Hi all. I am working on moving all of my EC2 instances into a VPC,
but I am running some general outbound Internet access issues, and was
wondering if anyone else has figured it out...
1) If I create an Instance in a "public" subnet, it can only access
the Internet if it has an Elastic IP address associated with it. Is
there any way to allow a "public" subnet to access outbound Internet
like a non VPC Instance can, without Elastic IP addresses?
I need outbound internet access to run system updates such as yum, and
communicate with required external 3rd party services.
I tried playing around with a "private" subnet which uses a NAT router
instance, which works for most of our backend/internal servers, but
then you run into two problems: a) routing doesn't seem to work for
Elastic IP assigned addresses in the NATed subnet and b) the load
balancer doesn't appear to work with NATed subnets (which is a problem
Elastic IP addresses would seem to help with the "public" subnet, but
with a limit of 5, after you add a NAT, Load Balancer and soon to be
OpenVPN instance my limit is nearly exhausted, which leaves nothing
left for the actual web instances.
2) Which leads to the primary issue - Load Balancer. If I point the
load balancer to instances in the "public" subnet, they work fine, as
far as load balancer routing and web access, but these instances are
unable to communicate with the external 3rd party online services.
(and I do not have sufficient remaining Elastic IP addresses to cover
these instances for "public" internet access).
If I point the load balancers to instances in the "private" subnet,
where the instances can communicate with the external 3rd party
services fine, it breaks the load balancer's routing back to my client
I just can't seem to find a combination that will work for this setup.