O my God !! The unique way Rahul explains is the superb in my IT tenure. Is there any Azure DevOps series of terraform automation created by Rahul ?? Hats off for your rare quality, Rahul !!!
Thank you for such a clear explanation and demo. The pace of this was perfect for me and I was able to grasp the concepts well. Created my own VPC with bastion/jump host and all was working as intended. Many thanks and keep the great content coming!
Thank you sir , so far this is the best tutorial about the topic that I have been searching. The diagram and step-by-step demo are really easy and helpful for me to follow along. Liked and subscribed.
Does having an EC2 instance in a public subnet automatically make that a Bastian host? Because in the video I did not see any specific configurations to the instance in the public subnet. What make an EC2 instance a Bastian host?
This is I want to ask him. He did not made any configurations as bastion host. He just allowed the IP-address range of public subnet to the private subnet. How can he say that it is bastion host. Simply he can say that instead of using NAT gateway with elastic IP. we can only use public subnet range.
Hi Rahul, Does all the Instances in the Public subnet will have the Public IP assigned to it ? I thought public subnet is the one with IGW and private subnet is the one with NAT gateway. In the AWS console i have VM's with Public subnet routed to IGW, but the internet doesn't work unless i enable it with Public IP assignment.
Hi Rahul, Thank for the detailed session and I have one question here during NAT gateway session you connected from pubilc ec2 to private ec2 without enabling public IP subnet in private ec2 SG, how you did that? or its connected via NAT gateway?
both the ec2 instances are in the same VPC which means both are in same network. The public ec2 instance present in public is only accesible via internet but the ec2 instance present in private subnet can be accessed via public ec2 instance internally without the need of NAT gateway because both of them are in internal network
Hi, thanks for the video. Is there anything like this for databases and other services too? I'm trying to find a way to access an internal database from my own PC. The internal database is just a database that is being used by an API on AWS. How can I use something like a VPN to open the database from my own PC?
whenever you create the instance you gave the name of test-key-pair , but when we login into the machine the name of the key will be different. how it happens
Hi Rahul, thanks a lot for the videos. Learning a lot from these videos. One question on bastion host, when we are copying the private key of ec2 which is in a private subnet to the internet exposed ec2 machine in a public subnet. Is it secured?
Hi Rahul, when we define subnets, when have to use Private ranges right? Such as 192.168.x.x, 172.16.x.x to 172.31.x.x, or 10.x.x.x. Or it doesn't matter?
I am not able to connect to private ec2 while connecting to private ec2 from bastion host. Doing ssh as shown in video, i did all steps correctly and tried but while doing ssh to private ec2 nothing is coming, its just blank
Hello Rahul, Correct me if I am wrong, both the ec2 instances are in the same VPC which means both are in same network, so it will connect right?. I still could not understand the concept of bastion. I already watched "Mastering AWS: NAT Gateway Setup in Your VPC" video, comparing these to, the differences are, in this video you explicitly adding Security group and in NAT gateway video all the configurations are same except the private subnet want to access internet(outbound only) using NAT. So adding the security group(enabling access from Private IPs of Public EC2 to all port in the Private ec2) is how a bastion host differs from normal private-public environment.
When it comes to choosing a CIDR range for a network, there are several factors to consider, including the size of the network, the number of hosts that need to be accommodated, and the availability of IP addresses. The "/12" in IPv4 CIDR notation corresponds to a subnet mask of 255.240.0.0, which means that the first 12 bits of the IP address are used for the network portion, leaving 20 bits for host addresses. This allows for a total of 2^20, or 1,048,576, IP addresses in the subnet (though the first and last addresses are reserved for the network and broadcast addresses, respectively). On the other hand, a "/10" CIDR range corresponds to a subnet mask of 255.192.0.0, which provides for 2^22, or 4,194,304, IP addresses in the subnet. The decision to use a "/12" CIDR range instead of a "/10" range would typically be based on the need for fewer IP addresses than a "/10" range provides. Using a "/12" range when a "/10" range is not necessary can help conserve IP addresses, which is particularly important given the limited availability of IPv4 addresses. However, it's also worth noting that the decision could be influenced by other factors, such as the design of the larger network, routing considerations, and the allocation policies of the organization or service provider managing the IP addresses.
@@subash000000 there is no rule on using 10.x.x.. or 12.x.x…. It is your own vpc just pick the range which you like. The vpcs are not in public domain so you have liberty to choose any range
Can you please make a video on how to Configure the Web application(Python Flask) And Database (Postgre SQl) in the EC2 instance, by using the same security bastion host.
Here is a video which is already there on my channel- AWS how to setup VPC, Public, Private Subnet, NAT, Internet Gateway, Route Table? - (Part-5) ruclips.net/video/43tIX7901Gs/видео.html
I always get this error ubuntu@ip-10-0-0-80:~$ ssh -i "aws_ec2_instance_key.pem" ubuntu@10.0.1.179 ubuntu@10.0.1.179: Permission denied (publickey,gssapi-keyex,gssapi-with-mic). anyone have any idea?
@@RahulWagh I'm pretty sure i did not. upon further inspection, i found that there's a default route table assigned to the private subnet (you see it at 10:44) and that allows connectivity inside the same VPC. so that implies if you allow ssh to pvt ec2 in the security group, you'll be able to connect to it from the public ec2 thus no route table needed.
O my God !! The unique way Rahul explains is the superb in my IT tenure. Is there any Azure DevOps series of terraform automation created by Rahul ?? Hats off for your rare quality, Rahul !!!
Thanks for liking it. As off now there is no terraform azure series
You are compressing my learning timeline from months to hours. I really appreciate your selflessness.
Cheers to that
Your are one of the best DevOps trainers Who provides in deapth info for DevOps aspirants
Thank you Rahul
Glad to help
What a great series with clear explanation. Please continue this series, I’m looking forward to the next chapter :)
There are more to come but if you are interested in more in depth content consider being RUclips member for more premium content
You are the one who is teaching the topics from Scratch and explaining in easy way to understand the topics very easily. Thank you so much sir.
You are most welcome
Thank you for such a clear explanation and demo. The pace of this was perfect for me and I was able to grasp the concepts well. Created my own VPC with bastion/jump host and all was working as intended. Many thanks and keep the great content coming!
Glad to hear that it works for you
Your Training Method is superb Rahul; hats off for You!
You are welcome
Thank you sir , so far this is the best tutorial about the topic that I have been searching. The diagram and step-by-step demo are really easy and helpful for me to follow along. Liked and subscribed.
You are welcome
Sir you teach with the help of digrarm that makes the things CLEAR. Thank you sir best teacher 😍😍
Glad to hear that
What a great series with clear explanation and thank you so much for this lecture.
You are welcome
how ssh through bastion host into host in private subnet more secure? Perhaps shade some lite on that.
Thank you very much for this series.. This series really helpful for beginner's like me❤️
You're welcome 😊
Does having an EC2 instance in a public subnet automatically make that a Bastian host? Because in the video I did not see any specific configurations to the instance in the public subnet. What make an EC2 instance a Bastian host?
This is I want to ask him. He did not made any configurations as bastion host. He just allowed the IP-address range of public subnet to the private subnet. How can he say that it is bastion host. Simply he can say that instead of using NAT gateway with elastic IP. we can only use public subnet range.
The public EC2 instance in the public subnet is called the Bastion Host (or Jump Host).
Hi Rahul, Does all the Instances in the Public subnet will have the Public IP assigned to it ?
I thought public subnet is the one with IGW and private subnet is the one with NAT gateway.
In the AWS console i have VM's with Public subnet routed to IGW, but the internet doesn't work unless i enable it with Public IP assignment.
Thank you Rahul bhai. you really doing great job for us.
Thanks and welcome
Excellent explanation, This is very helpful for me...
Glad to hear that
Good job sir, I cleared my doubts. Thanks once again.
Hi Rahul, Thank for the detailed session and I have one question here during NAT gateway session you connected from pubilc ec2 to private ec2 without enabling public IP subnet in private ec2 SG, how you did that? or its connected via NAT gateway?
both the ec2 instances are in the same VPC which means both are in same network. The public ec2 instance present in public is only accesible via internet but the ec2 instance present in private subnet can be accessed via public ec2 instance internally without the need of NAT gateway because both of them are in internal network
Best and clear explanation ❤
Thanks a lot 😊
Hi, thanks for the video.
Is there anything like this for databases and other services too? I'm trying to find a way to access an internal database from my own PC. The internal database is just a database that is being used by an API on AWS. How can I use something like a VPN to open the database from my own PC?
Thank you Rahul.. wonderfully explained
Thanks and welcome
whenever you create the instance you gave the name of test-key-pair , but when we login into the machine the name of the key will be different. how it happens
on point demo , thanks for such content
Glad you like it!
Hi Rahul, thanks a lot for the videos. Learning a lot from these videos. One question on bastion host, when we are copying the private key of ec2 which is in a private subnet to the internet exposed ec2 machine in a public subnet. Is it secured?
Wonderful session. Thanks a lot for your honest effort.
Glad to know the feedback back
can we set the rule at S3 , after number of days the particular url link(downlodable) will not work if i shared it publically? Please guide me.
Liked , commented and subscribed with this one video ❤... looking forward to learn more
Glad to have you
Great info. Can we have similar setup in azure?
Yes the bastion host concept is common and can be used in any cloud provider
Hi Rahul, when we define subnets, when have to use Private ranges right? Such as 192.168.x.x, 172.16.x.x to 172.31.x.x, or 10.x.x.x. Or it doesn't matter?
It totally depends on your org practice on assignment of cidrs
Hi sir ,
You are doing great jobs pls make a series continuesly, i hope you have to be done with the best way 🙏❤
Cheers
This is cool, what looks like a mirage, you made it so simple. Thanks Bro
thank you so much, can you please do CICD in detailing.
I will try my best to
thank you so much for your videos. these are helping me a lot.
You are most welcome
Thank you very much for such a wonderful session sir
Keep watching
Great video. How do you do the diagrams
I just use the ppts nothing more
What an insightful share... thank you 🙏🙏
Cheers
I can't copy the private key. Can anyone help me please?
Hi sir,Thankyou for your elaborated explanation.. please explain the purpose of Natgateway.
I am not able to connect to private ec2 while connecting to private ec2 from bastion host. Doing ssh as shown in video, i did all steps correctly and tried but while doing ssh to private ec2 nothing is coming, its just blank
could be many reasons but check the security groups
Amazing content bro.. keep going on please do aws solution architect entire course..
Thanks and sure
Great Video
Thank you for detailed explanation.
You are most welcome
Can you make an video related to how to build SSH connection from bastion Host to EC2 user in Windows PC
Thank you, you made me think deeper.
You're very welcome
Awesome content bro....thanks
So nice of you
Amaizing!!
@RahulWagh please help to get the copy of my private key. I can't read or copy the key from my .pem file
Thank You! I am a beginner ❤
You're so welcome!
Great explaination. I clear understanding
Great to hear!
sir im unable to understand how the name of the key you changed, please explain sir
Thank you Sir. 💞
Always welcome
Hello Rahul, Correct me if I am wrong, both the ec2 instances are in the same VPC which means both are in same network, so it will connect right?. I still could not understand the concept of bastion. I already watched "Mastering AWS: NAT Gateway Setup in Your VPC" video, comparing these to, the differences are, in this video you explicitly adding Security group and in NAT gateway video all the configurations are same except the private subnet want to access internet(outbound only) using NAT. So adding the security group(enabling access from Private IPs of Public EC2 to all port in the Private ec2) is how a bastion host differs from normal private-public environment.
yup ,whole setup is same as explained in VPC video
How do we establish an internet connection on private ec2?
Use NAT gateway
Very helpful
Glad it helped
why we are using ipv4 cidr 0f 12 range why not 10 ?
When it comes to choosing a CIDR range for a network, there are several factors to consider, including the size of the network, the number of hosts that need to be accommodated, and the availability of IP addresses.
The "/12" in IPv4 CIDR notation corresponds to a subnet mask of 255.240.0.0, which means that the first 12 bits of the IP address are used for the network portion, leaving 20 bits for host addresses. This allows for a total of 2^20, or 1,048,576, IP addresses in the subnet (though the first and last addresses are reserved for the network and broadcast addresses, respectively).
On the other hand, a "/10" CIDR range corresponds to a subnet mask of 255.192.0.0, which provides for 2^22, or 4,194,304, IP addresses in the subnet.
The decision to use a "/12" CIDR range instead of a "/10" range would typically be based on the need for fewer IP addresses than a "/10" range provides. Using a "/12" range when a "/10" range is not necessary can help conserve IP addresses, which is particularly important given the limited availability of IPv4 addresses. However, it's also worth noting that the decision could be influenced by other factors, such as the design of the larger network, routing considerations, and the allocation policies of the organization or service provider managing the IP addresses.
@@RahulWagh.thank you for your explanation but i mean we use 10.x.x.x but you use 12. i liked your teaching and explanation.🙂
@@subash000000 there is no rule on using 10.x.x.. or 12.x.x…. It is your own vpc just pick the range which you like. The vpcs are not in public domain so you have liberty to choose any range
@@RahulWagh thank you for such quick response.
Very well explained
Keep watching
how to share a user ssh on the bastion server with their public ssh key
you have to use to secret management tools like hashicorp vault
Hi Rahul do you also do one on one consulting for entrepreneurs
There is paid consulting which I do, if interested you can reach out to me at - rahul.wagh@jhooq.com
Hello sir what if we created our bastion host in private network so is there anyway ? How we can access that
The whole purpose of bastion host is to enable access to server present into private subnets. Bastion host in private subnet doesn’t make a sense
@@RahulWagh thanks for replying !!!
To make this process more secure what can we do any suggestions ?? Like can we attach a VPN
Great content man
You are welcome
Can you please make a video on how to Configure the Web application(Python Flask) And Database (Postgre SQl) in the EC2 instance, by using the same security bastion host.
It is already there - Real Time DevOps Project | Use Terraform Jenkins AWS to deploy REST API
ruclips.net/video/otQqd7GRVK0/видео.html
Now it's working thank you.
Well explained ❤
Glad it was helpful!
Awsome Example Bro can you please cover examples for Elastic Network Interfaces,Elastic Fabric and Elatic adapter network and placement groups
Noted
Hello sir...if possible then please try to make a detail video on IP, Subnetting or other networking concepts ,it will be very helpful...Thank you🙂
Here is a video which is already there on my channel- AWS how to setup VPC, Public, Private Subnet, NAT, Internet Gateway, Route Table? - (Part-5)
ruclips.net/video/43tIX7901Gs/видео.html
Very nicely explained , do you cover google cloud topics as well Rahul?
Not yet on GCP yet but soon I am planning to do it. What would you like to see on GCP?
in ssh its not connecting
Check security groups and source
Thaks for sharing.
Thank you so much .
You're most welcome
well explained thank you
You're welcome!
Awesome 👌
Thank you! Cheers!
Good Evening Rahul.
I hope you are doing well
hi parshant good evening i am good thanks for asking
Thank you
You're welcome
why didnt you use scp to cpoy the pem file
Yes you can use SCP instead of manually copying the ssh keys
@@RahulWagh 😆
Felt like sunder pichai teaching me 😀
Can we expect ks8 series from you..?
Hopefully soon I will prepare in k8s
👏
All ok but in the last why you not created a new key pair instead of using a existing....last 10 mins unable to understand...
I always get this error
ubuntu@ip-10-0-0-80:~$ ssh -i "aws_ec2_instance_key.pem" ubuntu@10.0.1.179
ubuntu@10.0.1.179: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
anyone have any idea?
i did the exact same but i didn't make a private route table and it still worked. why
May be you might have made the private subnet as public subnet
@@RahulWagh I'm pretty sure i did not.
upon further inspection, i found that there's a default route table assigned to the private subnet (you see it at 10:44) and that allows connectivity inside the same VPC.
so that implies if you allow ssh to pvt ec2 in the security group, you'll be able to connect to it from the public ec2 thus no route table needed.