- 最新
- 投票最多
- 评论最多
Hi, regarding your comment "Ec2 instance in private subnet was able to install some programs while I had vpcendpoint, even though it was not nat gateway", was this Amazon Linux, and were the packages you installed part of the Linux distribution or third-party? Amazon Linux is hosted in S3 so you don't need outbound internet access to update or install stuff from there, just S3 access as you've found. See https://aws.amazon.com/premiumsupport/knowledge-center/ec2-al1-al2-update-yum-without-internet/.
Check out this document about setting up a NAT Gateway.
Instances in a private subnet do not have public IP addresses so they need a either a NAT Gateway or NAT instance to securely connect to the internet. VPC Endpoints are a way for you to securely connect to AWS Services, here's a list of currently supported services. Essentially it allows you to connect your EC2 to S3 (among other services) without traversing the public internet. They aren't used for giving EC2 instances public internet access. That's where a NAT Gateway or Instance comes into play.
I know what you say, that's why I asked this question. Today, a Ec2 instance in private subnet was able to install some programs while I had vpcendpoint, even though it was not nat gateway.
yum update, yum install git... When I used these commands, it performed the download process, but it cannot ping. I guess, as you said, these are the packages belonging to the Linux distribution.