NAT for VPC will not allow internet access

amazon-cloudformationamazon-web-servicesnat;

I'm trying to hook up my private subnet postgres cluster to have internet access without being publicly accessible. My setup is as follows:

I have a VPC 10.1.0.0/16 with 4 subnets:

Postgres Subnet 10.1.2.0/24 with security group allow all ports dest.
I have then attached NAT Gateway to my subnet and I allocated and associated an EIP to that NAT.

Then I created a route table that associates with my subnet that is:

10.1.0.0/16 local
0.0.0.0/0 My-NAT

I've checked that status of my NAT Gateway and EIP and everything is active and public.

After tunneling and connecting to my private ec2 postgres instance, I cannot ping my NAT Gateway -> Private IP Address 10.1.2.124/24 where my postgres server is 10.1.2.11/24.

I am at my wits end. If you need the cloudformation file to help debug, let me know and I will provide that.

Thanks!

Best Answer

Do you have an internet gateway attached to your VPC? Also, put the NAT gateway in a separate subnet.

This is the usual setup:

a public subnet with the NAT gateway. The public subnet routing table should redirect 0.0.0.0/0 to the internet gateway. Make sure your NAT gateway has an EIP.
a private subnet for your postgres instance. Make sure the private subnet routs 0.0.0.0/0 to the NAT gateway.

Best Answer

Related Solutions

Nat – Amazon VPC NAT not working

Nat – Advice regarding resilient internet access from within an Amazon VPC

Related Topic