EC2 unable to connect to 1.1.1.1

0

Hi , we have below environment setup and we are unable to connect to 1.1.1.1 .

EC2 server(No public ip) and NAT gateway in same subnet, The subnet has route 1.1.1.1 next hop Natgateway

my question is why cant NAT gateway reach 1.1.1.1 without internet gateway? if we have both EC2 and NATgateway in the single subnet will the EC2 be able to connect to internet ? without internet gateway?

Will the NAT gateway be able to connect to internet independently? we need only outbound

please help

Akshata
質問済み 4ヶ月前168ビュー
1回答
1
承認された回答

Hello.

If a VPC does not have access to an Internet gateway, that VPC will not have an entrance/exit for communicating with the public network, so communication will not be possible even if a NAT Gateway is created.
NAT Gateway connects to the public network through the Internet gateway, so even if you create a NAT Gateway in a subnet that does not have a route to the Internet gateway, you will not be able to communicate to the public network.
Communication takes place as shown in the diagram in the document below.
https://docs.aws.amazon.com/vpc/latest/userguide/nat-gateway-scenarios.html

profile picture
エキスパート
回答済み 4ヶ月前
profile pictureAWS
エキスパート
レビュー済み 4ヶ月前
  • So in our case , when they are in same subnet , how should we create the route to internet gateway?

  • Does that mean EC2 and NAT Gateway are in the same subnet? I think that communication will probably not be possible even if the route to the Internet gateway and the route for the public access NAT Gateway are set in the same route table. Therefore, if you want to go through NAT Gateway, you will need to start EC2 in a private subnet and set a route to NAT Gateway in the route table.

  • Can u explain me why NAT should go through Internet gateway, why can’t this route the traffic alone

  • An internet gateway is linked to a VPC, but a NAT gateway is created within a subnet. The Internet gateway is your VPC's only gateway to the public network. If there is no Internet gateway, the VPC will lose the gateway to communicate with the public network, so even if there is a NAT Gateway, it will not be possible to communicate with the public network. https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Internet_Gateway.html
    https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html

    Public – (Default) Instances in private subnets can connect to the internet through a public NAT gateway, but cannot receive unsolicited inbound connections from the internet. You create a public NAT gateway in a public subnet and must associate an elastic IP address with the NAT gateway at creation. You route traffic from the NAT gateway to the internet gateway for the VPC. Alternatively, you can use a public NAT gateway to connect to other VPCs or your on-premises network. In this case, you route traffic from the NAT gateway through a transit gateway or a virtual private gateway.

ログインしていません。 ログイン 回答を投稿する。

優れた回答とは、質問に明確に答え、建設的なフィードバックを提供し、質問者の専門分野におけるスキルの向上を促すものです。

質問に答えるためのガイドライン

関連するコンテンツ