Question

I'm a bit lost on that one - I've followed AWS documentation and it seems that there is nothing more I can find. The situation summary is that I have an EC2 instance within a VPC and it can't reach the Internet despite following Amazon AWS instructions in setting up a NAT for the VPC. Details below:

1. I have a VPC with one subnet (CIDR 10.0.0.0/24) and one EC2 instance in (it has private IP address within VPC only, 10.0.0.168)

2. I have created an Internet Gateway and attached it to the said VPC.

3. I have created a Network ACL with All Traffic Allow for 0.0.0.0/0 for both Inbound and Outbound traffic and attached the ACL to the VPC's only subnet.

4. VPC subnet security group also allows all traffic in and out for 0.0.0.0/0

5. I have created a NAT Gateway which has a private IP address within the VPC (10.0.0.95) and a public Elastic IP address (let's say 18.154.34.97, but I assume this doesn't matter). This NAT Gateway is attached to the VPC's only subnet.

6. I have created routing table that is associated with VPC's subnet (10.0.0.0/24) and contains two entries:

Answer 1

A total of two subnets is required. One is open to the public, while the other is closed to the public.

Subnetwork open to the general public

The public IP address of a public subnet can be enabled. A NAT gateway and a route table should be included:

    Destination     Target
    10.0.0.0/24     local
    0.0.0.0/0       internet-gateway

subnet (private)

In the private subnet, your private instance should be. A route table for the subnet is required: 

  

     Destination     Target
    10.0.0.0/24      local
     0.0.0.0/0       nat-gateway-id