CloudPath Academy

Your guide to AWS certification success

Amazon Web Services AWS Broken Labs

Lab 01 - VPC Internet Gateway Routing

Difficulty: Intermediate Service: Amazon VPC

Cost: This lab uses a t2.micro instance (Free Tier eligible). If left running outside the Free Tier, the cost is approximately $0.30/day. Delete the stack when you are done.

Scenario

Your team deployed a web server on EC2 inside a custom VPC. The CloudFormation stack completed successfully, the instance is running, and the security group allows HTTP traffic on port 80. There is even an Internet Gateway created and attached to the VPC. But when you open the URL, the browser just times out.

What Was Deployed

Resource Purpose
AWS::EC2::VPC Custom VPC for the lab (10.0.0.0/16)
AWS::EC2::Subnet Subnet with auto-assign public IP enabled
AWS::EC2::InternetGateway Internet Gateway — created and attached to the VPC
AWS::EC2::RouteTable Route table associated with the subnet
AWS::EC2::SecurityGroup Inbound rule allowing HTTP on port 80
AWS::EC2::Instance t2.micro running a web server

The stack deployed without errors. The instance is running and the web server is active.

Deploy the Lab

  1. Open the AWS CloudFormation console
  2. Click Create stack > With new resources (standard)
  3. Select Upload a template file and upload lab-01-igw-routing.yaml
  4. Enter a stack name (e.g., brokenlabs-vpc-lab-01) and click Next > Next > Submit
  5. Wait for the stack status to reach CREATE_COMPLETE (takes 2–3 minutes)
  6. Open the stack Outputs tab — you will see InstanceId, InstancePublicIP, and WebPageURL

The Problem

Open the WebPageURL from the stack Outputs in your browser.

Expected: the AWS Broken Labs welcome page loads. Actual: the browser displays:

This site can't be reached
ERR_CONNECTION_TIMED_OUT

The instance is running and healthy. The security group allows HTTP. The Internet Gateway exists and is attached to the VPC. The page still never arrives.

Fix the Lab

Investigate how traffic actually gets from the internet to a subnet inside a VPC. Something in the VPC networking layer is preventing the connection — even though all the pieces appear to be in place.

Need help? Open hints.md for progressive hints.

Cleanup

  1. Open CloudFormation, select your stack, and click Delete
  2. Wait for the stack to reach DELETE_COMPLETE (or disappear from the list)
  3. Verify in the EC2 console that the instance no longer appears (or shows Terminated)

Resources