EC2 Ubuntu Instance Unreachable - Instance Reachability Check Failed for AMI-based Instance"

0

Hello AWS community,

I am currently facing an issue with an Amazon EC2 Ubuntu instance that I've created from an Amazon Machine Image (AMI) of a previously running and properly functioning instance. Upon creating this new instance, it unfortunately failed the Instance Reachability Check and I've been unable to connect to it.

I have ensured that all the associated settings, including security groups and VPC configurations, were correctly duplicated from the original instance, but the issue still persists. In addition, I've tried starting and stopping the instance several times, but to no avail. I have also double-checked the instance's system logs through the AWS Management Console, but didn't find any alarming errors that could potentially cause this reachability failure.

At this point, I am quite puzzled about what might be causing this issue, and I'm looking for insights and advice on potential solutions or troubleshooting steps.

Could this be a problem related to the AMI itself or is it possibly an issue tied to the EC2 instance configurations? Also, what further steps could I take to investigate and resolve this reachability problem?

Any advice or guidance would be greatly appreciated.

Thank you for your time. Ghazi Anwer

Ghazi
asked a year ago579 views
3 Answers
0

When it boots up (as much as it can) is there anything on the system console that shows how far it has got? e.g. does it look like it's sitting in maintenance mode, or at a GRUB menu, or has it panicked and there's a panic string, or anything else? Select the instance and choose Actions -> Monitor and troubleshoot -> Get instance screenshot

When working with the original instance (the one you created your custom AMI from) did you make any major changes to it before creating the new AMI? I'm talking so much about installing the odd bit of software (although that can't be ruled out as a cause), but more like did you grow the root disk, or put /var on a separate slice, or bring things under LVM control where previously they weren't, or change SELinux from permissive to enforcing, that kind of thing.

Also check there aren't situations like a full / or /var filesystem on the original instance - while that one will carry on running and you may not notice anything, a new AMI created from a system in that state will have problems from the off.

Next step would be to stop the problem instance and detach its root volume. Then go back to the original instance (if it's still running, if not then provision a new instance from scratch with the plain AMI) and once it's booted attach the root disk from the problem instance as /dev/sdf (I think that's it, whatever the default value is).

Then on the command line run lsblk to identify the newly-attached device, and mount it on /mnt (if /var or /var/log is a separate filesystem then mount that one instead). This allows you to go through the problem instance's logs in /mnt/var/log. You may even want to tar or gzip these up and keep them somewhere that you can go though them later (like an S3 bucket). For a quick win it would also be worth sanity-checking /mnt/etc/fstab.

Also take a look at https://repost.aws/knowledge-center/ec2-linux-emergency-mode for more suggestions.

profile picture
EXPERT
Steve_M
answered a year ago
  • i have taken the instance screen shot .it show the command prompt asking for login . that means instance is fine but i am not able to connect .while creating the instance from ami i have taken the keypair of the existing instance which is running

  • The good news is it looks like it boots successfully. is the new instance in the same subnet as the original one (from which the AMI was created), and both instances have the same security group associated with them? if it's not in the same subnet then Reachability Analyser can help you https://docs.aws.amazon.com/vpc/latest/reachability/getting-started.html It would also be worth working through the links in the message from @alexanderpazik

0

Is the IP address of your source instance hardcoded in the configuration file? If your IP address is hardcoded in a configuration file, you can encounter issues that cause your network to fail to come up. This occurs when an Amazon Machine Image (AMI) is taken from an instance with a statically configured IP address. To fix this error, set your network interface on your source instance to use DHCP and create a new AMI.

Note that you can't update existing AMIs. Setting the network interface to use DHCP has to be done on the instance before creating a new AMI.

profile pictureAWS
answered a year ago
  • Yes it may be right i might have run a shell script for creating the static ip . how to change it to dhcp . can you provide any shell script for this

  • You can confirm that your IP address is not hardcoded in a configuration file on your source instance by navigating to /etc/sysconfig/network-scripts/ and checking any of the *-eth files for IPADDR= and NETMASK= entries. If those entries exist, you'll need to remove them.

    I also recommend that you create a launch template from your source instance: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/create-launch-template.html#create-launch-template-from-instance. This will deploy a new instance using the same settings as your source instance. Make sure to choose the AMI you created earlier.

0

Hi Ghazi,

Take a look at this article: https://repost.aws/knowledge-center/ec2-linux-status-check-failure.

Instance status checks may fail for the following reasons. You can use the following methods to troubleshoot an unreachable Linux instance.

profile pictureAWS
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions