I have 2 EC2 instances. Let's call them A and B.
Instance A serves as my bastion host. Outsiders can SSH to that machine. It has an Elastic IP address which is publicly accessible. Instance B is an instance in an Auto-scaling group. It has no public IP address since outsiders shouldn't be able to SSH to it. However users should be able to SSH to B from A. Both instance A and B need to allow outbound traffic on all ports on all protocols to all destinations so that we can download software from the internet onto them using tools such as wget and apt-get.
Both Instance A and B are on the same subnet within the same VPC. Instance A has security groups PublicSG and InternalSG. Instance B has security group InternalSG only. The VPC has an Internet Gateway attached to it. And there is a RouteTable associated with VPC that routes all traffic going out of the subnet through that gateway
The problem I'm having is that I can only ping 4.2.2.2 from instance A but not from instance B. I cannot figure out why or how to fix this. Can someone please explain why? How do I get an instance that doesn't have a public IP address to talk to the public internet? I thought the Route Table and Internet Gateway would allow this functionality.
Aucun commentaire:
Enregistrer un commentaire