Home > database >  AWS EC2 private instance in public subnet - Cannot run apt-get update or ping google
AWS EC2 private instance in public subnet - Cannot run apt-get update or ping google

Time:06-24

I have a private EC2 instance in a public subnet. I am not able to run apt-get update or ping google or do anything internet facing.

I see that the security group for this instance has outbound rules set to "all traffic" to 0.0.0.0/0. Also, the route table has an entry for 0.0.0.0/0 to IGW. So, looks like it should work.

Not sure what I am missing here.

CodePudding user response:

No public IP address

Without a public IP, an instance in a public subnet, can't connect to the internet. Public IP is required to communicate with services outside of a VPC.

If you don't want to add public IP to your instance, you have to place it in a private subnet, and correctly setup NAT gateway in a public subnet and route tables to it. This way your instance will connect to the internet through NAT. NAT will be your proxy which will have public IP. But your instance will not need to have it.

CodePudding user response:

Create a new subnet and place a NAT gateway in it. Then, configure the route table of the existing subnet where the instance lives to talk to the NAT gateway in the other subnet.

With this approach, you don't need to recreate the instance.

  • Related