I created an EC2 instance, but I want to attach an elastic IP to it so that if I ever have to resize the instance, the IP doesn't change.
So I allocated a new elastic IP address, but when I try to associate it with the instance, I get this error:
Network vpc-c00973b1 is not attached to any internet gateway
What am I doing wrong?
Your instance is in AWS VPC (not in Classic). This VPC is not default VPC which comes with pre-attached Internet Gateway. Your VPC requires an internet gateway to communicate with outside of your VPC. i.e. that includes any destination on internet. To attach elastic IP you must attach an Internet Gateway with your VPC and add route to internet in your subnet's route table. (0.0.0.0/0 to Internet Gateway)
This guide will help you for detailed steps.
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Internet_Gateway.html#Add_IGW_Attach_Gateway
Related
I have problems with assigning two internet gateways in the infrastructure with terraform.
I have two subnets, a subnet manages all the frontend and the other subnets manages all the backend, i want to assign them an internet gateway to each ec2 instance so to can use them from the internet, but I'm getting the next error:
error attaching EC2 Internet Gateway (igw-0b0af7a9d5274c29d) to VPC (vpc-095fd5e0ee29b981d): InvalidParameterValue: Network vpc-095fd5e0ee29b981d already has an internet gateway attached
It is not possible to attach more than one InternetGateway per VPC. For ec2 instances to access the internet, add rote to your subnet's route table that directs all default traffic (0.0.0.0/0) to your InternetGateway. Also assign Public IP / Elastic IP to each of EC2.
Refer this AWS doc for more info:-
https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Internet_Gateway.html
I have a Fargate service with one task. From this task I have to interact with a SFTP server managed by an other company, and they need to whitelist my IP.
I've already set a NLB to have a static inbound IP and it's working great, but now I need my outbound IP to static too.
I've read similar questions and they proposed the use of a NAT gateway but it's not working so far.
I have created the NAT gateway, associated it with an Elastic IP and the subnet which hosts the service but it's not working, the outbound IP is still the dynamically allocated one.
What extra steps am I missing?
I have created the NAT gateway, associated it with an Elastic IP and
the subnet which hosts the service
The NAT Gateway needs to be in a public subnet (a subnet with an Internet Gateway attached).
The service needs to be in a private subnet (a subnet with no Internet Gateway, and a route to the NAT Gateway).
The service needs "Assign Public IP" set to false.
i've an elastic IP associated with my instance
i've security group of instance permits incoming connections
my instance firewall permits incoming connections
my application listens
i allowed specifically the Echo Request protocol in the ICMP inbound
traffic of my EC2 instances.
In the past I could ping the domain name linked to my machine.
After looking for where the error could have come from I realized that in elastic IP there was no NAT Gateway associated.
I can't remember if this is necessary or not ?
i guess this issue is coming from here .
Function of NAT gateway is to enable instance in a private subnet to connect to the internet and prevent the internet from initiating a connection with those instance. NAT gateway need elastic IP. So if you have an NAT gateway configured then one EIP should be attached with it. In your case this EIP is attached to an EC2 instance not to NAT gateway thats why it showing no NAT gateway attached.
Your issue might be with security group rules. Check your SG. To exactly answer your question please add more information in your question like..Where your instance launched. In public subnet or in private subnet ? Have you attached EIP to instance launched in private subnet ? What is the inbound rules configured in SG ? what is the command you are using ?
Update:
Instance were launched in private subnet. After adding routes for IGW in the route table of the subnet, this issue has been resolved
I created a VPC, added an internet gateway, added two subnets, and then launched an instance into that VPC. I created a security group that permits any traffic from anywhere and assigned it to that instance. I assigned to enable a public IP address (I didn't assign it an elastic ip).
I cannot for the life of me figure out why I cannot connect to public ip address of instance. I've literally gone back destroyed and created my vpc and instances with no luck.
There has got to be something simple I'm missing, it cannot be this difficult. What is going on??
You have created the internet gateway but must have forgot to attach the Internet Gateway to the Subnet in which you are launching the EC2 instances. Go to the subnet in which you have launched the EC2 instances and attach the Internet gateway to the subnet. When you check the route table for the subnet it should look some thing like this screenshot. That "igw" is the internet gateway.
Even you allowed all the traffic in Security group. we need to check the INTERNET GATEWAY added in the Route Tables
For that,
SERVICES > VPC > ROUTE TABLES and select your Route table
In the routes Tab after to summary,
Please check you have added your INTERNET GATEWAY
I working on aws. I created a public subnet which has a network ACL allows all net traffic, and associated with a internet gateway in the route table.
And then I create a ec2 instance without elastic ip and a ec2 instance with elastic ip in it, and the security group also allows all traffic.
I ssh to the instance which has elastic ip. It works well when I run yum update and curl www.baidu.com and so on. But I can't access internet when I ssh to the ec2 instance which has no elastic ip. anyone knows that is why?
For accessing internet from EC2 instance in public subnet using Internet Gateway, the instance needs to have public IP address. Either one can configure the instance to have public IP address or attach EIP.
Reference: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Internet_Gateway.html
If you do not want to attach public IP address for instances with Internet access (consider private subnets), NAT instance and NAT gateway can help.
Reference: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-nat.html
As well as being in a subnet that has a route to an Internet gateway, an instance must have a public IP address to communicate with the outside world (this is distinct from an elastic IP).
You can specify this when launching an instance, if not there is a per subnet setting that controls this. The per subnet setting defaults to false other than default subnets in your default VPC. There are more details in the aws docs.
The problem lies with the gateway connected to the subnet you are using. To check the gateway you are using:
Go to the subnet you are using
Click on the Route table
Under Routes -> Destination look for 0.0.0.0/0 and check the gateway you have for it under Target
Here's how the gateways behave:
Internet Gateway (IGW) allows instances with public IPs to access the internet.
NAT Gateway (NGW) allows instances with no public IPs to access the internet.
This is a good article to help you understand and solve your problem:
https://medium.com/awesome-cloud/aws-vpc-difference-between-internet-gateway-and-nat-gateway-c9177e710af6