Running AWS Java SDK code without public ip

Question

Do we need internet connectivity to use AWS Java SDK from within an instance in AWS ?

I have an instance running inside a VPC to which I haven't assigned any public IP address.

From what my initial investigation found out, I see that to run AWS Java SDK based Java programs from this instance in Amazon, the instance needs to have internet connectivity.

Running the sample program AwsConsoleApp that comes with AWS Java SDK, I saw following error:

[javac] /home/ubuntu/aws-java-sdk-1.8.9.1/samples/AwsConsoleApp/build.xml:12: warning: 'includeantruntime' was not set, defaulting to build.sysclasspath=last; set to false for repeatable builds [java] =========================================== [java] Welcome to the AWS Java SDK! [java] ===========================================

 [java] Sep 09, 2014 9:26:49 PM com.amazonaws.http.AmazonHttpClient executeHelper
 [java] INFO: Unable to execute HTTP request: Connect to ec2.us-east-1.amazonaws.com:443 timed out
 [java] org.apache.http.conn.ConnectTimeoutException: Connect to ec2.us-east-1.amazonaws.com:443 timed out
 [java]     at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:551)
 [java]     at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180)
 [java]     at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:294)
 [java]     at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:645)
 [java]     at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:480)
 [java]     at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906)
 [java]     at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805)
 [java]     at com.amazonaws.http.AmazonHttpClient.executeHelper(AmazonHttpClient.java:464)
 [java]     at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:273)
 [java]     at com.amazonaws.services.ec2.AmazonEC2Client.invoke(AmazonEC2Client.java:9320)
 [java]     at com.amazonaws.services.ec2.AmazonEC2Client.describeAvailabilityZones(AmazonEC2Client.java:359)
 [java]     at com.amazonaws.services.ec2.AmazonEC2Client.describeAvailabilityZones(AmazonEC2Client.java:8045)
 [java]     at AwsConsoleApp.main(Unknown Source)
 [java]

I found this contrary to how Amazon provides Access to their EC2Metadata Service.

Is there any way I can run these Java programs without providing the AWS instance public IP ?

Michael - sqlbot Michael - sqlbot · Accepted Answer · 2014-09-10T01:22:42

You need Internet connectivity, but it doesn't need to be via a public IP assigned to the instance where your code is running.

The public IP can be on a NAT instance, which allows other machines in your VPC to access the Internet, but doesn't allow systems on the Internet to access your private instances.

Instances that you launch into a private subnet in a virtual private cloud (VPC) can't communicate with the Internet. You can optionally use a network address translation (NAT) instance in a public subnet in your VPC to enable instances in the private subnet to initiate outbound traffic to the Internet, but prevent the instances from receiving inbound traffic initiated by someone on the Internet.

http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_NAT_Instance.html

See also https://stackoverflow.com/a/22212017/1695906 for additional discussion about "private" vs "public" subnets, NAT instances, and routing.

Running AWS Java SDK code without public ip

1 Answers