1 Answer
- Newest
- Most votes
- Most comments
2
You are correct as the Routing Table for the Subnet has the VPC CIDR as Local.
0.0.0.0/0 default routes to IGW from public Subnet
Relevant content
- Accepted Answerasked 10 months ago
- AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated a year ago
Thanks. If I ping using the private IP, I don't need any rules in the SG (the self-referencing rule is enough), but when I ping B's EIP, traffic must go through IGW (where A's EIP gets mapped to its private IP), so as the traffic appears to be arriving from A's EIP, I do need to whitelist A's EIP in the SG. Looks unnecessary at first but if we look closely that's the right approach!
You are correct. Ideally internal communication is always via a Private IP only. There are use cases but best practice is that EC2s do not have public IPs and use a Load balancer where needed for accessing EC2s from the internet. https://docs.aws.amazon.com/config/latest/developerguide/ec2-instance-no-public-ip.html