Please note that this question is different than this one here where they used a standard AMI vs NAT AMI (in my case). Also in my case private instance can access Internet via ipaddress but not via hostname resolution.
Here's my setup:
- Non-default VPC with 1 public subnet & 1 private subnet.
- NAT instance on the public subnet with an elastic IP. Used Amazon Community NAT AMI: amzn-ami-vpc-nat-hvm-2017.09.1.20180108-x86_64-ebs ami-d4a883b1. Amazon Linux AMI 2017.09.1.20180108 x86_64 VPC NAT HVM EBS
- Security group as per NAT Security Group documentation attached to NAT instance above
- Private instance (on private subnet) can reach Internet via NAT instance as long as it uses ip address. For example:
curl http://74.125.135.99/
works butcurl http://www.google.com
doesn't work
Private instance:
$cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.0.1
search us-east-2.compute.internal
$ curl http://74.125.135.99/
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="http://www.google.com/">here</A>.
</BODY></HTML>
$ curl http://www.google.com/
curl: (6) Could not resolve host: www.google.com
NAT instance:
$ cat /etc/resolv.conf
; generated by /sbin/dhclient-script
search us-east-2.compute.internal
options timeout:2 attempts:5
nameserver 10.0.0.2
UPDATE: Following DNS settings are on my VPC:
DNS resolution: yes
DNS hostnames: yes