open AWS Management Console

To create an AWS NAT Gateway with a VPC, subnet, Internet Gateway (IGW), and Route tables, follow these steps: 1) Create a VPC,. 2) Subnet, 3) IGW, 4) NAT Gateway, 5) Route Table. Note: For testing, Create 2 EC2 instances -one in Public, one in Private. Test EC2 in Private can communicate to internet. #Step 1 Create a VPC , to create VPC follow these steps:

Click Networking & Content Delivery.

Click VPC.

Click Your VPCs.

Click Create VPC.

Make Sure "VPC only" is selected under 'Resources to create'. Give a Name to your VPC under 'Name tag', Ex. MyVPC1. Once done click Next in Supervity Instruction Widget.

Make Sure 'IPv4 CIDR manual input' is selected Type your IPv4 CIDR (IPv4 address range) under 'IPv4 CIDR' **Ex. 10.50.0.0/16** ## IPv4 CIDR block Specify an IPv4 CIDR block (or IP address range) for your VPC. The CIDR block size must have a size between /16 and /28. Once done click Next in Supervity Instruction Widget.

Leave all other Selections (or Options). Click 'Create VPC'

Click 'Actions' to Edit VPC Settings.

Click Edit VPC settings.

Select 'Enable DNS hostname' ## DNS hostnames The DNS hostnames attribute determines whether instances launched in the VPC receive public DNS hostnames that correspond to their public IP addresses. Once done click Next in Supervity Instruction Widget.

Click "Save".

Step2: To ‘Create subnets’ follow these steps: Click Subnets ## Note: Create 2 subnets, one for ‘Public connection’ another for ‘Private connection’. Choose the VPC you created in the previous step and provide a CIDR block for the subnet. Select an availability zone and create the subnet.

Click Create subnet.

Click and Select **Your VPC** (created in earlier step). Once done click Next in Supervity Instruction Widget.

Name your Subnet for Public Connection, Ex. My-Public-Subnet ## Create subnet. To add a new subnet to your VPC, you must specify an IPv4 CIDR block for the subnet from the range of your VPC. You can specify the Availability Zone in which you want the subnet to reside. You can have multiple subnets in the same Availability Zone. Once done click Next in Supervity Instruction Widget.

Click and select any one of the Available **Availability Zones**. Ex. 1a. Once done click Next in Supervity Instruction Widget. ## Availability Zones The Availability Zone where this subnet will reside. Select No Preference to let Amazon choose an Availability Zone for you.

Specify IPv4 CIDR (IP Address Range) for your Subnet as per your VPC IPv4 CIDR block. Ex. Your VPC is **10.50.0.0/16**, then your subnet is 10.50.1.0/24. ## Subnet CIDR block Specify your subnet's IP address block in CIDR format; for example, 10.0.0.0/24. IPv4 block sizes must be between a /16 netmask and /28 netmask and can be the same size as your VPC.

To add a subnet for Private Connection. Click "Add new subnet"

Name your Subnet for Private Connection, Ex. My-Private-Subnet

Click and select anyone of the Available **Availability Zones**(other than previously selected AZ). Ex. 1b or 1c

Specify IPv4 CIDR (IP Address Range) for your Subnet as per your VPC IPv4 CIDR block.(must not same as previous subnet) Ex. Your VPC is 10.50.0.0/16, then your subnet is **10.50.2.0/24**.

Click Create subnet

Step3: Create Internet Gateway (IGW) to connect our VPC to Internet Follow the steps to create new IGW, Click “Internet gateways.” ## Create internet gateway An internet gateway enables communication between your VPC and the internet. After you create the internet gateway, attach it to your VPC and specify it as a target in your subnet route table for internet routable IPv4 or IPv6 traffic.

Click "Create internet gateway"

Give Name for your Internet Gateway. Ex. My-IGW1

Click "Create internet gateway"

Click "Actions" to Attach your VPC to your Internet Gateway

Click "Attach to VPC"

Click and Select your VPC (created at earlier step(step1))

Click "Attach internet gateway". Now your VPC will be attached to your IGW

Step4: Create NAT Gateway to Connect Instance in private network(subnet) can communicate to internet. Follow the steps to create NAT Gateway: Click “NAT Gateways” ## NAT gateway AWS NAT Gateway is a managed network address translation (NAT) service provided by Amazon Web Services (AWS). It allows resources within a private subnet in a Virtual Private Cloud (VPC) to access the internet while remaining hidden from external sources. NAT Gateway provides a secure and controlled way for instances in private subnets to communicate with the internet and AWS services. A Network Address Translation (NAT) gateway is a device that forwards traffic from private subnets to other networks. There are two types of NAT gateways: • Public: Instances in private subnets can connect to the internet but cannot receive unsolicited inbound connections from the internet. • Private: Instances in private subnets can connect to other VPCs or your on-premises network. **Our NAT Gateway is here a Public Type**

Click "Create NAT gateway"

Give Name for your NAT Gateway Ex.my-nat-gateway-01

Click and Select a subnet in which to create the NAT gateway. **Select the Subnet create for Public connection (My-Public-Subnet)**

Connectivity type: Choose "Public"

To allocate Static and Public IP Address (Elastic IP) to Your NAT Gateway. Click "Allocate Elastic IP". Alternatively choose an existing Elastic IP from the dropdown. ## Elastic IP Address An Elastic IP address (EIP) is a static, public IPv4 address provided by Amazon Web Services (AWS). It is associated with your AWS account and can be allocated to an instance or resource in your Virtual Private Cloud (VPC). Unlike a standard public IP address that is dynamically assigned and changes when an instance is stopped or terminated, an Elastic IP address remains static, allowing you to maintain a consistent public IP address for your AWS resources.

Click "Create NAT gateway" Now the NAT Gateway will be Created

Your NAT Gateway is Created.

Click "NAT gateways", to go back to NAT Gateways Console

Select your NAT gateway and check NAT Gateway State shows 'Available' ### Note: Status of the NAT gateway. The initial status of the NAT gateway is **Pending**. After the status changes to **Available**, the NAT gateway is ready for you to use.

Click 'Refresh' to see change state of your NAT Gateway. Wait for NAT Gateway State under Details shows 'Available'. Press Next to Continue the next step, **Create and update your route tables as needed**

Click Route tables

Step4: Create routing tables, edit route table to allow traffic to your VPC and to your NAT Gateway. To create routing tables, follow these steps. Click “Route tables” ### Routing Table A routing table is a virtual networking component that controls the traffic flow between subnets and determines how network traffic is directed. It acts as a set of rules that define the paths for network packets to follow within a Virtual Private Cloud (VPC).

When you create a VPC, a routing table is automatically created and associated with the VPC. This routing table is known as the "main" routing table. It provides basic connectivity within the VPC and allows communication between subnets within the VPC. ## In the following steps You have to configure the routing table, 1st Associate the public subnet, 2nd Edit route table to allow internet access though your IGW. And You have to create a Routing Table for NAT Gateway Follow the steps.

Drag the Bar, to find the **routing table** Which is created with your VPC. Check your VPC name under 'VPC' column.

Select The Routing Table (Which is created with your VPC)

The Routing Table Name may not be shown or not available under "Name". **Give Name to Routing Table.** Click at Name tag space. so you can give name. Under **Edit Name** Box: Give Name to the Routing Table. Ex. My-VPC-RT and Click "SAVE"

Give a Routing Table under 'Edit Name'. Once edited click Next in Supervity Instruction Widget.

Click on Save to keep the changes.

Select the Routing Table (ex. My-VPC-RT). To associate the subnet to the routing table. Click "Subnet associations" ### Subnet Association: Routing tables are associated with subnets, defining how traffic is routed within the VPC. By associating a subnet with a routing table, you determine the path for inbound and outbound traffic for that subnet

Under Explicit subnet associations, Click "Edit subnet associations"

**Select the subnet to associate to the routing table.** Select your Subnet created for Public connection.(My-Public-Subnet)

Click "Save associations"

To Allow internet traffic through your IGW, you have to add route to your routing table. Follow the steps to do: Click 'Routes'

Click Edit routes

Click Add route

Click and type **0.0.0.0/0** Note: **0.0.0.0/0** - means all traffic

Click and select "Internet Gateway"

Select your IGW, it show as 'igw-**********' (MyIGW1). Once selected, click on the Next button in the Supervity Instruction Widget and proceed further. ### Note: If incase igw not showing , click **Remove** and try again.

Click Save changes

Click "Route tables" to go back to the Routing Tables

Now You need to create a Routing table for NAT Gateway. Follow the steps to create a New Route Table. Click "Create route table"

Give Name to Route Table Ex. My-NAT-RT

Click and Select your VPC (MyVPC1)

Click "Create route table" Now New Route table will be created.

To Associate a subnet(My-Private-Subnet) to your Route Table. Click "Subnet associations"

Click "Edit subnet associations"

Select your Subnet to associate (My-Private-Subnet), Which is for private connection.

Click "Save associations"

Add route to allow traffic through NAT Gateway to your private subnet. Click "Edit routes" under Routes

Click "Add route"

Click and Type **0.0.0.0/0**

Click and Select **NAT Gateway** under Targets and select your NAT Gateway, shows as 'nat-*********'(myNAT). ### Note: Incase if it not showing your nat gateway , Click "Remove" and Add Route try again

Click "Save changes". Thus Routing Table part is completed.

Route table for NAT Gateway is Created

Check for the "Explicit subnet associations" details, which indicated NAT Route is created successfully. Press Next, to Check for the NAT Gateway Details

Click NAT gateways

Select Your NAT Gateway for the Details

Under details, Check the "Primary public IPv4 address"

also Check for the "Primary private IPv4 address"

This shows the NAT Gateway Created Successfully. VPC, Subnets, IGW, NAT Gateway, Route Table part completed. ### Test the NAT Gateway by creating **two EC2 Instance**. The 1st EC2 Instance should be in Public connected subnet(My-Public-Subnet). 2nd EC2 Instance should be in Private Subnet(My-Private-Subnet) For this Creation Refer " AWS Practitioner-Create EC2 instance" Skill Or AWS: Test 'NAT Gateway' skill