Can't connect from bastion host to private instance

Question

I have a bastion host that I'm trying to use to SSH to a private instance. The instances are in different AZs (with different subnets). The VPC has a CIDR of 10.0.0.0/16. The bastion host subnet has the following route table

10.0.0.0/16 local
0.0.0.0/0   <redacted internet gateway>

The private instance route table is

10.0.0.0/16 local

The ACLs for both subnets are wide open

100 All traffic All All 0.0.0.0/0    Allow
*   All traffic All All 0.0.0.0/0    Deny

I've also fully opened the security groups for the private instance

sgr-03f51a67e52c85016   IPv4    All TCP TCP 0 - 65535   0.0.0.0/0

I can SSH to the bastion hsot, however any sort of connection attempt to the private instance fails with a timeout, including ping and ssh. Am I missing something here? I feel like everything is as open as possible.

score 1 · Answer 1 · answered Aug 02 '22 at 15:43

1

Dumb moment...I had no outbound rules set for the bastion security group. Opened the needed ports for outbound traffic and it's working appropriately.

answered Aug 02 '22 at 15:43

jordaniac89

111
1

Can't connect from bastion host to private instance

1 Answers1