Why can't my EC2 instances access the internet using a NAT gateway?

2 minute read
0

I created a network address translation (NAT) gateway so that my Amazon Elastic Compute Cloud (Amazon EC2) instances can connect to the internet. However, I can't access the internet from my EC2 instances. Why can't my EC2 instances access the internet using a NAT gateway?

Resolution

Internet connectivity issues with NAT gateways are typically caused by subnet misconfigurations or missing routes. To troubleshoot issues connecting to the internet with your NAT gateway, verify the following:

  • The subnet where the NAT gateway is launched is associated with a route table that has a default route to an internet gateway.
  • The subnet where your EC2 instances are launched is associated with a route table that has a default route to the NAT gateway.
  • Outbound internet traffic is allowed in both the security groups and the network access control list (ACL) that is associated with your source instance.
  • The network ACL associated with the subnet where the NAT gateway is launched allows inbound traffic from the EC2 instances and the internet hosts. Also verify that the network ACL allows outbound traffic to the internet hosts and to the EC2 instances. For example, to allow your EC2 instances to access an HTTPS website, the network ACL associated with the NAT gateway subnet must have the rules as listed in this table.

Inbound rules:

SourceProtocolPort RangeAllow / Deny
VPC CIDRTCP443ALLOW
Internet IPTCP1024-65535ALLOW

Outbound rules:

DestinationProtocolPort RangeAllow / Deny
Internet IPTCP443ALLOW
VPC CIDRTCP1024-65535ALLOW

Related information

How do I set up a NAT gateway for a private subnet in Amazon VPC?

Work with NAT gateways

Access the internet from a private subnet

How do I use the VPC Reachability Analyzer to troubleshoot connectivity issues with an Amazon VPC resource?

AWS OFFICIAL
AWS OFFICIALUpdated 2 years ago