On Thu, May 24, 2012 at 1:52 PM, Kenneth <kenneth.burge
...@gmail.com> wrote:
> Hi all. I am working on moving all of my EC2 instances into a VPC,
> but I am running some general outbound Internet access issues, and was
> wondering if anyone else has figured it out...
> 1) If I create an Instance in a "public" subnet, it can only access
> the Internet if it has an Elastic IP address associated with it. Is
> there any way to allow a "public" subnet to access outbound Internet
> like a non VPC Instance can, without Elastic IP addresses?
> I need outbound internet access to run system updates such as yum, and
> communicate with required external 3rd party services.
> I tried playing around with a "private" subnet which uses a NAT router
> instance, which works for most of our backend/internal servers, but
> then you run into two problems: a) routing doesn't seem to work for
> Elastic IP assigned addresses in the NATed subnet and b) the load
> balancer doesn't appear to work with NATed subnets (which is a problem
> for #2).
> Elastic IP addresses would seem to help with the "public" subnet, but
> with a limit of 5, after you add a NAT, Load Balancer and soon to be
> OpenVPN instance my limit is nearly exhausted, which leaves nothing
> left for the actual web instances.
> 2) Which leads to the primary issue - Load Balancer. If I point the
> load balancer to instances in the "public" subnet, they work fine, as
> far as load balancer routing and web access, but these instances are
> unable to communicate with the external 3rd party online services.
> (and I do not have sufficient remaining Elastic IP addresses to cover
> these instances for "public" internet access).
> If I point the load balancers to instances in the "private" subnet,
> where the instances can communicate with the external 3rd party
> services fine, it breaks the load balancer's routing back to my client
> browser.
> I just can't seem to find a combination that will work for this setup.
> Thoughts? Suggestions?
