How do I troubleshoot website connectivity issues on my EC2 Windows instance?

4 minute read

I want to troubleshoot issues that I’m having when I connect to the website that's hosted on my Amazon Elastic Compute Cloud (Amazon EC2) Windows instance.

Short description

When a website that runs on your Amazon EC2 instance becomes unavailable or unreachable, check the following configurations:

  • The instance is running and passes status checks.
  • The instance boots correctly.
  • The CPU, disk, or memory isn't overutilized on your instance.
  • The security group and network access control list (network ACL) allow traffic on the correct ports, and you're instance's route table defaults to an internet gateway.
  • Your instance has the correct DNS configuration.
  • The web server is running, and the firewall allows access.
  • The TLS/SSL certificate is valid for the HTTPS connection.


Check that the instance is running and passing status checks

Make sure that your instance is listed as Running in the Amazon EC2 console. If your instance isn't listed as Running, then see Why is my EC2 Windows instance down with an instance status check failure?

Check that the instance boots correctly

Check that the CPU, disk, or memory isn't overutilized on your instance

Check the security group, network ACL, and route tables of your instance

Check that your instance has the correct DNS configuration

  • If your website uses an Amazon Route 53 DNS service, then check that you correctly configured the DNS records. For more information, see Why can't I access my website that uses Route 53 DNS services?
  • Make sure that an Elastic IP address is assigned to your instance. If you stop and start your instance, then the Elastic IP address remains associated to your instance. 
  • Make sure to map the public IP address or Elastic IP address to an A record.
  • If you use another DNS hosting service, then make sure to update the website's name servers on the domain that the website is registered to.

Check the web server and firewall settings

  • Run the following commands in Windows Service Manager to check that your web server is running:
net Stop W3SVC
net Start W3SVC
  • If your web server isn't running or your firewalls don't allow access, then users can't connect to your website. To check if your instance responds to a website on a specified port, run the following PowerShell commands from the remote machine:

Note: Replace the example values with your values.

tnc <example-public-IP> -port <example-port-number>
tnc <example-DNS-website-name> -port <example-port-number>
  • To check if a port that's bound to a website is in the listening state, run the following commands on your instance:
netstat -anob | findstr /i 80
netstat -anob | findstr /i 443

Example output

  • Check if your Windows firewall is blocking port connections on port 80 or 443.

To troubleshoot an unreachable port, see Why can't I connect to a port on an EC2 Windows instance?

Check that the TLS/SSL certificate is valid for the HTTPS connection

Related information

Why can't I connect to a website that is hosted on my EC2 instance?

AWS OFFICIALUpdated 9 months ago