1

I have 3 instances, one in a VPC private subnet, one NAT instance, and another outside the VPC, which acts as the web server. The instance in the private subnet acts as an app server and the development team has their code running on that. Everything is running fine till now, in that, I edited the IP tables in the NAT instance to allow the SSH connectivity to the VPC instance and all that. Now the dev team wants to access the app in the VPC instance through the EIP of the Web server on port 8080. I am not able to achieve this. When I edit the IP tables similar to the way mentioned above, it terminates the previous rule, thereby not allowing to connect to the VPC instance via PuTTY. Also editing the IP tables did not work, as in the URL didn't work from the browser.

The security groups are as follows:

  1. Web Server: Inbound - 80, 8080, 22 Outbound - All traffic
  2. NAT instance Inbound - 80, 8080, 10234 (For SSH), 22 Outbound - All traffic
  3. App Server (IN VPC) Inbound - 80, 8080, 22 Outbound - All Traffic

How do i make the EIP of the web server into a URL such that the application on the VPC instance can be accessed on 8080?

Shashank Rao
  • 11
  • 1

1 Answers1

0

The easiest way to allow access direct to the private subnet from the outside world on 80/8080 would be create a ELB and attach the private subnet instances to it. Then create your port-limiting security groups to the ELB. Depending on how your outbound traffic is directed, the routing table question and setup could be an entirely different conversation.

CloudWalker
  • 111
  • 6