Get Hands-on with Amazon EKS - Workshop Event Series

Whether you're taking your first steps with Kubernetes or you're an experienced practitioner looking to sharpen your skills, our Amazon EKS workshop series delivers practical, real-world experience that moves you forward. Learn directly from AWS solutions architects and EKS specialists through hands-on sessions designed to build your confidence with Kubernetes. Register now and start building with Amazon EKS!

How do I troubleshoot Amazon EC2 instance connection timeout errors from the internet?

4 minute read

I want to troubleshoot "Network error: Connection timed out" messages I receive when I connect to an Amazon Elastic Compute Cloud (Amazon EC2) instance in my Amazon Virtual Private Cloud (Amazon VPC) from the internet.

Short description

Use Amazon VPC Reachability Analyzer to troubleshoot "Network error: Connection timed out" errors when you connect to an Amazon EC2 instance from the internet. You can also manually confirm your network configuration.

Note: To troubleshoot "Permission Denied" and "Connection Refused" errors, see How do I troubleshoot "Connection refused" or "Connection timed out" errors when I use SSH to connect to my EC2 instance with SSH?

Resolution

Use Reachability Analyzer to analyze your inbound traffic from the internet. When you specify the source resource, choose Internet Gateway from Source type. For Source, Choose the internet gateway associated with your Amazon VPC. When you specify the destination resource, choose Instances from Destination type, and then choose your instance from Destination. If the path is Not reachable, then manually troubleshoot Amazon EC2 “Connection timed out” errors.

You can also use Amazon Q to use natural language queries to troubleshoot issues with Reachability Analyzer. For more information, see Introducing Amazon Q support for network troubleshooting (preview) on the AWS Blogs website.

Note: If you connect from a bastion host, then your route table can't have a default route to an internet gateway. For more information, see How do I use a bastion host to securely connect to my EC2 Linux instance in a private subnet?

Troubleshoot network configuration

Check the following network configuration settings:

Security settings for instances in your Amazon VPC

Check that your instance has an associated public IP address or Elastic IP address. Be sure to use this IP address when you connect to the instance. For more information, see How can I fix the connection to my Amazon EC2 instance or elastic network interface that has an attached Elastic IP address?
Add a rule to your security groups that allows access to your instance from your IP address when you use SSH.
Verify that your instance passes system and instance status checks.

VPC Block Public Access

Check if VPC Block Public Access (BPA) is active.

If VPC BPA is active, then check that your Internet gateway block direction is Bidirectional, and that you created exclusions for your resources. If you didn’t create exclusions for your resources, then create them. For more information, see Enhancing VPC Security with Amazon VPC Block Public Access on the AWS Blogs website.

Note: If you direct traffic to your resource through local firewalls or middlebox appliances, then you must exclude subnets. To exclude subnets, select all subnets in the path to your resources.

AWS Network Firewall

Note: Reachability Analyzer doesn’t detect all AWS Network Firewall rules that can block traffic.

If you use an AWS Network Firewall between your instances and internet gateway, verify that the firewall allows traffic in its stateful and stateless rules. For more information, see the The Network Firewall rule is incorrectly configured section of How do I troubleshoot issues with Network Firewall when a rule isn't working as expected?

Local firewalls and route tables

Check for conflicts with your local firewall rules and local route tables.

Related information

Why can't my Amazon EC2 instance access the internet through an internet gateway?

How do I resolve SSH connection issues to my Amazon EC2 Linux instance?

How do I troubleshoot problems connecting to my Amazon EC2 Linux instance using SSH?

How do I troubleshoot connectivity issues from the internet to Amazon EC2 instances within my VPC?

Plan your VPC

Topics: Networking & Content Delivery
Tags: Amazon VPC
Language: English

AWS OFFICIALUpdated 6 months ago

No comments

Relevant content

How do I connect to the internet from an EC2 instance in a VPC?
Accepted Answer
paul
asked 2 years ago
How to connect an EC2 in a VPC to an Aurora RDS in another VPC using VPC Peering
Accepted Answer
Mahmoud
asked 2 years ago
EC2 instance with public IP can't access internet (HTTPS 443 timeout)
Accepted Answer
Paulo Cesar
asked 9 months ago
Routing internet-bound traffic from EC2 instance through to Azure via Site-to-Site connection?
Elliot
asked a year ago
Troubleshooting Intermittent Connection Loss Between AWS VPN Client and EC2 Instance in a VPC
Tatev
asked a year ago
How do I troubleshoot connectivity issues from the internet to Amazon EC2 instances within my VPC?
AWS OFFICIALUpdated 2 years ago
How do I troubleshoot network connectivity from my Amazon SageMaker notebook instance that has direct internet access deactivated?
AWS OFFICIALUpdated 2 years ago
How do I troubleshoot timeout issues with a Lambda function that's in an Amazon VPC?
AWS OFFICIALUpdated 2 years ago
How do I troubleshoot connection timeout errors from Lambda when trying to access an Amazon RDS DB instance?
AWS OFFICIALUpdated 5 years ago
Support Automation Workflow (SAW) Runbook: Analyze connectivity to an AWS service endpoint
EXPERT
Maya Karalic
published 3 years ago