AWS inter-subnet routing issue - amazon-web-services

I have a VPC ( say vpc-a ) with CIDR range 192.170.0.0/16 .
I have created 3 subnets in the VPC which are as follows:
> aws ec2 describe-subnets --filters Name=vpc-id,Values=vpc-05d932bbfd4bfe3c5
{
"Subnets": [
{
"AvailabilityZone": "ap-south-1b",
"AvailabilityZoneId": "aps1-az3",
"AvailableIpAddressCount": 57,
"CidrBlock": "192.170.80.0/26",
"DefaultForAz": false,
"MapPublicIpOnLaunch": true,
"State": "available",
"SubnetId": "subnet-0a4c7cc6faa094318",
"VpcId": "vpc-05d932bbfd4bfe3c5",
"OwnerId": "336282279309",
"AssignIpv6AddressOnCreation": false,
"Ipv6CidrBlockAssociationSet": [],
"Tags": [
...
],
"SubnetArn": "arn:aws:ec2:ap-south-1:336282279309:subnet/subnet-0a4c7cc6faa094318"
},
{
"AvailabilityZone": "ap-south-1a",
"AvailabilityZoneId": "aps1-az1",
"AvailableIpAddressCount": 48,
"CidrBlock": "192.170.0.0/26",
"DefaultForAz": false,
"MapPublicIpOnLaunch": true,
"State": "available",
"SubnetId": "subnet-0b6e7a1e1840713a9",
"VpcId": "vpc-05d932bbfd4bfe3c5",
"OwnerId": "336282279309",
"AssignIpv6AddressOnCreation": false,
"Ipv6CidrBlockAssociationSet": [],
"Tags": [
...
],
"SubnetArn": "arn:aws:ec2:ap-south-1:336282279309:subnet/subnet-0b6e7a1e1840713a9"
},
{
"AvailabilityZone": "ap-south-1c",
"AvailabilityZoneId": "aps1-az2",
"AvailableIpAddressCount": 49,
"CidrBlock": "192.170.160.0/26",
"DefaultForAz": false,
"MapPublicIpOnLaunch": true,
"State": "available",
"SubnetId": "subnet-0e45e8fc489794ea9",
"VpcId": "vpc-05d932bbfd4bfe3c5",
"OwnerId": "336282279309",
"AssignIpv6AddressOnCreation": false,
"Ipv6CidrBlockAssociationSet": [],
"Tags": [
...
],
"SubnetArn": "arn:aws:ec2:ap-south-1:336282279309:subnet/subnet-0e45e8fc489794ea9"
}
]
}
So basically 3 subnets are:
subnet-0 CIDR: 192.170.0.0/26 Zone: ap-south-1a
subnet-1 CIDR: 192.170.80.0/26 Zone: ap-south-1b
subnet-2 CISR: 192.170.160.0/26 Zone: ap-south-1c
The route tables are as follows:
aws ec2 describe-route-tables --filters Name=vpc-id,Values=vpc-05d932bbfd4bfe3c5
{
"RouteTables": [
{
"Associations": [
{
"Main": true,
"RouteTableAssociationId": "rtbassoc-02f438a98c50824f2",
"RouteTableId": "rtb-04a14541aaf44b1d1",
"AssociationState": {
"State": "associated"
}
}
],
"PropagatingVgws": [],
"RouteTableId": "rtb-04a14541aaf44b1d1",
"Routes": [
{
"DestinationCidrBlock": "192.170.0.0/16",
"GatewayId": "local",
"Origin": "CreateRouteTable",
"State": "active"
}
],
"Tags": [],
"VpcId": "vpc-05d932bbfd4bfe3c5",
"OwnerId": "336282279309"
},
{
"Associations": [
{
"Main": false,
"RouteTableAssociationId": "rtbassoc-047cce5bf22b50a76",
"RouteTableId": "rtb-08371ccc1f79ebfe6",
"SubnetId": "subnet-0e45e8fc489794ea9",
"AssociationState": {
"State": "associated"
}
},
{
"Main": false,
"RouteTableAssociationId": "rtbassoc-0fbf237d4b7af1b57",
"RouteTableId": "rtb-08371ccc1f79ebfe6",
"SubnetId": "subnet-0a4c7cc6faa094318",
"AssociationState": {
"State": "associated"
}
},
{
"Main": false,
"RouteTableAssociationId": "rtbassoc-066c66d94f1aa32a5",
"RouteTableId": "rtb-08371ccc1f79ebfe6",
"SubnetId": "subnet-0b6e7a1e1840713a9",
"AssociationState": {
"State": "associated"
}
}
],
"PropagatingVgws": [],
"RouteTableId": "rtb-08371ccc1f79ebfe6",
"Routes": [
{
"DestinationCidrBlock": "192.168.0.0/24",
"TransitGatewayId": "tgw-065d7ae5e846681b0",
"Origin": "CreateRoute",
"State": "active"
},
{
"DestinationCidrBlock": "192.170.0.0/16",
"GatewayId": "local",
"Origin": "CreateRouteTable",
"State": "active"
},
{
"DestinationCidrBlock": "0.0.0.0/0",
"GatewayId": "igw-0d37c7db290bf696c",
"Origin": "CreateRoute",
"State": "active"
}
],
"Tags": [
{
"Key": "Name",
"Value": "wqw"
}
],
"VpcId": "vpc-05d932bbfd4bfe3c5",
"OwnerId": "336282279309"
}
]
}
I have 2 ec2 instances :
instance-1 Subnet: subnet-0 , IP : 192.170.0.57
instance-2 Subnet: subnet-1 , IP : 192.170.80.6
I am unable to do ssh from instance-1 to instance-2 or vice-varsa. However I am able to ssh to both of them from another instance in another vpc with cidr 192.168.0.0/16 using transit gateway, which you may find in the routing information above.
Do I need to add additional routing info between the subnets subnet-0 & subnet-1 ? If so what would be the "target" of such route ? I tried enabling flow-log on the vpc but nothing came in cloud-watch logs.
Appreciate some help here.

The local VPC route will always be allowed so this is not a routing issue.
Check the following:
Security Groups
NACLs.
Also take a look at VPC Flow Logs and enable on both subnets. Look for REJECTs.

Related

How to upgrade AWS EC2 from t2.2xlarge to t3.2xlarge?

I have an t2.2xlarge AWS EC2 instance that i need to change it's type to t3.2xlarge.
But when i try to start it i get an
"Error starting instances The requested configuration is currently not
supported. Please check the documentation for supported
configurations."
When i run the check script everything is fine
https://github.com/awslabs/aws-support-tools/tree/master/EC2/NitroInstanceChecks
OK NVMe Module is installed and available on your instance
OK ENA Module with version is installed and available on your instance
OK fstab file looks fine and does not contain any device names.
And i also did all the checks described here
https://aws.amazon.com/premiumsupport/knowledge-center/boot-error-linux-nitro-instance/
aws ec2 describe-instances --instance-ids my-instance-id --query "Reservations[].Instances[].EnaSupport"
[
true
]
Is there anything else i should change to be able to start it as t3.2xlarge?
To reproduce:
Create an t2.2xlarge instance with default settings
Stop it and change type to t3.2xlarge
Try to start it
More detailed info about instance
aws ec2 describe-instances
{
"Reservations": [
{
"Groups": [],
"Instances": [
{
"AmiLaunchIndex": 0,
"ImageId": "ami-***********",
"InstanceId": "i-***********",
"InstanceType": "t2.2xlarge",
"KeyName": "***********",
"LaunchTime": "2020-11-24T06:11:41+00:00",
"Monitoring": {
"State": "disabled"
},
"Placement": {
"AvailabilityZone": "us-east-1e",
"GroupName": "",
"Tenancy": "default"
},
"PrivateDnsName": "ip-***********.ec2.internal",
"PrivateIpAddress": "***********",
"ProductCodes": [],
"PublicDnsName": "ec2-***********.compute-1.amazonaws.com",
"PublicIpAddress": "***********",
"State": {
"Code": 16,
"Name": "running"
},
"StateTransitionReason": "",
"SubnetId": "subnet-***********",
"VpcId": "vpc-***********",
"Architecture": "x86_64",
"BlockDeviceMappings": [
{
"DeviceName": "/dev/sda1",
"Ebs": {
"AttachTime": "2020-10-06T05:07:35+00:00",
"DeleteOnTermination": true,
"Status": "attached",
"VolumeId": "vol-***********"
}
}
],
"ClientToken": "",
"EbsOptimized": false,
"EnaSupport": true,
"Hypervisor": "xen",
"NetworkInterfaces": [
{
"Association": {
"IpOwnerId": "amazon",
"PublicDnsName": "***********.compute-1.amazonaws.com",
"PublicIp": "***********"
},
"Attachment": {
"AttachTime": "2020-10-06T05:07:34+00:00",
"AttachmentId": "eni-attach-***********",
"DeleteOnTermination": true,
"DeviceIndex": 0,
"Status": "attached",
"NetworkCardIndex": 0
},
"Description": "",
"Groups": [
{
"GroupName": "launch-wizard-1",
"GroupId": "sg-***********"
}
],
"Ipv6Addresses": [],
"MacAddress": "***********",
"NetworkInterfaceId": "eni-***********",
"OwnerId": "***********",
"PrivateDnsName": "ip-***********.ec2.internal",
"PrivateIpAddress": "***********",
"PrivateIpAddresses": [
{
"Association": {
"IpOwnerId": "amazon",
"PublicDnsName": "ec2-***********.compute-1.amazonaws.com",
"PublicIp": "***********"
},
"Primary": true,
"PrivateDnsName": "ip-***********.ec2.internal",
"PrivateIpAddress": "***********"
}
],
"SourceDestCheck": true,
"Status": "in-use",
"SubnetId": "subnet-***********",
"VpcId": "vpc-***********",
"InterfaceType": "interface"
}
],
"RootDeviceName": "/dev/sda1",
"RootDeviceType": "ebs",
"SecurityGroups": [
{
"GroupName": "launch-wizard-1",
"GroupId": "sg-***********"
}
],
"SourceDestCheck": true,
"Tags": [
{
"Key": "Name",
"Value": ""
}
],
"VirtualizationType": "hvm",
"CpuOptions": {
"CoreCount": 8,
"ThreadsPerCore": 1
},
"CapacityReservationSpecification": {
"CapacityReservationPreference": "open"
},
"HibernationOptions": {
"Configured": false
},
"MetadataOptions": {
"State": "applied",
"HttpTokens": "optional",
"HttpPutResponseHopLimit": 1,
"HttpEndpoint": "enabled"
},
"EnclaveOptions": {
"Enabled": false
}
}
],
"OwnerId": "***********",
"ReservationId": "r-***********"
}
]
}
I tried to launch a t3.2xlarge in us-east-1e and got the following error:
Your requested instance type (t3.2xlarge) is not supported in your requested Availability Zone (us-east-1e). Please retry your request by not specifying an Availability Zone or choosing us-east-1a, us-east-1b, us-east-1c, us-east-1d, us-east-1f.
AWS probably doesn't have t3.2xlarge instances available in this AZ.

Get AWS machine type (ubuntu/nixos/centos, etc) [duplicate]

This question already has answers here:
How to find OS of an EC2 instance using AWS CLI
(6 answers)
Closed 3 years ago.
Using an AWS cli command like so:
aws ec2 describe-instances
is there a way to get information about what kind of machine (or the AMI used) for each instance? This is the info I see for instance using describe-instances:
{
"Monitoring": {
"State": "disabled"
},
"PublicDnsName": "ecxxx-xxx-xxx-xxx-238.us-xxxt-2.compute.amazonaws.com",
"State": {
"Code": 16,
"Name": "running"
},
"EbsOptimized": false,
"LaunchTime": "20xx-x9-21T22:59:00.000Z",
"PublicIpAddress": "xxx.xxx.xxx.xxx",
"PrivateIpAddress": "xxx.xxx.xxx.xxx",
"ProductCodes": [],
"VpcId": "vpx-xx338d07",
"CpuOptions": {
"CoreCount": 2,
"ThreadsPerCore": 1
},
"StateTransitionReason": "",
"InstanceId": "i-xxxxf9762a4140a88",
"EnaSupport": true,
"ImageId": "amx-xx32ec5bc225539f5",
"PrivateDnsName": "ip-xxx-xxx-xxx-xxx.us-xxxt-2.compute.internal",
"KeyName": "ntrs-prod",
"SecurityGroups": [
{
"GroupName": "public web server",
"GroupId": "sg-xxxac430acd613381"
}
],
"ClientToken": "",
"SubnetId": "suxxxx-cc1c0e84",
"InstanceType": "t2.medium",
"CapacityReservationSpecification": {
"CapacityReservationPreference": "open"
},
"NetworkInterfaces": [
{
"Status": "in-use",
"MacAddress": "0z:5O:8z:O5:3o:9z",
"SourceDestCheck": true,
"VpcId": "vpx-xx338d07",
"Description": "",
"NetworkInterfaceId": "enx-xxbd4b3bd8f339aaf",
"PrivateIpAddresses": [
{
"PrivateDnsName": "ip-xxx-xxx-xxx-xxx.us-xxxt-2.compute.internal",
"PrivateIpAddress": "xxx.xxx.xxx.xxx",
"Primary": true,
"Association": {
"PublicIp": "xxx.xxx.xxx.xxx",
"PublicDnsName": "ecxxx-xxx-xxx-xxx-238.us-xxxt-2.compute.amazonaws.com",
"IpOwnerId": "amazon"
}
}
],
"PrivateDnsName": "ip-xxx-xxx-xxx-xxx.us-xxxt-2.compute.internal",
"Attachment": {
"Status": "attached",
"DeviceIndex": 0,
"DeleteOnTermination": true,
"AttachmentId": "enx-xxtach-01948e0bd9059a635",
"AttachTime": "20xx-x9-21T22:59:00.000Z"
},
"Groups": [
{
"GroupName": "public web server",
"GroupId": "sg-xxxac430acd613381"
}
],
"Ipxxxxdresses": [],
"OwnerId": "91xxxx820371",
"PrivateIpAddress": "xxx.xxx.xxx.xxx",
"SubnetId": "suxxxx-cc1c0e84",
"Association": {
"PublicIp": "xxx.xxx.xxx.xxx",
"PublicDnsName": "ecxxx-xxx-xxx-xxx-238.us-xxxt-2.compute.amazonaws.com",
"IpOwnerId": "amazon"
}
}
],
"SourceDestCheck": true,
"Placement": {
"Tenancy": "default",
"GroupName": "",
"AvailabilityZone": "us-xxxt-2a"
},
"Hypervisor": "xen",
"BlockDeviceMappings": [
{
"DeviceName": "/dev/sda1",
"Ebs": {
"Status": "attached",
"DeleteOnTermination": true,
"VolumeId": "vox-xxda51640e0c4ac9a",
"AttachTime": "20xx-x9-21T22:59:01.000Z"
}
}
],
"Architecture": "x86_64",
"RootDeviceType": "ebs",
"RootDeviceName": "/dev/sda1",
"VirtualizationType": "hvm",
"Tags": [
{
"Value": "manu-demo",
"Key": "Name"
},
{
"Value": "Web Server",
"Key": "Type"
}
],
"HibernationOptions": {
"Configured": false
},
"AmiLaunchIndex": 0
}
It's right there in the describe-images output under the field ImageId.
To get a list of instances and their images (i.e. AMIs), you can use the query option to list only those attributes:
$ aws ec2 describe-instances --query "Reservations[*].Instances[*].[InstanceId, ImageId]"

AWS Cloudfromation and autoscaling : The requested configuration is currently not supported. Launching EC2 instance failed

I want to replicate the infrastructure from one region(us-east-1) to another(us-east-2). so,I have generated a cloudfromation template of an existing infrastructure with the help of cloudformer tool.
"asgamazonecsclisetupapijoulebugprodEcsInstanceAsg1EIBNOXSXJ7HD": {
"Type": "AWS::AutoScaling::AutoScalingGroup",
"Properties": {
"AvailabilityZones": [
"us-east-2b",
"us-east-2c"
],
"Cooldown": "300",
"DesiredCapacity": "3",
"HealthCheckGracePeriod": "300",
"HealthCheckType": "ELB",
"MaxSize": "16",
"MinSize": "3",
"VPCZoneIdentifier": [
{
"Ref": "subnet81c8ebab"
},
{
"Ref": "subnet5df40214"
}
],
"LaunchConfigurationName": {
"Ref": "lcamazonecsclisetupapijoulebugprodAMI2017d"
},
"LoadBalancerNames": [
{
"Ref": "elbJBAPILiveCleanbit2016"
}
],
"Tags": [
{
"Key": "Name",
"Value": "Live - Cleanbit2016 - joulebug-api",
"PropagateAtLaunch": true
}
],
"TerminationPolicies": [
"Default"
]
}
},
"lcamazonecsclisetupapijoulebugprodAMI2017d": {
"Type": "AWS::AutoScaling::LaunchConfiguration",
"Properties": {
"AssociatePublicIpAddress": true,
"ImageId": "ami-0e6d83442546978bc",
"InstanceType": "c3.large",
"KeyName": "cleanbit2016_vpc",
"IamInstanceProfile": "amazon-ecs-cli-setup-api-joulebug-prod-EcsInstanceProfile-1M4GOHBP3FP5L",
"InstanceMonitoring": "true",
"SecurityGroups": [
{
"Ref": "sgCleanbit2016WebServerSG"
}
],
"BlockDeviceMappings": [
{
"DeviceName": "/dev/xvda",
"Ebs": {
"SnapshotId": "snap-0b2477be9c863d014",
"VolumeSize": 8
}
},
{
"DeviceName": "/dev/xvdcz",
"Ebs": {
"VolumeSize": 22
}
}
]
}
},
"elbJBAPILiveCleanbit2016": {
"Type": "AWS::ElasticLoadBalancing::LoadBalancer",
"Properties": {
"Policies": [
{
"PolicyName": "AWSConsole-SSLNegotiationPolicy-JB-API-Live-Cleanbit2016-1467998170471",
"PolicyType": "SSLNegotiationPolicyType",
}
],
}
}
"subnet81c8ebab": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "10.0.3.0/24",
"AvailabilityZone": "us-east-2b",
"VpcId": {
"Ref": "vpcdcbd08bb"
},
"Tags": [
{
"Key": "Name",
"Value": "Cleanbit2016 - Public 1b"
}
]
}
},
"sgCleanbit2016WebServerSG": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Web server security group for public subnet in vpc.",
"VpcId": {
"Ref": "vpcdcbd08bb"
},
"Tags": [
{
"Key": "Name",
"Value": "Cleanbit2016_ WebServerSG"
}
]
}
},
While launching the template in other region(us-east-2), it is throwing following error:
The requested configuration is currently not supported. Please check the documentation for supported configurations. Launching EC2 instance failed.
You don't have details of the regions you're using, but if you are trying to do this outside of us-east-1 the Availablility Zones won't work. It also looks like you have a number of other parts of the stack hard-coded, which may not work in another region.
And if you are trying to do this in us-east-1, there is the possibility that one of the AZs is unavailable to you - see this question for more details.
You have not provided enough information to be able to diagnose the situation.
I took your template, removed the portions that were incomplete (eg removed the Load Balancer because it was missing Listeners), simplified a few things and it works fine:
{
"AWSTemplateFormatVersion": "2010-09-09",
"Resources": {
"VPC": {
"Type": "AWS::EC2::VPC",
"Properties": {
"CidrBlock": "10.0.0.0/16",
"Tags": [
{
"Key": "Name",
"Value": "Lab VPC"
}
]
}
},
"ASG": {
"Type": "AWS::AutoScaling::AutoScalingGroup",
"Properties": {
"AvailabilityZones": [
"us-east-2b",
"us-east-2c"
],
"Cooldown": "300",
"DesiredCapacity": "1",
"HealthCheckGracePeriod": "300",
"MaxSize": "16",
"MinSize": "1",
"VPCZoneIdentifier": [
{
"Ref": "Subnet1"
},
{
"Ref": "Subnet2"
}
],
"LaunchConfigurationName": {
"Ref": "LaunchConfig"
}
}
},
"LaunchConfig": {
"Type": "AWS::AutoScaling::LaunchConfiguration",
"Properties": {
"AssociatePublicIpAddress": true,
"ImageId": "ami-0b59bfac6be064b78",
"InstanceType": "t2.micro",
"InstanceMonitoring": "true",
"SecurityGroups": [
{
"Ref": "WebServerSG"
}
]
}
},
"Subnet1": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "10.0.0.0/24",
"AvailabilityZone": "us-east-2b",
"VpcId": {
"Ref": "VPC"
},
"Tags": [
{
"Key": "Name",
"Value": "Public 1"
}
]
}
},
"Subnet2": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "10.0.1.0/24",
"AvailabilityZone": "us-east-2c",
"VpcId": {
"Ref": "VPC"
},
"Tags": [
{
"Key": "Name",
"Value": "Public 2"
}
]
}
},
"WebServerSG": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Web server security group for public subnet in vpc.",
"VpcId": {
"Ref": "VPC"
},
"Tags": [
{
"Key": "Name",
"Value": "WebServerSG"
}
]
}
}
}
}
Therefore, your problem lies in part of the template you did not provide.
You could start with this version, then progressively add back parts of your template until you discover what is causing the error.
If you wish to create a CloudFormation template that can run in multiple regions, you should not refer to specific Availability Zones (eg us-east-2b).
You can use Fn::GetAZs - AWS CloudFormation to obtain a list of AZs in region.
After a lot of debugging, when I started launching the things manually, I found the same error and I got to know that c3.large is causing the error. When I launch the template with c4.large it successfully launched the template from us-east-1 to us-east-2.

cloudformation autoscaling group add ALB

I am using auto-scaling setting with CloudFormation. add ALB target.
How do I configure ALB(not classic LB) to use auto-scaling?
The ARN of the ALB target and my Templetes is as follows.
In the guide, should add Target ARN for ALB.
{
"AWSTemplateFormatVersion": "2010-09-09",
"Resources": {
"asgautotestgr": {
"Type": "AWS::AutoScaling::AutoScalingGroup",
"Properties": {
"AvailabilityZones": [
"ap-southeast-1a"
],
"Cooldown": "300",
"DesiredCapacity": "2",
"HealthCheckGracePeriod": "300",
"HealthCheckType": "EC2",
"MaxSize": "4",
"MinSize": "2",
"VPCZoneIdentifier": [ "subnet-3fe2c***" ],
"LaunchConfigurationName": {
"Ref": "lcautotest"
},
"LoadBalancerNames" : [ "arn:aws:elasticloadbalancing:ap-southeast-1:7****3:targetgroup/sgp-ALB/4*****2" ],
"MetricsCollection": [
{
"Granularity": "1Minute",
"Metrics": [
"GroupInServiceInstances",
"GroupMaxSize",
"GroupPendingInstances",
"GroupDesiredCapacity",
"GroupStandbyInstances",
"GroupTerminatingInstances",
"GroupMinSize",
"GroupTotalInstances"
]
}
],
"TerminationPolicies": [
"Default"
]
}
},
"lcautotest": {
"Type": "AWS::AutoScaling::LaunchConfiguration",
"Properties": {
"IamInstanceProfile" : "Cd***2",
"AssociatePublicIpAddress": true,
"ImageId": "ami-*****0",
"InstanceType": "t2.large",
"KeyName": "key",
"InstanceMonitoring": "true",
"SecurityGroups": [ "sg-6***" ],
"BlockDeviceMappings": [
{
"DeviceName": "/dev/sda1",
"Ebs": {
"SnapshotId": "snap-0e0edaa*6",
"VolumeSize": 60
}
}
]
}
}
},
"Description": ""
}
my ALB ARN is hear.
arn:aws:elasticloadbalancing:ap-southeast-1:7*****3:loadbalancer/app/ALB-sgp/9*****6
and ALB Target.
arn:aws:elasticloadbalancing:ap-southeast-1:7*****3:targetgroup/sgp-ALB/4*****2

AWS cant connect to vm inside vpc

I am trying to create a VPC without the wizard.
I added the routes, internet gateway, NACL and Security groups but my vm remains unreachable, below I have posted details from the aws cli to give you precise details.
I have a feeling that it has something to do with my routes. I am unable to ping or ssh into my jumpbox
Architecture Diagram:-
yamazaki#yamazaki-linux:~$ aws ec2 describe-security-groups --group-ids sg-ab7a71cd
{
"SecurityGroups": [
{
"IpPermissionsEgress": [
{
"IpProtocol": "-1",
"IpRanges": [
{
"CidrIp": "0.0.0.0/0"
}
],
"UserIdGroupPairs": [],
"PrefixListIds": []
}
],
"Description": "mysg",
"IpPermissions": [
{
"PrefixListIds": [],
"FromPort": 22,
"IpRanges": [
{
"CidrIp": "0.0.0.0/0"
}
],
"ToPort": 22,
"IpProtocol": "tcp",
"UserIdGroupPairs": []
},
{
"PrefixListIds": [],
"FromPort": -1,
"IpRanges": [
{
"CidrIp": "0.0.0.0/0"
}
],
"ToPort": -1,
"IpProtocol": "icmp",
"UserIdGroupPairs": []
}
],
"GroupName": "mysg",
"VpcId": "vpc-220e9346",
"OwnerId": "646132786531",
"GroupId": "sg-ab7a71cd"
}
]
}
yamazaki#yamazaki-linux:~$ aws ec2 describe-network-acls --network-acl-ids acl-1816717c
{
"NetworkAcls": [
{
"Associations": [
{
"SubnetId": "subnet-91a025ac",
"NetworkAclId": "acl-1816717c",
"NetworkAclAssociationId": "aclassoc-78fa7001"
},
{
"SubnetId": "subnet-aea02593",
"NetworkAclId": "acl-1816717c",
"NetworkAclAssociationId": "aclassoc-ede56f94"
},
{
"SubnetId": "subnet-6da02550",
"NetworkAclId": "acl-1816717c",
"NetworkAclAssociationId": "aclassoc-19e46e60"
}
],
"NetworkAclId": "acl-1816717c",
"VpcId": "vpc-220e9346",
"Tags": [],
"Entries": [
{
"CidrBlock": "0.0.0.0/0",
"RuleNumber": 100,
"Protocol": "-1",
"Egress": true,
"RuleAction": "allow"
},
{
"CidrBlock": "0.0.0.0/0",
"RuleNumber": 32767,
"Protocol": "-1",
"Egress": true,
"RuleAction": "deny"
},
{
"RuleNumber": 100,
"Protocol": "6",
"PortRange": {
"To": 22,
"From": 22
},
"Egress": false,
"RuleAction": "allow",
"CidrBlock": "0.0.0.0/0"
},
{
"IcmpTypeCode": {
"Code": -1,
"Type": -1
},
"RuleNumber": 200,
"Protocol": "1",
"Egress": false,
"RuleAction": "allow",
"CidrBlock": "0.0.0.0/0"
},
{
"CidrBlock": "0.0.0.0/0",
"RuleNumber": 32767,
"Protocol": "-1",
"Egress": false,
"RuleAction": "deny"
}
],
"IsDefault": true
}
]
yamazaki#yamazaki-linux:~$ aws ec2 describe-vpcs --vpc-id vpc-220e9346
{
"Vpcs": [
{
"VpcId": "vpc-220e9346",
"InstanceTenancy": "default",
"Tags": [
{
"Value": "big",
"Key": "Name"
}
],
"State": "available",
"DhcpOptionsId": "dopt-80c96ce5",
"CidrBlock": "192.168.0.0/20",
"IsDefault": false
}
]
}
yamazaki#yamazaki-linux:~$ aws ec2 describe-subnets --subnet-ids subnet-6da02550 subnet-aea02593 subnet-91a025ac
{
"Subnets": [
{
"VpcId": "vpc-220e9346",
"Tags": [
{
"Value": "big-private-databases",
"Key": "Name"
}
],
"CidrBlock": "192.168.3.0/24",
"MapPublicIpOnLaunch": false,
"DefaultForAz": false,
"State": "available",
"AvailabilityZone": "us-east-1e",
"SubnetId": "subnet-91a025ac",
"AvailableIpAddressCount": 251
},
{
"VpcId": "vpc-220e9346",
"Tags": [
{
"Value": "big-internet",
"Key": "Name"
}
],
"CidrBlock": "192.168.1.0/24",
"MapPublicIpOnLaunch": false,
"DefaultForAz": false,
"State": "available",
"AvailabilityZone": "us-east-1e",
"SubnetId": "subnet-6da02550",
"AvailableIpAddressCount": 250
},
{
"VpcId": "vpc-220e9346",
"Tags": [
{
"Value": "big-private-computes",
"Key": "Name"
}
],
"CidrBlock": "192.168.2.0/24",
"MapPublicIpOnLaunch": false,
"DefaultForAz": false,
"State": "available",
"AvailabilityZone": "us-east-1e",
"SubnetId": "subnet-aea02593",
"AvailableIpAddressCount": 250
}
]
}
yamazaki#yamazaki-linux:~$ aws ec2 describe-route-tables --route-table-ids rtb-fb83c99f rtb-1eb9f37a rtb-c980caad rtb-9980cafd
{
"RouteTables": [
{
"Associations": [],
"RouteTableId": "rtb-fb83c99f",
"VpcId": "vpc-220e9346",
"PropagatingVgws": [],
"Tags": [
{
"Value": "big-in",
"Key": "Name"
}
],
"Routes": [
{
"GatewayId": "local",
"DestinationCidrBlock": "192.168.0.0/20",
"State": "active",
"Origin": "CreateRouteTable"
},
{
"GatewayId": "igw-51638f35",
"DestinationCidrBlock": "0.0.0.0/0",
"State": "active",
"Origin": "CreateRoute"
}
]
},
{
"Associations": [
{
"RouteTableAssociationId": "rtbassoc-0113ef66",
"Main": true,
"RouteTableId": "rtb-1eb9f37a"
}
],
"RouteTableId": "rtb-1eb9f37a",
"VpcId": "vpc-220e9346",
"PropagatingVgws": [],
"Tags": [
{
"Value": "big",
"Key": "Name"
}
],
"Routes": [
{
"GatewayId": "local",
"DestinationCidrBlock": "192.168.0.0/20",
"State": "active",
"Origin": "CreateRouteTable"
}
]
},
{
"Associations": [],
"RouteTableId": "rtb-c980caad",
"VpcId": "vpc-220e9346",
"PropagatingVgws": [],
"Tags": [
{
"Value": "big-in-computes",
"Key": "Name"
}
],
"Routes": [
{
"GatewayId": "local",
"DestinationCidrBlock": "192.168.0.0/20",
"State": "active",
"Origin": "CreateRouteTable"
}
]
},
{
"Associations": [],
"RouteTableId": "rtb-9980cafd",
"VpcId": "vpc-220e9346",
"PropagatingVgws": [],
"Tags": [
{
"Value": "big-computes-databases",
"Key": "Name"
}
],
"Routes": [
{
"GatewayId": "local",
"DestinationCidrBlock": "192.168.0.0/20",
"State": "active",
"Origin": "CreateRouteTable"
}
]
}
]
}
yamazaki#yamazaki-linux:~$ aws ec2 describe-internet-gateways --internet-gateway-ids igw-51638f35
{
"InternetGateways": [
{
"Tags": [
{
"Value": "big",
"Key": "Name"
}
],
"InternetGatewayId": "igw-51638f35",
"Attachments": [
{
"State": "available",
"VpcId": "vpc-220e9346"
}
]
}
]
}
yamazaki#yamazaki-linux:~$ aws ec2 describe-instances --instance-ids --instance-ids i-3c6c09c5
{
"Reservations": [
{
"OwnerId": "646132786531",
"ReservationId": "r-12f788fb",
"Groups": [],
"Instances": [
{
"Monitoring": {
"State": "disabled"
},
"PublicDnsName": "",
"State": {
"Code": 16,
"Name": "running"
},
"EbsOptimized": false,
"LaunchTime": "2015-12-10T16:30:41.000Z",
"PublicIpAddress": "52.70.141.142",
"PrivateIpAddress": "192.168.1.67",
"ProductCodes": [],
"VpcId": "vpc-220e9346",
"StateTransitionReason": "",
"InstanceId": "i-3c6c09c5",
"ImageId": "ami-60b6c60a",
"PrivateDnsName": "ip-192-168-1-67.ec2.internal",
"KeyName": "yamazaki",
"SecurityGroups": [
{
"GroupName": "mysg",
"GroupId": "sg-ab7a71cd"
}
],
"ClientToken": "DpGNG1449765041380",
"SubnetId": "subnet-6da02550",
"InstanceType": "t2.micro",
"NetworkInterfaces": [
{
"Status": "in-use",
"MacAddress": "06:1a:f4:6a:b6:f5",
"SourceDestCheck": true,
"VpcId": "vpc-220e9346",
"Description": "Primary network interface",
"Association": {
"PublicIp": "52.70.141.142",
"PublicDnsName": "",
"IpOwnerId": "646132786531"
},
"NetworkInterfaceId": "eni-971b94ab",
"PrivateIpAddresses": [
{
"Association": {
"PublicIp": "52.70.141.142",
"PublicDnsName": "",
"IpOwnerId": "646132786531"
},
"Primary": true,
"PrivateIpAddress": "192.168.1.67"
}
],
"Attachment": {
"Status": "attached",
"DeviceIndex": 0,
"DeleteOnTermination": true,
"AttachmentId": "eni-attach-cdd36cbc",
"AttachTime": "2015-12-10T16:30:41.000Z"
},
"Groups": [
{
"GroupName": "mysg",
"GroupId": "sg-ab7a71cd"
}
],
"SubnetId": "subnet-6da02550",
"OwnerId": "646132786531",
"PrivateIpAddress": "192.168.1.67"
}
],
"SourceDestCheck": true,
"Placement": {
"Tenancy": "default",
"GroupName": "",
"AvailabilityZone": "us-east-1e"
},
"Hypervisor": "xen",
"BlockDeviceMappings": [
{
"DeviceName": "/dev/xvda",
"Ebs": {
"Status": "attached",
"DeleteOnTermination": true,
"VolumeId": "vol-5ade4392",
"AttachTime": "2015-12-10T16:30:45.000Z"
}
}
],
"Architecture": "x86_64",
"RootDeviceType": "ebs",
"RootDeviceName": "/dev/xvda",
"VirtualizationType": "hvm",
"Tags": [
{
"Value": "jumpbox",
"Key": "Name"
}
],
"AmiLaunchIndex": 0
}
]
}
]
After adding a subnet association for the route table with the one with the internet gateway I was able to connect to my box.
aws ec2 describe-route-tables --route-table-ids rtb-fb83c99f
{
"RouteTables": [
{
"Associations": [
{
"SubnetId": "subnet-6da02550",
"RouteTableAssociationId": "rtbassoc-48a35d2f",
"Main": false,
"RouteTableId": "rtb-fb83c99f"
}
],
"RouteTableId": "rtb-fb83c99f",
"VpcId": "vpc-220e9346",
"PropagatingVgws": [],
"Tags": [
{
"Value": "big-in",
"Key": "Name"
}
],
"Routes": [
{
"GatewayId": "local",
"DestinationCidrBlock": "192.168.0.0/20",
"State": "active",
"Origin": "CreateRouteTable"
},
{
"GatewayId": "igw-51638f35",
"DestinationCidrBlock": "0.0.0.0/0",
"State": "active",
"Origin": "CreateRoute"
}
]
}
]
}