0

I have implemented an environment for a Wordpress website. I have a loadbalncer (ALB) that is connected to an EC2 server plus an AutoScaling group(for failover).

As we need to update Wordpress and install some plugins on EC2 server, I need to set up NAT gateway to allow internet connection from wordpress server(ec2) to internet.

I have set up the NAT gateway like the following link:
https://aws.amazon.com/premiumsupport/knowledge-center/nat-gateway-vpc-private-subnet/

However I could not be able to reach the Website (DNS of ALB) afterward.

My Routetable set up looks like below:

                      Route                Subnets
Main Route Table        10.0.0.0/16 local       -
                     0.0.0.0/0   natgw

Public Route Table        10.0.0.0/16 local       10.0.10.0/24, 10.0.11.0/24  (ELB subnets)
                     0.0.0.0/0   igw

Private route B      10.0.0.0/16 local       10.0.20.0/24,10.0.30.0/24 (EC2 subnets)
                     0.0.0.0/0   natgw  

Private route C      10.0.0.0/16 local       10.0.21.0/24,10.0.31.0/24 (RDS subnets)
                     0.0.0.0/0   natgw

The Public route is assigned to two public subnets which are connected to the LoadBalancer.

The Private route B,C are assigned to private subnets: Web server()EC2 plus database-RDS.

Any help would be appreciated.

enter image description here

Matrix
  • 241
  • 1
  • 5
  • 15
  • 2
    There's only one route table per subnet. Why do you have four route tables? Suggest you provide a diagram of what instances / services are where. – Tim Aug 10 '17 at 19:06
  • What route table is the private instance in? Also did you place the NAT gateway in a public subnet? – strongjz Aug 11 '17 at 12:46
  • @strongjz The Private route B,C are assigned to private instances which are sonncted to NAT Gateway, The LoadBalancer is assigned to Public subnets which are connected to Internet Gateway – Matrix Aug 13 '17 at 21:45
  • I see you edited your question, but it's still quite unclear what your network setup is, which subnet servers are located in, and what route tables apply to what. [A diagram](https://cloudcraft.co/) might help, if you draw it effectively. You need to be a lot more clear if you want any help. – Tim Aug 13 '17 at 21:46
  • @Tim Yes, there is only one default route table per VPC however it is possibe to make more route tables when we want to separate public and private subnets. – Matrix Aug 13 '17 at 21:46

2 Answers2

0

Your diagram shows the IGW subnets do not overlap with your NAT Gateway subnets. This is the issue. The NAT Gateway needs to be in a subnet with an attached IGW. This is true even though the NAT Gateway has a public ip (Elastic IP).

Jason Martin
  • 4,865
  • 15
  • 24
0

However I could not be able to reach the Website (DNS of ALB) afterward.

  1. Is the ALB internet-facing (as opposed to internal)?
  2. Does the security group on the ALB allow you to connect?

(Network packets from Internet via internet-facing ALB to EC2 instances and back ought not traverse a NAT gw).

Jukka
  • 686
  • 3
  • 4
  • Thanks for the reply. Yes the ALB is open for the internet. The Website has been set up with ALB before and it works fine. I just need to add NAT GW in order to do some updated on the server which is in a private subnet. – Matrix Aug 21 '17 at 08:31