如何設定AWS VPC讓外界連線到EC2

整理一下供日後參考

這篇文章裡面的「 Enable internet access 」章節提到提到讓外界連到 EC2 :

  • Create an internet gateway and attach it to your VPC.
  • Add a route to your subnet’s route table that directs internet-bound traffic to the internet gateway.
  • Ensure that instances in your subnet have a globally unique IP address (public IPv4 address, Elastic IP address, or IPv6 address).
  • Ensure that your network access control lists and security group rules allow the relevant traffic to flow to and from your instance.

其中第二點就是在 Route table 增加一條 destination 0.0.0.0/0 到 target igw 的 rule,並確定該 route table 有跟 subnet 有關聯(說明:即使沒有手動關聯 subnet,subnet 也會自動與 Main route table 關聯)

Each subnet in your VPC must be associated with a route table. A subnet can be explicitly associated with custom route table, or implicitly or explicitly associated with the main route table.

https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html#route-table-assocation


也可以看這位大大的解說,比較容易理解:

另外上面的影片,那位仁兄也有提到 NACLs 跟 Security group 的差別,這些內容在這篇文章也看的到

Add a Comment

發佈留言必須填寫的電子郵件地址不會公開。 必填欄位標示為 *