Lab: Troubleshooting VPC Networking
Last updated
Was this helpful?
Last updated
Was this helpful?
In this hands-on lab, you will attempt to untangle a mess left by another cloud engineer. You will update the CloudFormation stack, troubleshoot, and fix the environment, so that you can successfully reach the website. Troubleshooting errors is an essential skill that you will likely encounter in real-world situations, so it is important to be as prepared as possible when these situations could arise.
Log in to the AWS Management Console using the credentials provided on the lab instructions page. Make sure you're using the us-east-1 Region.
Navigate to the lab's , and click Raw.
Copy the content to a new fle, and save the file as Step_2_LaFours_Disaster.yaml.
From the AWS Management Console, navigate to CloudFormation.
Select the provided stack, and click Update.
For Prerequisite - Prepare template, select Replace current template.
For Specify template, select Upload a template file.
Upload the Step_2_LaFours_Disaster.yaml you previously saved.
Click Next > Next > Next > Submit. It may take a minute or two to update. You will know the update is ready when the Status is UPDATE_COMPLETE.
Open VPC in a new browser tab. (Keep your CloudFormation tab open for later.)
On the left navigation panel under Virtual private cloud, select Your VPCs.
It looks like the VPC is running. On the left navigation panel, select Subnets.
The subnets should look okay. On the left navigation, select Route tables.
Click the link for the Route table ID where the route table has a value in the Explicit subnet association column.
Observe the internet gateway isn't set to the default. Click Edit routes.
Change the Destination to 0.0.0.0/0.
Click Save changes.
On the left navigation, click Internet gateways. It should still be attached.
On the left navigation, click Elastic IPs. Elastic IPs should look good.
On the left navigation under Security, select Network ACLs.
Click the link for the Network ACL ID where there is a value in the Associated with column. Observe that there are some issues.
At the top, use the breadcrumb navigation to go back to the Network ACLs page.
To change the association, select the check box to the left of the network ACL that doesn't have a current association.
Click Actions > Edit subnet associations.
Select the available subnet, and click Save changes.
From the left navigation menu, select Security groups.
Select the ACG CSAP Networking Lab security group, click the Inbound rules tab, and observe the Source should be updated.
Click Edit inbound rules.
Change the value for the inbound rule from 10.0.0.0/16 to 0.0.0.0/0, and click Save rules.
Go back to CloudFormation, and select the the Outputs tab at the top. (You may need to drag the Stacks pane over to see this option.)
Open the link for the FQDN value in a new browser tab.
You should see the message "Keep Being Awesome Cloud Gurus!", indicating everything was fixed and is working.