Lightsail-EC2 peering: can't connect to spot instances


Hi, In the Lightsail console, I have enabled VPC peering to my default VPC in EC2 service which has a single public subnet. Both (Lightsail and EC2 networks) are in the same region. Using private IPs I can reach from Lightsail machines EC2's on-demand instances and vice-versa. However, what doesn't work is access from Lightsail machines to the spot instances. The spot instances are created in the mentioned public subnet. Does it require any extra configuration? The spot instances can be accessed without issue from the EC2's on-demand machines.

asked 10 months ago271 views
1 Answer
Accepted Answer

AWS VPC peering between Lightsail and EC2 instances should work in a similar way for both On-Demand and Spot Instances, assuming all are launched in the same VPC. This includes all EC2 instance types, including spot instances. Here are a few troubleshooting steps you can try:

  1. Check Spot Instance Security Group Rules: The first thing to check is the security group rules associated with your spot instances. Ensure that you have inbound rules that allow traffic from the CIDR blocks of your Lightsail VPC or Lightsail instance. Also, double-check the outbound rules of your Lightsail instances.

  2. Check Network ACLs: Network ACLs operate at the subnet level, so it's possible that the subnet that your spot instances are in has different rules than the subnet for your on-demand instances. Verify that your Network ACLs allow traffic to and from the Lightsail VPC.

  3. Verify Route Tables: Check the route tables associated with the subnet your spot instances are in. The route tables need to have an entry that allows traffic to flow between the Lightsail and EC2 VPCs.

  4. Check IP Addressing: Make sure you are indeed using the private IP address of the Spot Instances. While it might seem obvious, it can be easy to get mixed up when you are dealing with many instances.

  5. Instance State: It's possible that the spot instance got terminated due to market conditions (i.e., the spot price went above your bid). In this case, the instance would no longer exist to connect to. So, double-check your Spot instances' state.

  6. Try Traceroute: If you are still having problems, you can try using a traceroute from the Lightsail instance to the Spot Instance to see if that gives you any more information on where the packets are getting lost.

Remember, VPC Peering is a one-to-one relationship between two VPCs. You can create multiple VPC peering connections for each VPC that you own, but transitive peering is not allowed. This means that if VPC A is peered with VPC B and VPC B is peered with VPC C, VPC A is not implicitly peered with VPC C. Make sure this is not the case in your setup.

If the answer is helpful, please click "Accept Answer" and upvote it.

profile picture
answered 10 months ago
profile picture
reviewed 10 months ago
  • Instance Security Group Rules - I forgot about those. Thank you!

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions