amazon-web-servicesamazon-vpcvpc

<AWS VPC> Unable to ping private subnet instance from a public subnet instance


May I seek for assistance about a lab exercise on AWS VPC that I was going through? Thanks.

I created a new VPC, a public and private subnet respectively, and then launched 2 EC2 instances into each of the subnet respectively. I also setup the security groups required for pinging (ICMP) access on the private subnet security group. However, I could not ping the instance in the private subnet from the instance in the public subnet.

Below are the setup:

VPC: (CIDR block 10.0.0.0/16)

enter image description here

Public subnet: (CIDR block 10.0.1.0/24)

enter image description here

Private subnet: (CIDR block 10.0.2.0/24)

enter image description here

Route table for public subnet:

enter image description here

Route table for private subnet:

enter image description here

Security group for public facing instance:

enter image description here

Security group for private facing instance: (All ICMP - IPv4 allowed from private subnet CIDR block)

enter image description here

Public facing EC2 instance launched in public subnet:

enter image description here

Private facing EC2 instance launched in private subnet:

enter image description here

SSH-ed into public instance, but then cannot ping private instance from there:

enter image description here

Additionally, tried to SSH into the private instance from the public instance (private key already added to public instance), also failed:

enter image description here

Thank you very for your help in advance.


Solution

  • Finally found the problem, the security group for the public facing instance is missing an outbound rule. When this is added back, the ping is successful.

    enter image description here

    enter image description here