How to connect to outside world from amazon vpc?

Question

I have Amazon VPC set through the wizard as "public only network", so all my instances are in public subnet.

Instances within VPC that have Elastic IP assigned connect to the internet without any troubles.

But instances without elastic IP can't connect anywhere.

The Internet gateway is present. Route table in aws console looks like

Destination      Target 

10.0.0.0/16      local

0.0.0.0/0          igw-nnnnn

and route from inside instance shows

Kernel IP routing table

Destination     Gateway    Genmask        Flags Metric Ref Use Iface

10.0.0.0        *          255.255.255.0  U     0      0     0 eth0

default         10.0.0.1   0.0.0.0        UG    100    0     0 eth0

I tried to open ALL inbound and outbound traffic to 0.0.0.0/0 in a security group that an instance belongs to. Still no success.

~$ ping google.com

PING google.com (74.125.224.36) 56(84) bytes of data.

^C

--- google.com ping statistics ---

6 packets transmitted, 0 received, 100% packet loss, time 5017ms

What else can I do?

Answer 1

It seems that the only way to get outside from instances that do not have Elastic IP is:

• add a NAT (Launch an additional m1.small instance from ami-vpc-nat-beta) and assign EIP to that
• Create an extra subnet which will be "private"
• Move non-EIP-instances to that private subnet
• Modify route tables: 0.0.0.0/0 from the private subnet ought to go to NAT

So, just adding NAT is not enough. Instances should be stopped and moved to a different IP from another subnet.