Reputation: 45
use yum in AWS private subnet EC2
I'm trying to use yum in private subnet instance to using NAT Gateway
so my VPC settings is as follows.
VPC Setting
I set my private subnet security group as follows
Private Subnet Security Group Setting
and I set my private subnet ACL as follows
Private Subnet ACL Setting
I open TCP port in ACL but, I don't open any port in security group without ssh However I can use yum in private subnet instances
I wonder why I can use yum in private subnet instances?
Upvotes: 0
Views: 1641
Answers (1)
Reputation: 81336
The rules that you set for your security group are "inbound". The Linux command yum makes "outbound" connections. The "inbound" rules have no effect for "outbound" connections.
AWS Security Groups are "smart". This means that when a connection is made (inbound or outbound) the return port is automatically opened. Even if you have no ports open in your inbound security group, the outbound connection will still succeed.
Network ACLs are different. They are "dumb". This means that the inbound port must be open for an outbound connection. In your case you opened ports 1024 - 65535, which allows the outbound connection to succeed. If you close those ports, yum will stop working.
Note: ports below 1024 are reserved and require "privilege". For normal outbound connections the return port will be above 1024.
Upvotes: 2
Related Questions
- How to access to EC2 Instance in private subnet?
- AWS cloud web servers with private subnet
- Amazon ELB for EC2 instances in private subnet in VPC
- How to connect to an ec2 through SSH that is in a private subnet without using any public subnet?
- EC2 instances in private subnets cannot access amazon repository
- How to setup instances in a private subnet of an AWS VPC?
- Access Jenkins running in Private subnet AWS
- Amazon Web Service EC2 instance RedHat yum does not work
- Yum command on new EC2 Instances
- how to use a private yum repo on amazon-s3 to provision amazon-ec2 instances?