Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to connect to outside world from amazon vpc?

I have amazon VPC set through wizard as "public only network", so all my instances are in public subnet.

Instances within VPC that have Elastic IP assigned connect to internet without any troubles.

But instances without elastic IP can't connect anywhere.

Internet gateway is present. Route table in aws console looks like

Destination Target  10.0.0.0/16 local 0.0.0.0/0   igw-nnnnn 

and route from inside instance shows

Kernel IP routing table Destination     Gateway         Genmask         Flags Metric Ref    Use Iface 10.0.0.0        *               255.255.255.0   U     0      0        0 eth0 default         10.0.0.1        0.0.0.0         UG    100    0        0 eth0 

I tried to open ALL inbound and outbound traffic to 0.0.0.0/0 in security group that an instance belongs to. Still no success.

~$ ping google.com PING google.com (74.125.224.36) 56(84) bytes of data. ^C --- google.com ping statistics --- 6 packets transmitted, 0 received, 100% packet loss, time 5017ms 

What else can I do?

like image 839
Andrey Regentov Avatar asked Apr 20 '12 09:04

Andrey Regentov


People also ask

How do I access EC2 instance from outside AWS?

Sign in to the Amazon VPC console. On the navigation pane, in the Virtual Private Cloud section, choose Internet Gateways. In the search box, search for the internet gateway attached to your VPC. You can also use the search bar on the page to search for your Attached VPC ID (for example, vpc-xxxxxxxx).

How can I connect to my Amazon VPC?

You can connect to your VPC through a virtual private network (VPN), AWS Direct Connect (DX), a VPC peering connection, a VPC endpoint, ClassicLink, an internet gateway, a network address translation (NAT) gateway, or a NAT instance. The best option depends on your specific use case and preferences.


1 Answers

It appears that the only way to get outside from instances that don't have Elastic IP is:

  • add a NAT (Launch an extra m1.small instance from ami-vpc-nat-beta) and assign EIP to it
  • Create an extra subnet which will be "private"
  • Move non-EIP-instances to that private subnet
  • Modify route tables: 0.0.0.0/0 from the private subnet should go to NAT

So, just adding NAT is not enough. Instances should be stopped and moved to another IP from another subnet.

like image 131
Andrey Regentov Avatar answered Sep 19 '22 16:09

Andrey Regentov