Question

I'm a bit lost on that one - I've followed AWS documentation and it seems that there is nothing more I can find. The situation summary is that I have an EC2 instance within a VPC and it can't reach the Internet despite following Amazon AWS instructions in setting up a NAT for the VPC

1. I have a VPC with one subnet (CIDR 10.0.0.0/24) and one EC2 instance in (it has private IP address within VPC only, 10.0.0.168)

2. I have created an Internet Gateway and attached it to the said VPC.

3. I have created a Network ACL with All Traffic Allow for 0.0.0.0/0 for both Inbound and Outbound traffic and attached the ACL to the VPC's only subnet.

Answer 1

You'll need two subnets. One is public, and the other is private.

Subnet that is open to the public

Public IP addresses can be enabled on a public network. It must have a NAT gateway as well as a route table:

Target Subnet 10.0.0.0/24
 local 0.0.0.0/0 internet-gateway private subnet

The private subnet should be used for your private instance. A route table should be present on the subnet:

10.0.0.0/24 is the local destination target.
0.0.0.0/0 nat-gateway-id \sNACL

It is preferable to leave the default NACLs alone. It's quite easy to make a mistake with these. Only security groups should be used to control access to and from your instance.