My architecture:
EC2 in private subnet (10.0.0.0/24) --> NAT gateway in public subnet (10.0.0.8/24)
When i use the following routes in the private subnet, the connection from EC2 to the internet does not work.
10.0.0.0/24 nat-08a0fd199f0599e7c Active No
10.0.0.0/16 local Active No
If i change the the route table in the private subnet to this, it works:
0.0.0.0/0 nat-08a0fd199f0599e7c Active No
10.0.0.0/16 local Active No
But why is this? Both seem equivalent to me. My private subnet us really 10.0.0.0/24 and the ip i am testing it from is 10.0.0.62
and the reachibility analyzer says:
rtb-0470933497a2054a2 (demo-private-routetable)
NO_ROUTE_TO_DESTINATION:
Route table rtb-0470933497a2054a2 does not have an applicable route to igw-01f02d81bd80fc493. See rtb-0470933497a2054a2.
This rule is not right 10.0.0.0/24 nat-08a0fd199f0599e7c. You need to route all traffic but the local one (10.0.0.0/16 in this case) through the NAT GW and for that you need to use the 0.0.0.0/0 CIDR range, that basically captures "all" traffic. For the local traffic the 10.0.0.0/16 is used as it has a longer prefix, therefore has a greater routing preference.
So, this is the correct configuration:
0.0.0.0/0 nat-08a0fd199f0599e7c #Traffic outside the VPC (Internet)
10.0.0.0/16 local #Internal VPC traffic (handled by the VPC router)