AWS EC2 Internet access without dedicated public IP

Question

I created AWS infrastructure with Terraform. The EC2 instances cannot access the Internet unless they or their subnets have a public IP address assigned directly to them. The public subnet is associated with a route table which has a route to the IGW for 0.0.0.0/0 The private subnet is associated with a different route table which has a route to the NAT Gateway for 0.0.0.0/0

I am using user data to install nginx on the EC2 instances, it fails because the instances do not have Internet access. The infrastructure also has a load balancer to route traffic on port 80 to the instances on the public subnet.

If I add map_public_ip_on_launch = true to the public subnets then they get Internet access. Isn't the purpose of the IGW and NAT GW to provide Internet access without having to assign public IPs? The NAT GW has a public IP of course. NACL and SG allow all outbound traffic.

Answer 1

An instance can obtain access to the Internet:

• If the instance is in a public subnet, it must be assigned a Public IP address
• If the instance is in a private subnet and the VPC has a NAT Gateway configured in the public subnet (and a corresponding Route Table on the private subnet), then it will be able to access the Internet automatically via the NAT Gateway

Based on the fact that you say it works when assigning a Public IP address, it would appear that you are launching the instances in a public subnet.