-2

I setup and am using a NAT Gateway per these instructions:

AWS Lambda: How to setup a NAT gateway for a lambda function with VPC access

The Lambda functions using the private subnet with the NAT Gateway now seem to be able to access the Internet. So that's good.

However, I launched an EC2 micro-instance with a public IP address into the private subnet, and I cannot connect to it via SSH. There is some reference to this issue in the question I linked aboved, namely that it is technically a misconfiguration, but I was hoping someone could explain in detail why this is the case and why the EC2 instance is inaccessible.

Community
  • 1
  • 1
oliakaoil
  • 1,555
  • 1
  • 15
  • 33
  • The instance is in private subnet? if yes attaching a public IP will not help, it can only be accessed from an instance in the public subnet – Shibashis Jun 02 '16 at 18:29
  • @Shibashis I've confirmed that it's not accessible from my own testing, as per my question description. I don't understand how it's possible for an EC2 instance to have a public IP address but be inaccessible from the Internet. – oliakaoil Jun 02 '16 at 18:50
  • Even if the Instance has an Public IP it needs internet connection for the SSH. When you create a NAT Gateway/Instance the internet connection to the EC2 instance in private subnet goes through he NAT so you cannot directly SSH into the EC2 instance from anywhere else. It is simple your laptop also has a Public IP address but if it is not connected to internet you cannot RDP into your laptop from a remote location. – error2007s Jun 02 '16 at 19:32
  • 1
    @oliakaoil go read this entire answer: http://stackoverflow.com/questions/22188444/why-do-we-need-private-subnet-in-vpc – Mark B Jun 02 '16 at 20:39
  • Go ask this question in Server fault or Network Engineering Stack Exchange. – error2007s Jun 02 '16 at 22:14
  • Also NAT is only for outbound access Not Inbound – Sam-T Nov 28 '18 at 02:49

1 Answers1

0

You cannot SSH into a EC2 instance which is in Private Subnet even if you assign a public IP address to it. Follow this procedure for SSH into the EC2 instance that is in Private Subnet.

https://cloudpages.wordpress.com/2013/08/05/ssh-to-an-instance-in-private-subnet/

Or create a bastion host in Public subnet which has access to your Private Subnet Ec2 instance and then SSH to the EC2 instance from the Bastion host.

error2007s
  • 11,474
  • 5
  • 25
  • 45
  • Not sure why this answer has a down-vote. It is the correct answer. – Mark B Jun 02 '16 at 20:39
  • @markb downvoted because I did not ask whether it was possible or not, or how to do it. I stated that it doesn't seem possible and asked why. This answer does not address that question. – oliakaoil Jun 02 '16 at 22:01