Making Private Subnets Really Private
This guide provides step-by-step instructions on how to make private subnets private.
Hafeez Baig
28 steps
5 minutes
Amazon Web Services
Refer to the following guide to learn how to use IAM in the cloud\ <https://scribehow.com/shared/Creating_an_IAM_User_and_User_Group_in_AWS_Management_Console__hWNiiXlcRJKFqYZZEJD-cg>
1
Sign in to **AWS Management Console** as an **IAM User** **Pre-requisite** - Ensure you have selected the AWS region closest to your location\ For this guide, we will be using us-east-2 (Ohio) as a preferred choice
2
Type **VPC** in the search bar and click on **VPC** to view the VPC Dashboard
3
On the **VPC** Dashboard, click on the **Route tables** from the left bar
4
**Route tables** wizard will open, click on the **Create route table** button on the top right corner
5
Create route table wizard will open, Under the **Route table settings** provide the **Name** as "**My Public Subnet Route Table**" and select the "**my-custom-vpc**" from the **VPC** dropdown
6
Scroll the page and click on **Create route table** button
7
**My Public Subnet Route Table** is now successfully created. Scroll the page and click on **Edit routes** button
8
**Edit routes** wizard will open, click on the **Add route** button
9
From the **Destination** dropdown choose the **0.0.0.0/0** IP address
10
From the **Target** dropdown, click on the **Internet Gateway**
11
From the **Internet Gateway** dropdown, click on "**my-internet-gateway**"
12
**My Public Subnet Route Table** route table successfully updated
13
On the left bar click on the **Subnets**
14
**Subnets** wizard will open, select the **my-public-subnet** from the list of subnets
15
Scroll the page and click on the **Route table** tab
16
Click on the **Edit route table association** button
17
**Edit route table association** wizard will open, select the **Route table ID** as **My Public Subnet Route Table** option from the dropdown
18
Scroll the page and click on **Save** button
19
Subnet **my-public-subnet** is now successfully associated with **My Public Subnet Route Table** route table
20
On the left bar click on the **Route tables**
21
**Route tables** wizard will open, select the **My VPC Route Table**
22
Scroll the page and click on **Routes** tab
23
Click on **Edit routes** button
24
**Edit Routes** wizard will open, remove the **Internet Gateway** rule by clicking the **Remove** button on the right side and click on **Save changes** button
25
**My VPC Route Table** routes are now successfully updated
26
Now go back to **EC2 Instance Connect** tab
27
Reload the page by clicking on the reload icon
28
You can observe that attempting to connect with **EC2 Instance Connect** fails for the instance due to the private subnet configuration, which restricts access via Public IP address
Congratulations on completing this lab and making private subnets really private! Well done!
