AWS Public Subnet Internet Access for Non Public IP Instances

3
votes

I have a public subnet in AWS and I have 3 instances in it ...

  1. WebApp01 (Elastic IP - 54.23.61.239 for example)
  2. WebApp02 (Private IP - 192.168.0.24)
  3. WebApp03 (Private IP - 192.168.0.25)

And my route table is setup as 192.168.0.0/16 -> local 0.0.0.0/0 -> Internet Gateway

I can see that the instance that has the public IP has internet access but the instances that don't have public IP are not able to access the internet.

How can I give internet access to the other instances inside the Public Subnet ?

I'm a newbie in networking and any help will be appreciated.

Just FYI : I know that creating a NAT, and then creating a separate route table with 0.0.0.0 -> NAT and associating that route with the Private Subnet gives internet access to the instances in the private subnet, but I cant figure out how to give internet access to the non public IP instances in the public subnet. Please help !

1
amazon-web-servicesamazon-vpcsubnetvpcaws-vpc
Can the person who down voted it please give a reason why they did it ?Tarunpreet Ubhi
Your question helped me a lot, I don't know why someone down voted it.vinicius.olifer

1 Answers

6
votes

You will need to assign public IP addresses to your instances that do not have one or add an EIP in order for them to access the Internet.

An AWS Internet Gateway is a special type of NAT Gateway (1 - 1 address mapping). Without a public IP address there is nothing for the Internet Gateway to map to the EC2 instance - one public IP maps to one private IP inside the Internet Gateway.

Although you add a NAT Gateway to a public subnet with an Internet Gateway, the NAT Gateway does provide address translation (NAT) to instances in the public subnet - only to instances in the private subnets. The default route in each private subnet points to the NAT Gateway.

If you want these instances to be protected by only having private IP addresses then you will need to move the instances to a private subnet (one with a NAT Gateway).

An instance in a public subnet without a public IP address is orphaned from the Internet. The instance can talk to other instances in the VPC (the Intranet) but cannot talk to the Internet.

There is a lot of confusion on what are AWS VPC subnets. There are three types. 1) Public subnet (one that has an IGW). 2) Private subnet (one that has a NAT Gateway or NAT instance, or neither). 3) Hybrid (one that has a VGW routing to a data center or similar).