trying to install a LAMP stack on an aws instance in a VPC private subnet
using Scenario 2 described here: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Scenario2.html
I've set everything up with the relevant subnets, security groups, internet gateway and routing table.
With my set-up I can successfully:
- ping NAT
- ssh to NAT
- ping external website from NAT (eg ping ietf.org
)
- ping private instance from NAT (eg ping 10.0.X.X
)
- ssh to private instance
- ping NAT from private instance
However I cannot ping from the private instance to the internet (ie ping ietf.org
doesn't work)
and when I try sudo yum update
from the private instance I get the following error:
Cannot find a valid baseurl for repo: amzn-main/latest
I presume this is either a routing or security group error... ?
Notes:
- Source/Destination Check is disabled for NAT instance
- the NAT instance has a public IP assigned but not an elastic IP
- ACL is not implemented (left as default)
- route table for public subnet:
10.0.X.X/XX local
0.0.0.0/0 internet gateway
- route table for private subnet:
10.0.X.X/XX local
0.0.0.0/0 nat instance
- security groups are as follows:
Private Instance Inbound
ALL Traffic = vpc_private_sg
SSH(22) = vps_nat_sg
MySQL(3306) = vpc_public_sg
ALL ICMP = 0.0.0.0/0
Private Instance Outbound
SSH(22) = vps_nat_sg
HTTP(80) = 0.0.0.0/0
HTTPS(443) = 0.0.0.0/0
ALL ICMP = 0.0.0.0/0
NAT Instance Inbound
ALL Traffic = vpc_private_sg
SSH(22) = vps_nat_sg
SSH(22) = 10.0.X.X/XX
HTTP(80) = 10.0.X.X/XX
HTTPS(443) = 10.0.X.X/XX
ALL ICMP = 0.0.0.0/0
NAT Instance Outbound
SSH(22) = 10.0.X.X/XX
HTTP(80) = 0.0.0.0/0
HTTPS(443) = 0.0.0.0/0
ALL ICMP = 0.0.0.0/0