How can I fix the connection to my Amazon EC2 instance or elastic network interface that has an attached Elastic IP address?

Short description

If you can't connect to an Amazon EC2 instance or an elastic network interface that has an attached Elastic IP address, make sure of the following:

• Security group rules for inbound traffic allow connection to the port or protocol.
• Inbound and outbound network access control list (network ACL) rules allow connection to the port or protocol.
• The route table for the subnet of the elastic network interface has a route to send and receive traffic from the internet.
• The OS firewall on the Amazon EC2 instance allows traffic to the port or protocol.

Resolution

1. Open the Amazon EC2 console.
2. In the navigation pane, choose Instances. Then, select the instance that you're trying to connect to.
3. On the Security tab, select the security group associated with the Amazon EC2 instance that has an Elastic IP address attached to it.
4. On the Inbound rules tab, confirm that you have a security group rule that allows traffic from your source to your port or protocol. You can add an inbound rule if you don’t have one.
5. Choose Instances, and then select the instance that you're trying to connect to.
6. On the Networking tab, select the elastic network interface that has the attached Elastic IP address. Then, select the elastic network interface ID.
7. On the Details tab, select the associated subnet ID.
8. On the Network ACL tab, confirm that the inbound and outbound rules of the network ACL allow traffic to your port or protocol. You can add inbound and outbound rules if you don't have them.
9. On the Route Table tab, confirm that you have a default route to an internet gateway to send traffic to the internet. If you don't have such a route in your route table, then add a 0.0.0.0/0 route to an internet gateway.
   Note: Be sure that your default route points to an internet gateway (not a NAT gateway). A NAT gateway doesn't allow inbound connections from the internet, except for the response traffic for an outgoing connection.
   Important: When you add a 0.0.0.0/0 route to an internet gateway, subnets associated with the route table are made public. Resources with public IP addresses in the associated subnets (for example, your Amazon EC2 instances) will be publicly accessible if they allow such traffic.
10. Retry connecting to your instance.

If you're still receiving connection timeout errors after completing the troubleshooting steps, do the following:

• Review the flow logs for your instance's elastic network interface. Check to confirm that the traffic to and from your source IP is recognized on the elastic network interface.
• Confirm that the traffic to and from your source IP is recognized on the elastic network interface.
• Confirm that the instance's OS-level firewall allows traffic.