Skip to content

Contact sales

By filling out this form and clicking submit, you acknowledge our privacy policy.
  • Labs icon Lab
  • A Cloud Guru
Google Cloud Platform icon
Labs

Configuring Centralized Access to the Internet

In this lab, you will be creating a centralized egress internet environment. You will be given access to two VPCs and will be deploying a transit gateway, network firewall, and NAT gateway before finishing the configuration with route table modifications. Finally, you will be testing web site access from an EC2 instance in one of the VPCs. To complete this lab, you should have an understanding of all of the technologies mentioned above, as well as knowledge of the AWS Management Console.

Try for free Contact sales
Google Cloud Platform icon
Labs

Path Info

Level
Clock icon Intermediate
Duration
Clock icon 1h 30m
Published
Clock icon May 19, 2023

Contact sales

By filling out this form and clicking submit, you acknowledge our privacy policy.

Table of Contents

  1. Challenge

    Create a Transit Gateway and Attach to the New Transit Gateway Subnets in Each VPC

    In this objective, you will be creating a transit gateway. Once this has been created, you will then create transit gateway attachments and configure these for the newly created subnets in the WorkloadVPC and EgressVPC.

    Use the following information for this objective:

    Creating a transit gateway

    Name = Transit-Gateway-01
Description = WorkloadVPC-EgressVPC

    WorkloadVPC transit gateway attachment

    Name = WorkloadVPC-TGW-Att
Transit gateway ID = Transit-Gateway01
Attachment type = VPC
VPC ID = WorkloadVPC
Subnet ID = WorkloadVPCTransitUsEast1a

    EgressVPC transit gateway attachment

    Name = EgressVPC-TGW-Att
Transit gateway ID = Transit-Gateway01
Attachment type = VPC
VPC ID = EgressVPC
Subnet ID = EgressVPCTransitUsEast1a

  2. Challenge

    Create Network Firewall Rule Group, Firewall Policy, and Network Firewall

    In this objective, we will be creating the AWS Network Firewall.

    Network Firewall rule groups

    Rule group type = Stateful rule group
Name = WebsiteWhiteList
Capacity = 10
Stateful rule group options = Domain list
Rule order = Default
Domain name source = .acloudguru.com
Source IPs type = 10.0.0.0/16 and 10.1.0.0/16
Protocols = HTTP and HTTPS
Action = Allow

    Firewall policies

    Name = TestFirewall-Policy
Stream exception policy = Drop

    Stateless default actions

    Choose how to tream fragmented packets = Use the same actions for all packets
Action = Forward to stateful rule groups

    Stateful rule evaluation order and default actions

    Rule order = Default

    Stateful rule group

    Add = WebsiteWhiteList

    Firewalls

    Name = TestNWFW
VPC = EgressVPC

    Firewall Subnets

    Availability Zone - us-east-1a
Subnet = EgressVPCFirewallUsEast1a
IP address type = IPv4

    Associated firewall policy

    Associate an existing firewall policy = Choose policy you created above

  3. Challenge

    Create NAT Gateway

    In this objective, we will be deploying a NAT gateway called EgressVPCNGW in the public subnet of our VPC.

    Use the following settings for this objective:

    Name = EgressVPCNGW
Subnet = EgressVPCNATUsEast1a
Connectivity type = Public
Elastic IP allocation ID = Allocate Elastic IP

  4. Challenge

    Configure Route Tables

    In this objective, we will configure the route tables for traffic to flow from the EC2 instance through the environment to the target website. For the transit gateway, make sure you add this as a static route.

    WorkloadVPCPrivateRouteTable

    0.0.0.0./0 --> Transit Gateway

    Transit Gateway Route Table

    0.0.0.0/0 --> egressVPC

    EgressVPCTransitRouteTable

    0.0.0.0/0 --> Gateway Load Balancer - VPC endpoint

    EgressVPCFirewallRouteTable

    0.0.0.0/0 --> NAT Gateway
10.0.0.0/16 --> Transit Gateway

    EgressVPCNATRouteTable

    0.0.0.0/0 --> Internet Gateway
10.0.0.0/16 --> Gateway Load Balancer - VPC endpoint

  5. Challenge

    Test Website Connectivity from EC2Instance1

    Using EC2Instance1, test connectivity to https://acloudguru.com.

    Connect to EC2Instance1 using the connection option in the EC2 console, and select the Session Manager tab. Once connected, issue the following commands to test:

    Working Website Test

    curl https://acloudguru.com

    Blocked Website Test

    curl https://www.bbc.co.uk

A Cloud Guru - Labs - Configuring Centralized Access to the Internet
Author
A Cloud Guru

The Cloud Content team comprises subject matter experts hyper focused on services offered by the leading cloud vendors (AWS, GCP, and Azure), as well as cloud-related technologies such as Linux and DevOps. The team is thrilled to share their knowledge to help you build modern tech solutions from the ground up, secure and optimize your environments, and so much more!

What's a lab?

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Provided environment for hands-on practice

We will provide the credentials and environment necessary for you to practice right within your browser.

Guided walkthrough

Follow along with the author’s guided walkthrough and build something new in your provided environment!

Did you know?

On average, you retain 75% more of your learning if you get time for practice.

Start learning by doing today

View Plans