudo apt-add-repository 'deb https://dl.winehq.org/wine-builds/ubuntu/ focal main'
- sudo apt install --install-recommends winehq-stable
- download winscp from official site https://winscp.net/eng/index.php
- cd ~/Downloads (path where your winscp is)
- wine WinSCP-\*-Setup.exe
- Install for all users (recommended) next
- Typical installation(recommended) next
- Install
Now run WinSCP and that will ask for username and password
username => ec2-user (use can check command "ls" to in your instance to get your instance name)
password => we need to do some configuration on our public ec2 instance for password usage and set new password otherwise we will not able to connect using winscp.
1. To enable connectivity using password in ec2
Connect to public instance from local machine and run below command to open configuration in your ec2 instance
- /etc/ssh/sshd_config
- find below line and make it to true
- PasswordAuthentication yes
- ctrl + x
- then re-started the service using
- sudo systemctl restart sshd
2. update password of our default ec2-user
- sudo passwd ec2-user (username)
- it will ask new password add your password and retype it and
- sudo service ssh restart
now use that username (ec2-user) and password (which you set) to connect into WinSCP
Now you just need to drag and drop .pem file from local to instance. that's it
Now connect with your public instance and do run "ls" command. you will see your pem file there.
You will need to run below command to make your .pem file accessible in our public ec2 instance
- sudo chmod 400 FirstKeyPair.pem (your pem file name)
Now try to connect with your private instance from this public instance and you will be able to connect with that private instance
Bonus:- issues and solutions
- /etc/ssh/sshd_config
- PasswordAuthentication yes
- then re-started the service using
- sudo systemctl restart sshd
- sudo passwd ec2-user
- and
- sudo passwd root
- Then reboot the ssh server daemon:
- sudo service ssh restart