I have a question on setting up my AWS VPC.
I currently have a public subnet where I have my webservers serving my application. I have a private subnet where my DB is hosted.
My application connects to many APIs which require me to whitelist the incoming IP address of my webserver. This hasn't been an issue since I have an elastic IP on my primary web server.
I'm starting to get a lot of traffic and have opsworks setup to scale, but my issue is that in the event opsworks starts new instances, those instances need to be whitelisted with my apis for them to have access.
My question is. Can I just create another public subnet and route my webservers through a NAT server in that subnet?
I have tried to do it and everytime I change my route table of my web servers to the nat server subnet, my apps die.
Here is the setup I have:
Public Subnet : Web Servers Private Subnet : DB Servers
Web servers connect to the internet via internet gateway.
Here is what I'm shooting for:
Public Subnet : Web Servers Public Subnet : NAT Server Private Subnet : DB Server
Web servers are routed to internet via NAT.
When I create a nat instance, i can ping it from my web servers, but when I change the route table to route through the subnet with the nat server, it stops working.
Things I have tried
I have made sure my source/dest is disabled for the NAT server
I have opened up all permissions on the ACL and Security Group for the NAT server and subnet.
Aucun commentaire:
Enregistrer un commentaire