<AWS VPC> Unable to ping private subnet instance from a public subnet instance

Question

May I seek for assistance about a lab exercise on AWS VPC that I was going through? Thanks.

I created a new VPC, a public and private subnet respectively, and then launched 2 EC2 instances into each of the subnet respectively. I also setup the security groups required for pinging (ICMP) access on the private subnet security group. However, I could not ping the instance in the private subnet from the instance in the public subnet.

Below are the setup:

VPC: (CIDR block 10.0.0.0/16)

Public subnet: (CIDR block 10.0.1.0/24)

Private subnet: (CIDR block 10.0.2.0/24)

Route table for public subnet:

Route table for private subnet:

Security group for public facing instance:

Security group for private facing instance: (All ICMP - IPv4 allowed from private subnet CIDR block)

Public facing EC2 instance launched in public subnet:

Private facing EC2 instance launched in private subnet:

SSH-ed into public instance, but then cannot ping private instance from there:

Additionally, tried to SSH into the private instance from the public instance (private key already added to public instance), also failed:

Thank you very for your help in advance.

Instead of using CIDR in SG of the private instance, what happens if you use SG of the first instance as a source? — Marcin
You haven't setup by any chance firewall on the instance in UserData that could be blocking the connections from the inside? — Marcin

Patrick C. Patrick C. · Accepted Answer · 2020-06-03T01:25:41

Finally found the problem, the security group for the public facing instance is missing an outbound rule. When this is added back, the ping is successful.

<AWS VPC> Unable to ping private subnet instance from a public subnet instance

1 Answers