After running out of ideas I hope I can find the solution here.
Basically, I have an EC2 bastion, an EC2 "private" instance that runs my application and a Load Balancer.
I can ssh both the bastion and private ec2 instance, but only the bastion has internet access to external websites.
If it matters, the bastion public IP was assigned using Elastic IP addresses.
These are the Security Groups configurations I have:
Bastion SG:
Inbound :
- HTTP port 80 from internal network
- HTTPS port 443 from internal network
- SSH port 22 from my own IP
Outbound :
- All traffic
Load Balancer SG:
Inbound :
- HTTPS port 443 from any IP (0.0.0.0/0)
Outbound:
- All traffic through Private EC2 instance SG
Private EC2 instance SG:
Inbound:
- TCP 8080 from my Load balancer SG,
- SSH port 22 from my Bastion SG
Outbound :
- All traffic through Bastion SG
I've also created an Internet Gateway and attach it to this VPC. And this VPC is being applicable to both Bastion and Private EC2 instances.
Any idea guys? Thanks in advance