How do I use Amazon VPC Reachability Analyzer to troubleshoot connectivity issues with an Amazon VPC resource?

3 minute read
0

I want to use Amazon Virtual Private Cloud (Amazon VPC) Reachability Analyzer to troubleshoot connectivity issues with Amazon VPC resources.

Short description

You can use Reachability Analyzer from the AWS Management Console or the AWS Command Line Interface (AWS CLI). Also, you can use Reachability Analyzer to troubleshoot multiple AWS accounts.

To troubleshoot Amazon VPC connectivity issues, the Reachability Analyzer checks for misconfigurations with the following components:

  • Security groups
  • Network access control lists (network ACLs)
  • Route tables

Resolution

Note: Reachability Analyzer requires data from other AWS services. If Reachability Analyzer fails to run, then check the following configurations:

Use Reachability Analyzer from the AWS Management Console

To use the Reachability Analyzer from the AWS Management Console, specify a source and destination. Then, run a reachability analysis. If there's a reachable path, then the details are displayed. If the path is unreachable, then Reachability Analyzer provides an explanation code that identifies the blocking component.

  1. Create and analyze a path.
  2. Review the results of the analysis.
  3. Check the reachability status. If the reachability status doesn't match your intent, then change the network configuration and analyze the path.
  4. (Optional) To analyze an existing path, specify an intermediate component. To find an alternate reachable path that crosses the intermediate component, complete the following steps:
    Select the path, and then choose Analyze path.
    Determine the ARN for the intermediate component. For example, the ARN for a NAT gateway is arn:aws:ec2:us-east-1:123456789012:nat-gateway/nat-012345678901234ab.
    Enter the ARN for the intermediate component, and then choose Confirm.
    Refresh the page, and then view the new analysis ID that displays with the intermediate hop path.

Use Reachability Analyzer from the AWS CLI

Note: If you receive errors when you run AWS CLI commands, then see Troubleshoot AWS CLI errors. Also, make sure that you're using the most recent AWS CLI version.

To use Reachability Analyzer from the AWS CLI, complete the following steps:

  1. Create a path.
  2. Analyze the path.
  3. Get the results of the path analysis.

For more information, see Getting started with Reachability Analyzer using the AWS CLI.

Note: When a path is unreachable, NetworkPathFound is false and ExplanationCode contains an explanation code.

Use Reachability Analyzer to troubleshoot multiple accounts

To analyze paths across multiple accounts, take the following actions:

AWS OFFICIAL
AWS OFFICIALUpdated 5 months ago