非公共IP实例的AWS公共子网Internet访问
[英]AWS Public Subnet Internet Access for Non Public IP Instances
问题描述
I have a public subnet in AWS and I have 3 instances in it ... 
我在AWS中有一个公共子网,其中有3个实例...
- WebApp01 (Elastic IP - 54.23.61.239 for example) WebApp01(例如,弹性IP-54.23.61.239)
- WebApp02 (Private IP - 192.168.0.24) WebApp02(私有IP-192.168.0.24)
- WebApp03 (Private IP - 192.168.0.25) WebApp03(私有IP-192.168.0.25)
And my route table is setup as 192.168.0.0/16 -> local 0.0.0.0/0 -> Internet Gateway 我的路由表设置为192.168.0.0/16->本地0.0.0.0/0-> Internet网关
I can see that the instance that has the public IP has internet access but the instances that don't have public IP are not able to access the internet. 我可以看到具有公共IP的实例可以访问Internet,但是没有公共IP的实例不能访问Internet。
How can I give internet access to the other instances inside the Public Subnet ? 如何为公共子网内的其他实例提供Internet访问权限?
I'm a newbie in networking and any help will be appreciated. 我是网络方面的新手,我们将不胜感激。
Just FYI : I know that creating a NAT, and then creating a separate route table with 0.0.0.0 -> NAT and associating that route with the Private Subnet gives internet access to the instances in the private subnet, but I cant figure out how to give internet access to the non public IP instances in the public subnet. 仅供参考:我知道创建一个NAT,然后使用0.0.0.0-> NAT创建一个单独的路由表,并将该路由与私有子网相关联,可以通过Internet访问私有子网中的实例,但是我不知道如何提供对公共子网中非公共IP实例的Internet访问。 Please help ! 请帮忙 !
1 个解决方案
解决方案1
4 已采纳 2018-07-21 02:51:47
You will need to assign public IP addresses to your instances that do not have one or add an EIP in order for them to access the Internet. 您将需要为没有实例的公共IP地址分配一个实例,或添加一个EIP实例,以便它们访问Internet。
An AWS Internet Gateway is a special type of NAT Gateway (1 - 1 address mapping). AWS Internet Gateway是一种特殊类型的NAT网关(1-1地址映射)。 Without a public IP address there is nothing for the Internet Gateway to map to the EC2 instance - one public IP maps to one private IP inside the Internet Gateway. 没有公共IP地址,Internet网关就无法映射到EC2实例-一个公共IP映射到Internet网关内部的一个私有IP。
Although you add a NAT Gateway to a public subnet with an Internet Gateway, the NAT Gateway does provide address translation (NAT) to instances in the public subnet - only to instances in the private subnets. 尽管使用Internet网关将NAT网关添加到公共子网,但是NAT网关的确为公共子网中的实例提供地址转换(NAT)-仅向私有子网中的实例提供地址转换(NAT)。 The default route in each private subnet points to the NAT Gateway. 每个专用子网中的默认路由都指向NAT网关。
If you want these instances to be protected by only having private IP addresses then you will need to move the instances to a private subnet (one with a NAT Gateway). 如果要仅通过使用专用IP地址来保护这些实例,则需要将这些实例移到专用子网(一个带有NAT网关的子网)中。
An instance in a public subnet without a public IP address is orphaned from the Internet. 公共子网中没有公共IP地址的实例将从Internet隔离。 The instance can talk to other instances in the VPC (the Intranet) but cannot talk to the Internet. 该实例可以与VPC(Intranet)中的其他实例进行通信,但不能与Internet进行通信。
There is a lot of confusion on what are AWS VPC subnets. 关于什么是AWS VPC子网存在很多困惑。 There are three types. 有三种类型。 1) Public subnet (one that has an IGW). 1)公共子网(具有IGW的子网)。 2) Private subnet (one that has a NAT Gateway or NAT instance, or neither). 2)专用子网(一个具有NAT网关或NAT实例,或者都不具有)。 3) Hybrid (one that has a VGW routing to a data center or similar). 3)混合(具有VGW路由到数据中心或类似中心的混合)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.