Stay up to date with the latest from the Knowledge Center. See all new and updated Knowledge Center articles published in the last month and re:Post’s top contributors.
How can I fix the connection to my Amazon EC2 instance or elastic network interface that has an attached Elastic IP address?
I tried to connect to my Amazon Elastic Compute Cloud (Amazon EC2) instance using the attached Elastic IP address. However, I received a "Connection timed out" error. I need to fix the connection to my Amazon EC2 instance or elastic network interface that has an attached Elastic IP address.
Short description
If you can't connect to an Amazon EC2 instance or an elastic network interface with an attached Elastic IP address, then verify the following:
- Security group rules for inbound traffic allow connection to the port or protocol.
- Inbound and outbound network access control list (network ACL) rules allow connection to the port or protocol.
- The route table for the subnet of the elastic network interface has a route to send and receive traffic from the internet.
- The OS firewall on the Amazon EC2 instance allows traffic to the port or protocol.
Resolution
-
Open the Amazon EC2 console.
-
In the navigation pane, first choose Instances. Then, select the instance that you need to connect to.
-
On the Security tab, select the security group associated with the Amazon EC2 instance that has an Elastic IP address attached to it.
-
On the Inbound rules tab, confirm your security group rule allows traffic from the source to your port or protocol. You can add an inbound rule if you don't have one. For more information, see Configure security group rules.
-
Choose Instances, and then select the instance that you need to connect to.
-
On the Networking tab, first select the elastic network interface that has the attached Elastic IP address. Then, select the elastic network interface ID.
-
On the Details tab, select the associated subnet ID.
-
On the Network ACL tab, confirm that the inbound and outbound rules of the network ACL allow traffic to your port or protocol. You can add inbound and outbound rules if you don't have them. For more information, see 3. Add and delete rules.
-
On the Route Table tab, confirm that you can send traffic to the internet through a default route to an internet gateway. If you don't have such a route in your route table, then add a 0.0.0.0/0 route to an internet gateway. For more information, see Subnet route tables.
Note: Be sure that your default route points to an internet gateway, not a NAT gateway. A NAT gateway doesn't allow inbound connections from the internet, except for the response traffic for an outgoing connection.
When you add a 0.0.0.0/0 route to an internet gateway, subnets associated with the route table become public. Resources with public IP addresses in the associated subnets (for example, your Amazon EC2 instances) will be publicly accessible if they allow such traffic.
-
Connect to your instance.
If you still receive connection timeout errors after completing the troubleshooting steps, do the following:
- Review the flow logs for your instance's elastic network interface. Check to confirm that the traffic to and from your source IP is recognized on the elastic network interface.
- Confirm that the traffic to and from your source IP is recognized on the elastic network interface.
- Confirm that the instance's OS-level firewall allows traffic.
Relevant content
- AWS OFFICIALUpdated 7 months ago
- AWS OFFICIALUpdated 4 years ago
- AWS OFFICIALUpdated 6 months ago
- AWS OFFICIALUpdated 2 years ago
