I set up a VPC using scenario 2 from the AWS Docs: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Scenario2.html
I've assigned an Elastic IP to an EC2 instance running in a Public Subnet. SSH works fine and I can access the website running on it. I cannot, however make outgoing HTTP or HTTPS requests ( I noticed this when trying to run yum update
).
I believe all my security settings are correct. Am I not able to make outgoing HTTP/HTTPS requests through the internet gateway? I specifically requested not to have a public IP assigned to this instance when created, because I knew I was going to assign an Elastic IP that gets liked to the website DNS. I have a NAT setup for instances in the Private Subnet, but I currently only have RDS instances running there, so I have not tested outgoing requests from there.
The security group for that EC2 instance has the following outbound rules:
The routes table for that subnet has the following settings:
The Network ACL has the following settings:
The default DHCP Option Set has the following settings:
domain-name = ec2.internal
domain-name-servers = AmazonProvidedDNS
The default /etc/resolv.conf
settings are:
search ec2.internal
nameserver 10.0.0.2
The CIDR Blocks for the VPC and Subnets are as follows:
VPC: 10.0.0.0/16
Public Subnet: 10.0.0.0/24
Private DB Subnet in US East 1A: 10.0.1.0/24
Private DB Subnet in US East 1C: 10.0.2.0/24
STILL WONDERING
Why doesn't the provided AWS DNS Server work in this case?
PROBLEM
The problem was that DNS names weren't resolving via the local DNS server than Amazon provided when originally creating the VPC. I discovered that I could make outgoing HTTP/HTTPS connections to IP addresses, which didn't need to contact a DNS server to resolve.
SOLUTION
I had to create a custom DHCP Option Set within the Amazon VPC AWS Console and set Google's public DNS IPs as
domain-name-servers = 8.8.8.8, 8.8.4.4
.Then I had to update
/etc/resolv.conf
setting the same thing:nameserver 8.8.8.8 nameserver 8.8.4.4