Whether you're taking your first steps with Kubernetes or you're an experienced practitioner looking to sharpen your skills, our Amazon EKS workshop series delivers practical, real-world experience that moves you forward. Learn directly from AWS solutions architects and EKS specialists through hands-on sessions designed to build your confidence with Kubernetes. Register now and start building with Amazon EKS!
How do I troubleshoot SSH or RDP connectivity to my EC2 instances that I launched in a Wavelength Zone?
I launched an Amazon Elastic Compute Cloud (Amazon EC2) instance in an AWS Wavelength Zone. I can’t connect to my Amazon EC2 instance with SSH or with Windows Remote Desktop Protocol (RDP). However, I can still ping my instance.
Resolution
Connect to an instance with a public IP address
There are restrictions when you use a public IP address from your 5G service provider to connect to an EC2 instance that you launched in a Wavelength Zone.
In a Wavelength Zone, you must adhere to the following controls for internet flows:
- The carrier gateway allows TCP traffic in only one direction, from the instance to the internet.
- The carrier gateway blocks inbound and outbound UDP traffic.
- The carrier gateway allows inbound and outbound ICMP traffic.
Important: You can't remove the preceding controls. You can ping an instance in a Wavelength Zone, even if you can't connect to it with SSH or RDP from the internet.
To connect to your instance in a Wavelength Zone with a public IP address, make sure that you have the following configurations:
- Your security group and network access control lists (network ACLs) allow your user's IP addresses, and TCP port 3389 for RDP or TCP port 22 for SSH.
- The SSH or RDP client is located in the carrier network.
Connect to an instance from the internet
To connect to your instance in a Wavelength Zone from the internet, you must use a private IP address instead of a public IP address. Complete the following resolution steps to configure access.
Launch a bastion host
First, launch an instance as a bastion host in the same virtual private cloud (VPC) and AWS Region as the Wavelength Zone. Make sure that the bastion host has public access.
Then, use SSH, RDP, or Session Manager, a capability of AWS Systems Manager, to connect to the bastion host.
(Linux instances only) Use SSH to connect to your instance
If your instance doesn't have a private key, then run the following command to use SSH to connect to the Wavelength Zone instance:
ssh username@instance_private_ip
Note: Replace username with your username and instance_private_ip with the instance's private IP address.
If you use a key pair to connect to your instance, then complete the following steps to copy the private key to the bastion host:
- To copy your private key to the bastion host, run the following command:
Note: Replace /identity_file_path with the path to your identity file, /private_key_file_path with the path to your private key file, bastion_public_ip with the bastion host's public IP address, and remote_instance_path with the path to store the private key.scp -i /identity_file_path /private_key_file_path user@bastion_public_ip:/remote_instance_path/ - To configure permissions for the private key, run the following command:
Note: Replace private_key_file.pem with your private key file name.chmod 600 private_key_file.pem - To connect to the Wavelength Zone instance with SSH, run the following command:
Note: Replace /private_key_file_path with the path to your private key file, private_key_file.pem with your private key file name, username with your username, and instance_private_ip with the instance's private IP address.ssh -i /private_key_file_path/private-key.pem username@instance_private_ip
(Windows instances only) Use RDP to connect to your instance
Use RDP to connect to your instance, and then use the Wavelength Zone instance's private IP address to connect to it.
Related information
- Topics
- Compute
- Language
- English
Relevant content
- asked 3 years ago
