Ec2 Not connecting to Internet


Hi , I have created a EC2 instance in Public Subnet ( i.e Subnet has Internet Gateway default route) . While Creating this EC2 I have disabled its Public IP assignment. So it doesn't have any public IP. I can login to this EC2 via Bastion host. But after logging I can not access internet from it i.e "yum list " command fails, Curl <websit> command fails. Is this how its supposed to be ? Does it mean EC2 must have Public Ips as well if this EC2 has to access internet ? I can confirm when i created Public IP EC2 in same subnet it can access internet. But just wanted to know if this is how it should be ? Thanks

asked 8 months ago283 views
1 Answer
Accepted Answer

The instance can't access the internet because you have disabled that option by not assigning a public (or elastic) IP. (See note below.) When you assigned the instance a public IP it worked. So your understanding is correct.

There might be a case where you don't want to assign instances a public/elastic IP and you want it to access the Internet. This could be the case where you have many instances. You can accomplish this with a NAT Gateway. Note that there is a cost associated with this. In short: the NAT Gateway allows outbound connections to the Internet for multiple instances; and they all share a single Elastic IP that is assigned to the NAT Gateway.

Note that you can access many AWS services using a VPC endpoint but I don't think that's what you want to do in this case.

Sidenote: The difference between a "public" IP and an "elastic" IP in your VPC is that an Elastic IP is "owned" by your account. So if you remove the instance (or network interface) you can reassign the Elastic IP to another instance - it gives you a "stable" IP. A Public IP will change once you release it - you can't reassign it to another instance. This is sometimes useful if you don't require the same IP to be reused.

profile picture
answered 8 months ago
  • Thanks@Breetski for clarifying it. Yes I am aware of VPC endpoint and NAT instances/Gateway. I was just thinking, As long as a subnet has routing defined to Internet Gateway then it will be able to send the packets to Internet. And It might take Internet Gateway's Public IP. Like we use our home router and Home LAN. But looks like that theory is wrong at my part. Thanks again for your support and quick answer.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions