Resolution
----------

Subnet misconfigurations or missing routes typically cause internet connectivity issues with NAT gateways.

If you can't connect to the internet with your NAT gateway, then verify the following configurations:

*   The subnet where you launched the NAT gateway is associated with a route table that has a default route to an internet gateway.
*   The subnet where you launched your EC2 instances is associated with a route table that has a default route to the NAT gateway.
*   You allow outbound internet traffic in the security groups and the network access control list (network ACL) that's associated with your source instance.
*   The network ACL that's associated with the subnet where you launched the NAT gateway allows inbound traffic from the instances and the internet hosts. The network ACL must also allow outbound traffic to the internet hosts and the instances. 

To allow your instances to access an HTTPS website, the network ACL that's associated with the NAT gateway subnet must have the following rules.

Inbound rules:

|     |     |     |     |
| --- | --- | --- | --- |
| **Source** | **Protocol** | **Port Range** | **Allow/Deny** |
| VPC CIDR | TCP | 443 | ALLOW |
| Internet IP | TCP | 1024-65535 | ALLOW |

Outbound rules:

|     |     |     |     |
| --- | --- | --- | --- |
| **Destination** | **Protocol** | **Port Range** | **Allow/Deny** |
| Internet IP | TCP | 443 | ALLOW |
| VPC CIDR | TCP | 1024-65535 | ALLOW |

Related information
-------------------

[How do I set up a NAT gateway for a private subnet in Amazon VPC?](https://aws.amazon.com/premiumsupport/knowledge-center/nat-gateway-vpc-private-subnet/)

[Work with NAT gateways](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-working-with)

[Access the internet from a private subnet](https://docs.aws.amazon.com/vpc/latest/userguide/nat-gateway-scenarios.html#public-nat-internet-access)

[How do I use the VPC Reachability Analyzer to troubleshoot connectivity issues with an Amazon VPC resource?](https://aws.amazon.com/premiumsupport/knowledge-center/vpc-connectivity-reachability-analyzer/)

I created a NAT gateway so that my Amazon Elastic Compute Cloud (Amazon EC2) instances can connect to the internet. However, I can't access the internet from my EC2 instances.

Troubleshoot EC2 instances accessing the internet using a NAT gateway

Why can't I use a NAT gateway to access the internet from my EC2 instances?

Networking & Content Delivery

How to figure out whether NAT Gateway processing charge is due to internet bound traffic or within AWS?

Why can't my Amazon EC2 instance in a private subnet connect to the internet using a NAT gateway?

Why can't my Amazon EC2 instance access the internet through an internet gateway?

How do I migrate from a NAT instance to a NAT gateway?

I'm seeing inbound traffic in the VPC flow logs for my public NAT gateway. Is my public NAT gateway accepting inbound traffic from the internet?

Instances within the private subnet are unable to access the internet using NAT gateway.

How to enable internet for EC2 using NAT Gateway?

Slow internet connection when using NAT Gateway

Can private fargate instances access public sites via internet gateway instead of a NAT?

Ec2 instance in private subnet can send outbound traffic without NAT gateway


Source	Protocol	Port Range	Allow/Deny
VPC CIDR	TCP	443	ALLOW
Internet IP	TCP	1024-65535	ALLOW


Destination	Protocol	Port Range	Allow/Deny
Internet IP	TCP	443	ALLOW
VPC CIDR	TCP	1024-65535	ALLOW

Why can't I use a NAT gateway to access the internet from my EC2 instances?

Resolution

Related information

Relevant content