I am getting a Error: connect ETIMEDOUT when I try to make an axios post request from a private subnet to a public subnet.
My setup in AWS is that I have one VPC with
- private subnet with EC2 instance: (A node.js express app)
- public subnet with EC2 instance: (B laravel api)
- Both use the same security group but I have port 443 and port 80 entries which I can provide if needed
- Each subnet has its own route table which I can supply if needed
My laravel app receives requests from the internet and needs to stay that way and that uses the public ip so the api uses the public ip as its host. I need to also make a request from (A) but I don't want to go over the internet to do that and instead utilize the private ip of (B).
I am currently able to successfully make guzzel requests from (B) to (A) to execute Node jobs and now I just need to send updates back to the Laravel api but that is where I get the error.
Error: connect ETIMEDOUT (B public IP):443
at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1159:16) {
errno: -110,
code: 'ETIMEDOUT',
syscall: 'connect',
address: '(B public IP)',
port: 443,
config: {
url: 'http://(B private IP)/update-progress',
method: 'post',
data: '{"progress":0,"status":"analyzing"}',
headers: {
Accept: 'application/json, text/plain, */*',
'User-Agent': 'axios/0.19.2'
},
Its possible my security group or route tables are incorrect but I am also wondering if I able to do this without using a NAT gateway.
Any help is appreciated, thank you.
Ive tried adding sources for my security group that contain the subnet ips of (A & B), security group id of (A & B) and the ip addresses of (A & B) for ports 80 and 443 I AM able to ping (A) -> (B) and (B) -> (A) due to having ALL ICMP in my security group
ROUTING TABLE (A)
0.0.0.0/0 igw-#### Active No
10.0.0.0/16 local Active No
(A subnet ip)/24 eni-(B network interface) Active No
ROUTING TABLE (B)
0.0.0.0/0 igw-#### Active No
10.0.0.0/16 local Active No
(B subnet ip)/24 eni-(A network interface) Active No