Creating a Custom VPC while building a project in AWS
However, I had trouble connecting to the external Internet while building the ElasticBeanstalk environment in VPC.
Organized the VPC settings to be checked in relation to it
(The cases below assume that EC2 is in a public subnet without Load Balancer)
The configuration below refers to the setting in which all cases communicate only through Internet <-> Public Subnet <-> Private Subnet.
0.0.0.0/0
is registered as an internet gateway0.0.0.0/0
(source) Allow
When creating a VPC, even if it is created as a public subnet, the settings below are not set as default values.
As a result, when a new EC2 instance is created in ElasticBeanstalk, public IP allocation does not occur, causing EC2 to fail to communicate with ElasticBeanstalk.The EC2 instances failed to communicate with AWS Elastic Beanstalk, either because of configuration problems with the VPC or a failed EC2 instance. Check your VPC configuration and try launching the environment again.
This issue takes the most time
If you check Auto-assigned IP setting below, Public IP (Elastic IP) is normally assigned to the instance when EC2 instance is created in ElasticBeanstalk.
Private Subnet communicates only with Public Subnet without connecting to the external Internet.
If NAT is set, private subnet resources can be accessed from the outside if necessary, but this is not set. (NAT is very expensive)If you create a load balancer in a public subnet and EC2 in a private subnet, EC2 can access AWS services by using the endpoint function of the VPC. See here
Maintenance Tricks
- If you connect a specific IP to the Internet gateway when setting up the routing table and set a public IP on an instance such as EC2, you can access resources in the private subnet only with the specific IP.
0.0.0.0/0
(source) Allow
Configure them appropriately according to the AWS resources you use. I configured a Security Group for EC2 and RDS only.
Inbound rules are configured differently depending on the ports used by AWS resources, and all outbound rules are the same, allowing all TCP traffic0.0.0.0/0
.
ec2-sg
inbound (webserver only)
0.0.0.0/0
0.0.0.0/0
rds-sg
inbound (database only)
ec2-sg
3306 PORT (for MySQL/MariaDB)Maintenance Tricks
- As in the routing table, you can set to allow all traffic with a subnetmask of 32 only from a specific IP.