Dieser Inhalt ist in der ausgewählten Sprache nicht verfügbar

Wir arbeiten ständig daran, Inhalte in der ausgewählten Sprache bereitzustellen. Vielen Dank für deine Geduld.

Why can't my Amazon EC2 instance connect to the internet using an internet gateway?

Lesedauer: 3 Minute

My Amazon Elastic Compute Cloud (Amazon EC2) instance in a public subnet has a public IP address or an internet gateway, but can’t access the internet.

Short description

To troubleshoot why your Amazon EC2 can't access the internet, do the following:

Verify that the EC2 instance meets all prerequisites.
Verify that the instance has a public IP address.
Verify that a firewall isn't blocking the access.

Resolution

Verify that the instance meets all prerequisites

The instance must meet the following conditions:

The route table that's associated with your instance’s subnet has a default route to an internet gateway (0.0.0.0/0).
The internet gateway that's associated with the route isn't deleted.
The security group that's attached to the instance’s elastic network interface has rules allowing outbound internet traffic (0.0.0.0/0) for your ports and protocols.
The network access control list (network ACL) that is associated with the instance's subnet has rules allowing both outbound and inbound traffic to the internet.

Verify that the instance has a public IP address

If the instance in a public subnet doesn't have a public IP address, then the instance isn't accessible outside the virtual private cloud (VPC) where it resides in. This is true even if the instance has an internet gateway.

To allow the instance connectivity to the internet, allocate an Elastic IP address, and then associate this Elastic IP address with the instance.

Verify that a firewall isn't blocking access

If the instance meets the preceding conditions and internet connectivity issues persist, then you might have a local firewall running in the operating system. It's a best practice to use security groups instead of having a local firewall in the operating system. Be sure that disabling the local firewall doesn't impact your workload.

# For Uncomplicated Firewall
sudo ufw disable

# For firewalld
sudo systemctl disable firewalld --now

If you must use a firewall, then the internet connectivity issues are usually related to the OUTPUT chain. You can allow outgoing traffic by running the following commands:

sudo iptables -P OUTPUT ACCEPT
sudo iptables -I OUTPUT 1 -j ACCEPT

Windows Server:

For Windows Server default firewalls, run the following command:

netsh advfirewall firewall show rule name=all

If the preceding command indicates blocked traffic, then remove the old rule or add a new rule allowing traffic for that specific port. For more information, see the Microsoft documentation for Understanding Windows firewall with advanced security rules.