Search code examples
amazon-web-servicesamazon-vpc

EC2 instance cannot use yum inside private subnet

My AWS architecture looks like this:

enter image description here

I can connect to instance inside private subnet from the instance inside public subnet. I want to install some packages on my instance inside private subnet however I cannot because yum needs connection to the internet. So I changed the private subnet route tables to the same as public subnet just for the moment to have a possibiltiy to download needed packages. However, I still got the error like this:

Loaded plugins: extras_suggestions, langpacks, priorities, update-motd
Could not retrieve mirrorlist https://amazonlinux-2-repos-eu-central-1.s3.dualstack.eu-central-1.amazonaws.com/2/core/latest/x86_64/mirror.list error was
12: Timeout on https://amazonlinux-2-repos-eu-central-1.s3.dualstack.eu-central-1.amazonaws.com/2/core/latest/x86_64/mirror.list: (28, "Failed to connect to amazonlinux-2-repos-eu-central-1.s3.dualstack.eu-central-1.amazonaws.com port 443 after 2701 ms: Couldn't connect to server")


 One of the configured repositories failed (Unknown),
 and yum doesn't have enough cached data to continue. At this point the only
 safe thing yum can do is fail. There are a few ways to work "fix" this:

     1. Contact the upstream for the repository and get them to fix the problem.

     2. Reconfigure the baseurl/etc. for the repository, to point to a working
        upstream. This is most often useful if you are using a newer
        distribution release than is supported by the repository (and the
        packages for the previous distribution release still work).

     3. Run the command with the repository temporarily disabled
            yum --disablerepo=<repoid> ...

     4. Disable the repository permanently, so yum won't use it by default. Yum
        will then just ignore the repository until you permanently enable it
        again or use --enablerepo for temporary usage:

            yum-config-manager --disable <repoid>
        or
            subscription-manager repos --disable=<repoid>

     5. Configure the failing repository to be skipped, if it is unavailable.
        Note that yum will try to contact the repo. when it runs most commands,
        so will have to try and fail each time (and thus. yum will be be much
        slower). If it is a very temporary problem though, this is often a nice
        compromise:

            yum-config-manager --save --setopt=<repoid>.skip_if_unavailable=true

Cannot find a valid baseurl for repo: amzn2-core/2/x86_64

I guess that's the problem with the internet connection because when I try to use ping google.com, it losses every package.

Outbound rules of the instance inside private subnet

enter image description here

Solution

  • To be able to access the Internet, an instance must be either:

    • In a Public Subnet with a Public IP address, or
    • In a Private Subnet, with a Route Table entry pointing to a NAT Gateway in a Public Subnet

    When you changed the subnet from Private to Public, your instance still did not have a Public IP address. You can create an Elastic IP address and associated it with the EC2 instance, which would then give it a Public IP address and it would be connected to the Internet.

    If you do not wish to change the subnet from Private to Public, then you would need a NAT Gateway (extra charge apply).