The ec2 instance can't access internet in a public subnet without a elastic ip address?

Question

I working on aws. I created a public subnet which has a network ACL allows all net traffic, and associated with a internet gateway in the route table.

And then I create a ec2 instance without elastic ip and a ec2 instance with elastic ip in it, and the security group also allows all traffic.

I ssh to the instance which has elastic ip. It works well when I run yum update and curl www.baidu.com and so on. But I can't access internet when I ssh to the ec2 instance which has no elastic ip. anyone knows that is why?

Answer 1

For accessing internet from EC2 instance in public subnet using Internet Gateway, the instance needs to have public IP address. Either one can configure the instance to have public IP address or attach EIP.

Reference: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Internet_Gateway.html

If you do not want to attach public IP address for instances with Internet access (consider private subnets), NAT instance and NAT gateway can help.

Reference: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-nat.html

Answer 2

As well as being in a subnet that has a route to an Internet gateway, an instance must have a public IP address to communicate with the outside world (this is distinct from an elastic IP).

You can specify this when launching an instance, if not there is a per subnet setting that controls this. The per subnet setting defaults to false other than default subnets in your default VPC. There are more details in the aws docs.