Am I doing something wrong or is the AWS VPC ec2 instances not able to reach any of the AWS managed services (s3/sns/sqs) without a public route to the Internet Gateway in the routetable?
I was told here Aws vpc default route table in CloudFormation that AWS VPC default routetable has no public route by default so it can "protect" the VPC.
But if I can't access AWS services without a public route… That just defeats the purpose as I would be practically adding public route to all the routetables?
Best Answer
That's correct. If you need to use those services, your instances will need EIPs or public IPs or you'll need a NAT host in your VPC. A VPC is truly private, and it operates in the same manner a well-maintained corporate network does: only allowing traffic that you explicitly allow.
It's worth noting: managed services like RDS, Elasticache, Redshift, etc, can indeed run within your VPC.