Issue
I am working on an application having a custom VPC and 2 subnets. 1 public subnet and 1 private subnet. Each subnet has an ec2 instance.
Public instance is having internet access via internet gateway and private instance is accessible only via public instance.
I am trying to connect to internet from ec2 instance located in private subnet. However i am not able to connect.
I created Public Nat Gateway in public subnet and updated the route table of private subnet to route any where traffic to public nat gateway.
I used putty to connect to public ec2 instance by using paegent to store key and enable ssh agent forwarding. I was able to connect to public instance and then private instance and inside of private instance i was able to find the forwarded key. But when i tried pinging to google.com, i was not getting response.
Could you please point out where and what i missed?
Solution
The private instance will require Outbound rules in its Security Group. This permits the instance to make Outbound requests (in this case, to the Internet).
The normal default setting is to "Allow All" outbound traffic. This is because you can normally trust your own instance. It will not open your instance to any Inbound requests. Security Groups are stateful meaning that they will allow traffic to return from your request.
Answered By - John Rotenstein