I've taken the following steps:
- Created a VPC (with a single public subnet)
- Added an EC2 instance to the VPC
- Allocated an elastic IP
- Associated the elastic IP with the instance
- Created a security group and assigned it to the instance
- Modified the security rules to allow inbound ICMP echo and TCP on port 22
I've done all this and I still can't ping or ssh into the instance. If I follow the same steps minus the VPC bits I am able to set this up without issue. What step am I missing?
Best Answer
To communicate outside of the VPC, each non-default subnet needs a routing table and an internet gateway associated to it (the default subnets get an external gateway and a routing table by default).
Depending on the way you have created public subnet in the VPC, you might need to explicitly add them additionally. Your VPC setup sounds like it matches Scenario 1 - a private cloud (VPC) with a single public subnet, and an Internet gateway to enable communication over the Internet from the AWS VPC documentation.
You will need to add an internet gateway to your VPC and inside the Public subnet's routing table assign
0.0.0.0/0(default route) to go to the assigned internet gateway. There is a nice illustration of the exact network topology inside the documentation.Also, for more information, you can check the VPC Internet Gateway AWS documentation. Unfortunately it's a little messy and a non-obvious gotcha.
For more details about connection issues, see also: Troubleshooting Connecting to Your Instance.