How can Ec2 Instance in private subnet access internet via vpc endpoint?

0

I connected to ec2 intance in private subnet via Bastion Host.Then I created a vpc gateway endpoint to reach s3. I assigned the required role to ec2 and the connection to s3 is done. My question is, how can Ec2 instance in private subnet dowload something from the internet?

posta 2 anni fa1391 visualizzazioni
2 Risposte
1
Risposta accettata

Hi, regarding your comment "Ec2 instance in private subnet was able to install some programs while I had vpcendpoint, even though it was not nat gateway", was this Amazon Linux, and were the packages you installed part of the Linux distribution or third-party? Amazon Linux is hosted in S3 so you don't need outbound internet access to update or install stuff from there, just S3 access as you've found. See https://aws.amazon.com/premiumsupport/knowledge-center/ec2-al1-al2-update-yum-without-internet/.

ESPERTO
con risposta 2 anni fa
profile picture
ESPERTO
verificato 6 mesi fa
profile picture
ESPERTO
verificato un anno fa
  • yum update, yum install git... When I used these commands, it performed the download process, but it cannot ping. I guess, as you said, these are the packages belonging to the Linux distribution.

0

Check out this document about setting up a NAT Gateway.

Instances in a private subnet do not have public IP addresses so they need a either a NAT Gateway or NAT instance to securely connect to the internet. VPC Endpoints are a way for you to securely connect to AWS Services, here's a list of currently supported services. Essentially it allows you to connect your EC2 to S3 (among other services) without traversing the public internet. They aren't used for giving EC2 instances public internet access. That's where a NAT Gateway or Instance comes into play.

AWS
AWSJoe
con risposta 2 anni fa
profile picture
ESPERTO
verificato 6 mesi fa
  • I know what you say, that's why I asked this question. Today, a Ec2 instance in private subnet was able to install some programs while I had vpcendpoint, even though it was not nat gateway.

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande