By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Communication between two private ec2 instances

0

Hosting tableau server HA on 3 AWS ec2 instance private subnet using bastion host on the public subnet, but the worker ec2 is unable to communicate to host ec2. Though I can RDP the host ec2 from Worker ec2.

Topics
Compute
Tags
Amazon EC2
Language
English
AWS-User-2001144
asked 3 years ago2.1K views
1 Answer
0

Hello,

I would like a bit more clarification about the issue you're experiencing, however for an EC2 instance in public subnet (Bation Host) to communicate with another EC2 instance that is in a private subnet, you must have a managed network address translation (NAT) gateway to allow outbound internet access for resources in the private subnets.

Instances in private subnets can connect to the internet through a public NAT gateway, but cannot receive unsolicited inbound connections from the internet. You create a public NAT gateway in a public subnet and must associate an elastic IP address with the NAT gateway at creation. You route traffic from the NAT gateway to the internet gateway for the VPC

The NAT gateway replaces the source IP address of the instances with the IP address of the NAT gateway.

Further more, security groups play a vital role in maintaining the security and making sure the Bastion host doesn’t fail. The security groups of the private instances have to be changed to make sure that inbound RDP can be accessed through the Bastion Host’s IP address only.

The rules of this security group should be applied to all the private instances, which need tighter security, and which need to be able to connect to the internet via a Bastion Host.

Make sure to avoid access to IP addresses like 0.0.0.0/0. SSH and RDP connections can be authenticated with the help of private and public keys. Logging in to the private instances via the bastion host will require the bastion host to have the private keys. But storing private keys on a remote instance isn’t considered a safe security method.

More inforamtion about NAT Gateways can be found here.

I hope this helps.

Lunga T
answered 3 years ago
  • AWS-User-2001144
    3 years ago

    Thank you for replying! To explain the issue in detail, i have 1vpc, 3 public subnets, 3 private subnets, 3 Nat gateway, in each public subnets, 3 ec2 one in each private subnet, i have to install my software in each ec2 and communicate them with each other, which i am not able to using their private ip, i tried to ping , but its gave me time out. even though i have open ICMP port still cant ping in each other ec2s

  • Lunga T
    3 years ago

    Hello, thanks for reaching out. I am going to replicate the issue on my side and come back with feedback.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content