I can't access several of our AWS managed EC2 instances from outside our local network.

Question

These are supposed to be public IPs.  I can only access them from our internal network.  I need to be able to access them from anywhere and to be able to set an A record up for them in our dns, but I can't.  Is there some setting that is blocking them or some sort of amazon firewall that I don't know about?  We have a few that actually work, but I have no idea why.  Thanks in advance!

Answer

Ensure that the instances are in a Public Subnet (a subnet with a Route Table that has an IGW as the default route). Ensure that network ACL (NACL) associated to the subnet and the security group associated to the instance allows the traffic.

As an additional measure, add VPC flow logs to troubleshoot and look for REJECTs to validate that traffic is being denied.

Answer

1. First thing you need to make sure the instance has a public IPv4 address: reference [here](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-instance-addressing.html#public-ip-addresses) 
2. Make sure the VPC where your instances reside has an Internet [Gateway](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Internet_Gateway.html). 
3. Make sure the subnet where the instance resides has a route to the Internet Gateway, which makes the subnet a Public subnet. 
4. Refer to this [guide.](https://repost.aws/knowledge-center/vpc-connect-instance) on how to configure security group and network access list.

I can't access several of our AWS managed EC2 instances from outside our local network.

関連するコンテンツ