3

I created an AWS EC2 instance where my EC2 instance is in the correct VPC and subnet.

Below are some evidences (Sec Group, Inbound, outbound, NACL, Route tables respectively)

N.B. NACLs have everything open for now. But I do accept that it needs to be cleaned up to have more aggressive control.

enter image description here

enter image description here

enter image description here

enter image description here

enter image description here

Question - What is it that I am doing wrong? Also, these are what AWS docs suggest too, so what's missing? Thanks for the answers in advance.

John Rotenstein
  • 241,921
  • 22
  • 380
  • 470
ha9u63a7
  • 6,233
  • 16
  • 73
  • 108
  • 1
    To confirm, you're trying to connect to a public IPv4 address for HTTP (80) or HTTPS (443) in a subnet where the 0.0.0.0/0 route is using an internet gateway as the target. And this server is running a web server to serve this traffic? – Chris Williams Nov 08 '20 at 18:18
  • 4
    You have a routing rule of `0.0.0.0/16` it should be `0.0.0.0/0` FYI – Chris Williams Nov 08 '20 at 18:19

1 Answers1

3

The issue is that the route in route table was for CIDR range 0.0.0.0/16 which actually resolves to any outbound routes between 0.0.0.0 and 0.0.255.255.

The correct route is 0.0.0.0/0 which covers all IPv4 addresses, the route table can then route all outbound traffic to this route assuming there is not any more specific routes.

For future reference a great tool to use is cidr.xyz.

Chris Williams
  • 32,215
  • 4
  • 30
  • 68