EC2 instance cannot access Internet

Question

I have created a new EC2 instance using terraform for installing vertica, but not able to access Internet or ping google.com within the instance.

I have set up an ec2 instance with a private subnet and have set up nat gateway with a public subnet.

The main route table allows 0.0.0.0/0 as destination and target as the nat gateway.The other route table has the subnet association as the private subnet 10.103.2.0/24. The internet gateway is also attached to the vpc.

My security group for the ec2 instance allows traffic for Redshift and ssh for the following destinations: 10.83.0.0/16,10.100.0.0/16 and outbound all traffic: 10.83.0.0/16,10.100.0.0/16

My Questions:

1. Should any route table have internet gateway as the target?
2. Should the security group also allow icmp?
3. Please brief me how I should troubleshoot and what I should check?

Answer 1

This statement

The ec2 instance has private subnet

contradicts this statement

I have the internet gateway set up for the route table too

If you have a subnet that has has a route to the internet gateway, you have a public subnet. Your instance will have internet access if all of this requirements are fulfilled:

1. The EC2 instance has a public IP address.
2. Network ACL allows inbound and outbound traffic on required ports. Network ACL is like a stateless firewall. It's not enough to allow only outgoing connections.
3. Your security group should allow outgoing traffic on required ports.

If your instance doesn't have a public IP address, you will need to deploy NAT gateway.

Answer 2

Most likely you haven't defined any internet gateways for your VPC

Answer 3

Based on your responses to the other answers, disabling source/destination check should resolve your issue.

https://docs.aws.amazon.com/vpc/latest/userguide/VPC_NAT_Instance.html#EIP_Disable_SrcDestCheck