I've setup a VPC on AWS and I'm trying to make one of my subnets private. I have:
I can get to the instance in #4 by going to a different instance with a public IP then SSHing to its private IP. Once on the instance it has no internet connectivity.
Am I expected to update the route tables on the instance anything?
Turns out I was creating my NAT Gateway in my private subnet; should have been done in my public subnet. When I was creating it I assumed the subnet I was providing was the one I wanted to be NATed not where to create it.
Re-reading the docs here helped discover my error:
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-nat-gateway.html#nat-gateway-creating
thx.
Had an issue with my NAT instance as well.
It ends up I didn't set up the security group of the NAT instance correctly. My NAT instance security group was allowing port 22 only.
Once I add port 80 (HTTP) and port 443 (HTTPS) to the security group, my instance in private subnet can connect to the internet.
Some points to be noted when creating a NAT instance:
Did you follow all the instructions here? In particular make sure you disable Source/Destination checks on the NAT instance.
Alternatively, AWS now has Managed NAT Gateways.
