1 Answer
- Newest
- Most votes
- Most comments
1
Does your subnet's route table have a route to the Internet Gateway? Are your subnet NACLs fully open or allowing ephemeral ports?
Relevant content
- Accepted Answerasked 10 months ago
- Accepted Answerasked 10 months ago
- AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 9 months ago
One of the routes in the route table has as a "Destination"
0.0.0.0/0
and as a "Target"igw-076ee1e02b061c9d4
. When I click on the "Target" it takes me to an "Internet gateways" page. So, I think that's a "yes" to your first question.Under the Network ACL's tab I have two inbound rules, both of which have "Type" set to "All Traffic". "Port Range" is also set to "All". However, in the "Allow/Deny" column, one of the rules is set to "Deny" while the other is set to "Allow". So, I'm unsure how to answer your second question. Also note that the "Rule Number" of the rule that is set to "Deny" is set to
*
. I also tried to remove this rule, but it does not allow for this operation. I am only able to remove the rule that is set to "Allow".https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html shows what the default NACL rules should look like. Your inbound ones sound fine, but you need to check outbound also.