-1

I created ec2 instances in a public subnet (auto created with vpc wizard), and realized that some of them are not able to access internet. I learned that reason behind it is they don't have public ip address.

If instance requires public ip to connect to the internet, what is the purpose of putting them in a VPC / behind the firewall.

Isn't ports already exposed to the internet? What am I missing here?

Mohamed
  • 109
  • 4
  • 1
    You can use a NAT Gateway to give instances in a private subnet outgoing internet access, or you can assign an elastic IP to have bidirectional internet. AWS is a complex enterprise environment, it's not really suitable for people who aren't willing to invest the time (a LOT of time) to understand it. AWS Architect Associate courses will give you a good basic understanding of AWS. If you want simple try AWS Lightsail or Digital Ocean. – Tim Apr 21 '19 at 09:36
  • There already is NAT gateway in VPC / assigned to subnet. When I assign elastic ip, instance is able to connect to the internet, when I detach it, connection is gone. So you are saying, I can do it without assigning elastic ip. New question is how. – Mohamed Apr 21 '19 at 09:41
  • You need to route to the NAT instance in your subnet routing table. Like I said, AWS isn't a simple environment, you're going to run into many, many things you don't understand if you don't get training. – Tim Apr 21 '19 at 20:46

2 Answers2

2

The question could have a myriad of answers. I think having the flexibility is a good thing. Three use cases that spring to mind are:

  1. I want a hot standby machine that I can re-point an EIP at for failover purposes.
  2. I only want one subnet and have no need for the server to communicate with the Internet.
  3. I don't want my server to always have a public IP

The first answer is a real world reason. The second and third are hypotheticals but possible reasons.

If you want a server to have an IP auto-assigned by default you can change the settings in the subnet.

From the console,

  • Go to VPC -> Subnets.
  • Select the subnet to change.
  • Click Actions and select Modify auto-assign IP settings

References

https://docs.aws.amazon.com/vpc/latest/userguide/vpc-ip-addressing.html

kenlukas
  • 2,886
  • 2
  • 14
  • 25
1

If it's public under subnet, it is not able to use NAT, since it's public It requires Internet Gateway, and requires public ip. If you create instance under private subnet, It will be able to work with NAT and connect to the internet without requiring instance specific public ip.

Mohamed
  • 109
  • 4