1. See the topics : EC2 in custom VPC : to know that how to create custom VPC, internet gateway, public subnet , public route and publlic EC2

1. Private route

1. create private route

2. assign 'associated private subnet' to the route

2. Private EC2

1. create EC2 instance

2. select your custom VPC

3. select your private subnet

4. 'Auto assign public IP' option should be disabled

4. configure security group : source type must be custom and source must be IP of public EC2

3. Connect to bastion EC2

1. open terminal from your local machine

2. SSH to the server using pem key pair

                        ssh -i "ec2_pem_key.pem" ubuntu@<your_public_ec2_ip>
                        

4. connect to private EC2

1. connect to bastion EC2 from your local machine

2. open the pem key file in your local machine

                        cat your_pem_key.pem 
                   

3. go to bastion host EC2 terminal and create a file

                        touch ec2_key.pem
                   

4. open the new file

                   vi ec2_key.pem
                  

5. copy the content of pem file from local machine and paste the content to ec2_key.pem file in bastion EC2

6. save and change the mod of ec2_key.pem file

 
                        chmod 400 ec2_key.pem
                  

7. copy the private IP of private EC2 from aws console panel

8. run the command in the bastion EC2 terminal

                  ssh -i "ec2_key.pem" ubuntu@<your_private_ec2_ip>