- Newest
- Most votes
- Most comments
An EC2 instance cannot access the Internet if it does not have a public IP address, even if it is running on a public subnet with a route to the Internet Gateway.
Configure Elastic IP or enable automatic public IP assignment for subnets.
This document describes how to troubleshoot when you cannot connect to the Internet.
https://repost.aws/knowledge-center/ec2-connect-internet-gateway
For private subnets, the following documents can be used for troubleshooting.
https://repost.aws/knowledge-center/ec2-internet-connectivity
I think the private subnet route table and the public subnet route table need to be separated.
Step 1: I recommend you check out the VPC (resource map) , which visualizes your network architecture. meaning:
- Public Route table:
- (1) VPC(eg: 10.0.0.0/16) -> local
- (2)0.0.0.0/0 -> igw-xxxx
- Private Route table:
- (1) VPC(eg: 10.0.0.0/16) -> local
- (2)0.0.0.0/0 -> nat-xxxxx
Step 2: If you need to create Linux server and access the Internet, please enable Auto-assign public IP in the network settings. If you need a static IP, please apply for an Elastic IP and attach it to the Linux server.
Step 3: Check whether the SSH port and access IP segment are enabled in the security group Finally, if Linux server is placed in the private subnet, please use bastion server to connect it . The Nat gateway can only allow the server to actively initiate requests to the Internet instead of Internet traffic can directly request private subnet servers, such as yum install ...
Thanks for the reply. So I am supposed to have two routing tables attached to the same VPC? So what I am trying to accomplish is actually with a windows server EC2 instance currently. I want it to be able to access the Internet for windows updates and such, but I don't want it to be public facing. So like a typical intranet server. I have the Elastic IP assigned to the NAT gateway currently.
Relevant content
- Accepted Answerasked 2 years ago
- asked 5 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- How can I access an Amazon EMR cluster through an application if the cluster is in a private subnet?AWS OFFICIALUpdated a month ago
- AWS OFFICIALUpdated 2 years ago
Thanks for the reply. I have the EIP allocated but it is attached to the NAT gateway. So I trying to follow article 2 on private subnets so that way multiple EC2 instances in my VPC can use that same EIP. The article says make sure I create the NAT gateway in the public subnet. I still cannot figure out if my subnet is public or private. How do I make that determination?
I came to the conclusion that the setup is wrecked so I decided to delete everything and start over. I'll post again if I have more trouble.
A public subnet is determined by having a route to the Internet Gateway in the subnet's route table. A private subnet is one that has no route to the Internet Gateway in the subnet's route table. In other words, the criterion for judgment should be to check the subnet's route table.