AWS Reachability Analyzer, testing reachability

Setting up the VPC environment, Launching EC2 instances, and Testing Reachability.

This edition of the newsletter is written by Meriem Terki, a Data scientist skilled in AWS and Azure.

In this article, we’ll walk through setting up a VPC environment, launching EC2 instances, and using the AWS Reachability Analyzer to ensure your instances can communicate.

This guide is ideal for those new to AWS or those looking to solidify their understanding of VPC networking.

🤷‍♂️ What’s a VPC Reachability Analyzer?

• 🚀 Game-changer for AWS network troubleshooting

• 🔀 Dynamically maps network traffic across VPCs and subnets

• 👀 Provides end-to-end visibility and automates root cause analysis

• 📈 Ensures compliance and security, scaling from small to enterprise networks

• 🔄 Revolutionizes AWS network management with speed and automation

---

📝 Steps Diagram

---

Task Steps

❶ Sign in to the AWS Management Console

1. On the AWS sign-in page, enter your credentials to log in to your AWS account and click on the Sign-in button.

2. Once Signed In to the AWS Management Console, Make the default AWS Region as US East (N. Virginia) us-east-1

---

❷ Setting Up Your Environment by creating VPC

1. In the AWS Management Console, you can find the VPC service by clicking on the “Services” dropdown at the top and typing VPC in the search bar. Then, select the VPC service from the search results.

2. Once you’re in the VPC service, you’ll see the option to create a new VPC on the side menu or by clicking on the create VPC button and VPC only.

3. Create a new VPC: Name: reachability-test-VPC.

4. Specify an IPv4 CIDR block for your VPC (10.0.0.0/16) in the IPv4 CIDR block field.

5. In this case, you’re asked to use 10.0.0.0/16 as an example, but you can choose any valid CIDR block that doesn’t conflict with your existing network.

6. Click on the Create VPC button

7. Within your newly created VPC, you’ll need to create two subnets: one public and one private.

8. To create a subnet, go to the subnets section in the VPC service and click on the Create Subnet button.

9. Specify the VPC you just created, the CIDR block for the subnet

• Subnet Name: public subnet

• IPv4 subnet CIDR block: 10.0.1.0/24

10. Now we are going to create the same steps,

• Subnet name: private subnet

• subnet CIDR block: 10.0.2.0/24

11. Configure the route tables and internet gateway for the public subnet

12. For the public subnet to have internet access, you’ll need to configure the route table and attach an internet gateway.

13. Go to the Route Tables section in the VPC service and create a new route table for the public subnet.

• Route Table Name: MY-RT

14. Next, go to the Internet Gateways section and create a new Internet gateway.

• Internet Gateway Name: My-Internet-Gateway

15. Once the Internet gateway is created attach it to the VPC that you have created.

16. In the route table, click on Edit routes, then add your internet gateway. The destination should be (0.0.0.0/0), and the target should be the internet gateway.

---

❸ Launch two EC2 instances within this VPC

1. Navigate to EC2 by clicking on the Services menu at the top, then click on EC2 in the Compute section.

2. In the EC2 service, you’ll see a left-hand side menu. Click on the Instances option, and then click on the Launch Instances button to start the process of creating a new EC2 instance.

3. Name: Enter MyEC2Server1

4. You’ll be asked to choose an Amazon Machine Image (AMI) for your instance. Search for Amazon Linux 2023 AMI in the search box and select it by clicking on the Select button.

5. For Instance Type: Select t2.micro

6. You’ll need to create a key pair to securely connect to your EC2 instances. Select the Create a new key pair option.

7. For Key pair(login): Select Create a new key pair Button

• Key pair name: VPC-Key

• Key pair type: RSA

• Private key file format: .pem

8. Make sure to select the appropriate VPC and public subnet.

9. In Network Settings Click on Edit Button:

• Auto-assign public IP: Enable

• Select Create a Security Group

• Security group name: Enter MyEC2Server_SG

• Description: Enter Security Group to allow traffic to EC2

10. We will now add the security group rules. SSH will already be present there.

• For HTTP, Select the Add security group rule Button

• Choose Type: Select HTTP Source: Select Anywhere

11. Click Launch Instance.

12. Repeat the steps to launch another instance, ensuring it’s in the same VPC but in the private subnet.

13. To create the second EC2 instance, repeat the same steps 2–8 and make sure to select the same VPC you created.

14. Name: Enter MyEC2Server2

15. Create a new security group for this instance, allowing inbound traffic from the first instance’s security group.

16. Security Group for the second EC2 instance (Private):

• Name: PrivateEC2Server_SG (or any descriptive name)

• Description: Security Group for Private EC2 Instance

• Inbound Rules:

• Allow All Traffic (or specific ports/protocols) from the MyEC2Server_SG security group

17. Click Launch Instance.

---

❹ Testing Connectivity

1. Go to AWS Network Manager you’ll see a left-hand side menu. Click on the Reachability Analyzer option and click on the Create and Analyze path.

2. Name tag: ec2-to-ec2-reachability.

3. In the source type, select instances and choose the first EC2 instance you created.

4. In the destination type, select instances and choose the second EC2 instance.

5. Leave everything as default.

6. After configuring the source and destination instances, click on the create and analyze path button to run the analysis test.

---

🗺️ Now We are going to analyze the path to both the source and destination

1. Click on the Analyze path to reach the both source and destination path.

2. click on the confirm button

---

🔍 Reviewing Results

1. Once the reachability test is complete, review the results displayed by the Reachability Analyzer.

2. If the test result shows Reachable, it indicates that the two EC2 instances can communicate with each other within the VPC you created.

3. If the test result shows unreachable, the Reachability Analyzer will provide detailed information about the issue and potential reasons for the connectivity problem between the two instances.

---

You’re all done! Congratulations!