Reputation: 3
Amazon Web Services VPC public IP
Im working on building up my network which consists of a subnet in a VPC and three instances in the subnet. I have an elastic IP on one of the instances and no public ip or DNS on the others. For the purpose of the other instances reaching the internet for things like windows updates, is it possible to associate a public IP with the internet gateway on the VPC so all of the instances can reach the internet through one IP and for incoming traffic it would all be routed to Instance 1 only on a certain port. In our office now we have a server with multiple vlans all communicating to the internet with one public IP and i am trying to replicate this.
Thanks in advance for the help!
Upvotes: 0
Views: 223
Answers (3)
Reputation: 81356
You need to split your design into "public" and "private" subnets.
Create a new subnet. In this subnet add a NAT Gateway. Add a default route to the NAT Gateway. Then move the instances that you want private into the private subnet.
For the public subnet, just have the instances that you want to be public on the Internet.
The other suggestions about adding a NAT Gateway to your existing subnet won't work. You would need two default routes (one for the Internet Gateway and the other for the NAT gateway).
Keep in mind that the Internet Gateway is a special type of NAT Gateway. This is why you should not have have both in the same subnet (not without knowing what you are doing with route tables in both the VPC and the instances).
Upvotes: 0
Reputation: 146
I did some searching before writing out the whole answer and found this write up that should help give you an idea on the distintion between an internet gateway and a Nat gateway. This will help with what you're trying to accomplish:
AWS VPC - Internet Gateway vs. NAT
As other have posted: using a NAT gateway is the best option here since instances with private ips will be able to connect to the internet.
If you do have instances that are "public" ie with and EIP and others that should be private, I would recommend this architecture as laid out in the vpc guides on aws:
https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Scenario2.html
This will give you a good logical separation between public and private servers since they will be within their own subnet.
Upvotes: 5
Related Questions
- EC2 instance in public subnet has no public IP
- What does public subnet mean in AWS VPC?
- AWS public subnet VPC communication
- How an EC2 access another EC2 in the same VPC using public IP?
- Launching EC2 instance into vpc and with a public IP
- Access Internet from AWS VPC instance without public IP address
- amazon aws ec2 public ip address
- Amazon Web Services VPC setup
- EC2 instance in VPC public DNS name
- Accessing an EC2 instance launched into a VPC without public IP address?