Is there anyone who can explain me that situation below ? I connected to Ec2 intance in private subnet via Bastion Host.Then I created a vpc gateway endpoint to reach s3. I assigned the required role to ec2 and the connection to s3 is done. My question is, how can Ec2 instance in private subnet download something from the internet?
CodePudding user response:
A VPC endpoint is used to access a certain service, in this case S3, over the AWS network instead of over the internet.
If you want your instance to be able to talk to the internet, you'll need to configure a NAT gateway in a public subnet, and you'll need to configure the route table of the private subnet to forward traffic to the NAT gateway.
CodePudding user response:
A simple solution would be:
- Put everything in a Public Subnet
- Assign a Public IP address to the Amazon EC2 instance
- Use Security Groups to secure access on the Amazon EC2 instance (that is, only allow Inbound connections from the Bastion)
The effective result is the same as using a Private Subnet, but the EC2 instance will be able to establish Outbound connections to the Internet (but not Inbound, so it remains secure).
CodePudding user response:
yum update, yum install git... When I used these commands, it performed the download process, but it cannot ping. I guess, these are the packages belonging to the Amazon inux distribution.