I created a NAT gateway so that my Amazon Elastic Compute Cloud (Amazon EC2) instances can connect to the internet. However, I can't access the internet from my EC2 instances.
Resolution
Subnet misconfigurations or missing routes typically cause internet connectivity issues with NAT gateways.
If you can't connect to the internet with your NAT gateway, then verify the following configurations:
- The subnet where you launched the NAT gateway is associated with a route table that has a default route to an internet gateway.
- The subnet where you launched your EC2 instances is associated with a route table that has a default route to the NAT gateway.
- You allow outbound internet traffic in the security groups and the network access control list (network ACL) that's associated with your source instance.
- The network ACL that's associated with the subnet where you launched the NAT gateway allows inbound traffic from the instances and the internet hosts. The network ACL must also allow outbound traffic to the internet hosts and the instances.
To allow your instances to access an HTTPS website, the network ACL that's associated with the NAT gateway subnet must have the following rules.
Inbound rules:
| | | |
---|
Source | Protocol | Port Range | Allow/Deny |
VPC CIDR | TCP | 443 | ALLOW |
Internet IP | TCP | 1024-65535 | ALLOW |
Outbound rules:
| | | |
---|
Destination | Protocol | Port Range | Allow/Deny |
Internet IP | TCP | 443 | ALLOW |
VPC CIDR | TCP | 1024-65535 | ALLOW |
Related information
How do I set up a NAT gateway for a private subnet in Amazon VPC?
Work with NAT gateways
Access the internet from a private subnet
How do I use the VPC Reachability Analyzer to troubleshoot connectivity issues with an Amazon VPC resource?