How do I troubleshoot Amazon EC2 instance connection timeout errors from the internet?

4 minute read

I can't connect to an Amazon Elastic Compute Cloud (Amazon EC2) instance in my Amazon Virtual Private Cloud (Amazon VPC) from the internet. When I try to connect, the connection hangs, and then I receive an error similar to "Network error: Connection timed out". How can I fix this?

Resolution

Note: For "Permission Denied" or "Connection Refused" errors, see I'm receiving "Connection refused" or "Connection timed out" errors when trying to connect to my EC2 instance with SSH. How do I resolve this?

Verify that your security settings allow appropriate access

Review the following security settings for Amazon EC2 instances in your VPC:

Verify that your instance has an associated public IP address or Elastic IP address. Be sure to use this IP address when connecting to the instance.
Note: For more troubleshooting guidance, see How can I fix the connection to my Amazon EC2 instance or elastic network interface that has an attached Elastic IP address?
Add a rule to your security groups to allow access to your instance from your IP address using SSH.
Verify that your instance is passing system and instance status checks.

Verify that your network ACLs allow access to your instance

Verify that network ACLs allow access to your instance over SSH from your IP address as follows. For an example configuration, see Example: Control access to instances in a subnet.

First, find the Subnet ID for your instance:

Open the Amazon EC2 console.
In the navigation pane, under Instances, choose Instances.
Select your instance.
Choose Details.
Note the Subnet ID.

Then, review the inbound and outbound rules for the network ACL:

Open the Amazon VPC console.
In the navigation pane, under Virtual Private Cloud, choose Subnets.
In the content pane, select the Subnet ID that you previously noted.
Choose the Network ACL tab.
Important: If you have more than one subnet associated with your instance, then complete steps 5 and 6 for each subnet.
Check if the inbound rules differ from the default network ACL configuration. If the rules differ, then add a rule to allow inbound traffic for SSH to and from your IP address. For an example configuration for SSH, see Custom network ACL.
Check if the outbound rules differ from the default network ACL configuration. If the rules differ, then add a rule to allow outbound traffic for SSH to and from your IP address.

Verify that your VPC route table allows traffic to and from the internet

First, find the Subnet ID for your instance:

Open the Amazon EC2 console.
In the navigation pane, under Instances, choose Instances.
Select your instance.
Choose Details.
Note the Subnet ID.

Then, verify that your VPC route table allows traffic to and from the internet:

Open the Amazon VPC console.
In the navigation pane, under Virtual Private Cloud, choose Subnets.
In the content pane, select the Subnet ID that you previously noted.
Choose the Routes table tab.
Verify that you have a default route (a route whose destination is 0.0.0.0/0) pointing to your internet gateway. If there's no default route to your internet gateway, then choose Internet Gateways under Virtual Private Cloud from the navigation pane.
Select your VPC's internet gateway.
Note: You can find the VPC ID on the Details page of the instance.
In the Details view, note the ID value of the internet gateway.
Add a new route with a Destination of 0.0.0.0/0 and a Target of your internet gateway ID. Be sure to save your new route table configuration.
Note: If connecting from a bastion host, the VPC route table can't have a default route (0.0.0.0/0) to an internet gateway because it's a private subnet. For more information, see How do I troubleshoot accessing my EC2 instance using an SSH connection through a bastion host?

Check for conflicts with your local firewalls and routing tables

If you continue to experience connection problems, check for conflicts with your local firewall rules or local routing tables.

Related information

Why can't my Amazon EC2 instance connect to the internet using an internet gateway?

How do I troubleshoot problems connecting to my Amazon EC2 Linux instance using SSH?

Why can't my EC2 instance in a private subnet connect to the internet using a NAT gateway?

Why can't I connect to an Amazon EC2 instance within my Amazon VPC from the internet?

Get started with Amazon VPC

Topics

Networking & Content Delivery

Relevant content

EC2 Connection Problem
zbdev
asked 4 months ago
EC2 TCP port Connection refused
CASKY
asked 3 years ago
Connection refused problems of my EC2 instance
hgt1980
asked 8 months ago
SSH connection timeout
Accepted Answer
AWS-User-9556664
asked a year ago
SSH / sFTP return Connection refused
rePost-User-0284583
asked 14 days ago
I'm receiving "Permission denied (publickey)" or "Authentication failed, permission denied" errors when trying to access my EC2 instance. How do I resolve this?
AWS OFFICIALUpdated 2 months ago
How do I troubleshoot connection timeout errors from Lambda when trying to access an Amazon RDS DB instance?
AWS OFFICIALUpdated 2 years ago
How do I troubleshoot connecting to my EC2 Linux instance using an SFTP connection?
AWS OFFICIALUpdated 2 years ago
Why can't I connect to my Amazon EC2 Linux instance using SSH?
AWS OFFICIALUpdated 9 months ago
How to connect to a private EC2 instance from a local Visual Studio Code IDE with Session Manager and AWS SSO (CLI)
EXPERT
Faraz_AWS
published 8 months ago