By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

EC2 under ALB can not access internet

0

I have a ALB with a ec2 inside, when my EC2 want to access outside world, for example

  1. send data to google api, failed.
  2. when I check ping to remote machine (domain) outside my infrastructure, it work. ( get the IP address of domain)
  3. I can not curl to a website outsie my network, to get 200 status.

Security Group already set to allow all inbound and outbound. And I use internet facing application load balancer

But my webserver in that machine running well. (port 80 and 443)

Anyone have solution ?

Topics
ComputeNetworking & Content Delivery
Tags
Amazon EC2Elastic Load BalancingApplication Load BalancerSecurity Group
Language
English
MSolehFajari
asked a year ago1137 views
3 Answers
0

Recomended setting is having inbound traffic from internet only on ALB, and have application on private subnet that for inbound should only allow traffic from ALB. For your instance to connect to internet you would need a NAT gateway configured for its private subnet. If EC2 is in public subnet, the Internet Gateway would work. To understand better actual problem, if on EC2 you curl to a internet site by IP, does it works? (you should make sure that site responds by IP). If you use dig or nslookup to resolve a hostname, does it works? Have you check that the instance route tables are ok for the IG or NatGateway?

profile pictureAWS
romerogt
answered a year ago
  • MSolehFajari
    a year ago

    Hi thanks for your advice. I fix this problem by move subnet to public subnet. So EC2 unde ALB can access the internet.

  • romerogt
    a year ago

    Thanks for the update. It is good to check security group for ec2 has no inbound rule for public access, for usual configuration it would only need inbound rule from ALB security group.

0

Hi,

In case the EC2 instance is not able to access Internet, you can try to troubleshoot with the followings:

1/ Make sure the outbound is allowed in the attached Security group.

2/ Make sure the Network ACLs is allowed for outbound access.

3/ Make sure the route table is configured properly for the subnets to NAT GW or Internet GW.

For more troubleshooting guides, please see https://aws.amazon.com/tw/premiumsupport/knowledge-center/ec2-connect-internet-gateway/

If your EC2 instance is not reachable from the ALB, specify the appropriate HTTP or HTTPS port and source IP CIDR in the ALB's security group.

profile pictureAWS
jcvip
answered a year ago
0

This ec2 on ALB using ip private with internet-facing. I have few Fargate too here, but it's working well with ALB too. Both Fargate and ec2 ALB use the same Security Group, the same ACL and the same subnet. It work.

So my assumption that it should work with ALB/ec2 too.

MSolehFajari
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content