When deploying resources in a public subnet within an AWS Virtual Private Cloud (VPC), you need to configure several components to allow them to communicate with the internet. Below are the essential steps:
1. Attach an Internet Gateway (IGW)
An Internet Gateway (IGW) enables communication between instances in your VPC and the internet. To set up an IGW:
- Navigate to the VPC Dashboard in the AWS Console.
- Select Internet Gateways and create a new IGW if none exists.
- Attach the IGW to your VPC.
2. Update the Route Table
For your public subnet to send traffic to the internet, you must modify the associated Route Table:
- Go to Route Tables in the AWS Console.
- Select the route table linked to your public subnet.
- Add a new route where:
- Destination:
0.0.0.0/0 - Target: Your Internet Gateway (IGW)
- Destination:
3. Allocate and Associate an Elastic IP (EIP)
If you require a persistent public IP address for your instance, you should:
- Allocate an Elastic IP Address (EIP) from the Elastic IPs section.
- Associate it with your instance to maintain a stable public IP.
4. Configure Security Groups
Ensure that your Security Groups allow the necessary inbound and outbound traffic:
- Allow inbound traffic on required ports (e.g.,
80for HTTP,443for HTTPS,22for SSH). - Ensure outbound traffic is unrestricted or selectively allowed based on your needs.
5. Verify Network ACLs
Network ACLs act as a firewall controlling traffic in and out of your subnet. Ensure:
- The inbound rules allow expected traffic (e.g., HTTP, HTTPS, SSH).
- The outbound rules permit responses to requests sent from your resources.
By following these steps, you ensure that resources in your public subnet can communicate with the internet securely and efficiently.
For more details, refer to the AWS documentation: