整理一下供日後參考
在這篇文章裡面的「 Enable internet access 」章節提到提到讓外界連到 EC2 :
- Create an internet gateway and attach it to your VPC.
- Add a route to your subnet’s route table that directs internet-bound traffic to the internet gateway.
- Ensure that instances in your subnet have a globally unique IP address (public IPv4 address, Elastic IP address, or IPv6 address).
- Ensure that your network access control lists and security group rules allow the relevant traffic to flow to and from your instance.
其中第二點就是在 Route table 增加一條 destination 0.0.0.0/0 到 target igw 的 rule,並確定該 route table 有跟 subnet 有關聯(說明:即使沒有手動關聯 subnet,subnet 也會自動與 Main route table 關聯)
Each subnet in your VPC must be associated with a route table. A subnet can be explicitly associated with custom route table, or implicitly or explicitly associated with the main route table.
https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html#route-table-assocation
也可以看這位大大的解說,比較容易理解:
另外上面的影片,那位仁兄也有提到 NACLs 跟 Security group 的差別,這些內容在這篇文章也看的到
搶先發佈留言