I'm learning AWS and how to configure networking for EC2 instances and have a few questions. I'm using CentOS 7 in t2.micro instances.
The private IP is tied to the NIC in the instance as shown by
ifconfig -a
. The purpose seems to be a single point of contact for the server. Adding another network interface does NOT add another NIC as shown byifconfig -a
. Since the primary network interface cannot be a static IP, a secondary network interface is necessary for most configurations. For example, to connect the application to the database server, use the static IP assigned to the second network interface. Am I understanding this correctly?The public IP is shown in the AWS console and provides a means to connect to the instance via SSH, assuming you configure the SG. The public IP also provides a means to access the internet for system updates. This seems to contradict the AWS documentation for NAT. If the public IP already provides internet access, why is a NAT (instance or gateway) needed? This is in reference to system updates which the documentation references.
You can use a NAT device to enable instances in a private subnet to connect to the Internet (for example, for software updates) or other AWS services, but prevent the Internet from initiating connections with the instances. A NAT device forwards traffic from the instances in the private subnet to the Internet or other AWS services, and then sends the response back to the instances.
- Is a public IP and private IP are always assigned to each instance? I haven't walked through the process of creating an [new] AMI to verify if there's an option to not have a public IP. If the instance doesn't have a public IP, will the AWS console
Connect
button still allow you to connect to it to administer the server? Under what scenario will an instance NOT have a public IP? How do you connect to that instance to administer it?
I have read the NAT Gateway documentation and understand much of it. I'm having trouble understanding the pieces that state a NAT gateway or internet gateway is necessary to enable internet access, when it seems this is enabled by default. What am I missing?