- Newest
- Most votes
- Most comments
It seems you're experiencing connectivity issues with your EC2 instance. Let's go through some potential causes and solutions:
-
Network Configuration: While you've mentioned that the VPC has an internet gateway attached and the subnet is in the VPC, ensure that the subnet's route table has a route to the internet gateway (0.0.0.0/0 pointing to the IGW). This is crucial for public internet access.
-
Public IP: Verify that your instance has a public IP address assigned. Without this, you won't be able to connect from the internet.
-
Instance State: Confirm that the instance is in the "running" state and has passed all status checks.
-
Key Pair: Ensure you're using the correct private key that corresponds to the key pair you selected when launching the instance.
-
SSH Client: Check that you're using the correct username for the Amazon OS (typically "ec2-user") and the correct syntax for the SSH command.
-
Firewall: If you're connecting from a corporate network, check if there are any firewall rules blocking outbound SSH connections.
-
EC2 Instance Connect: Since you mentioned EC2 Instance Connect isn't working either, there might be an issue with the instance's metadata service or the EC2 Instance Connect package installation.
To troubleshoot further:
-
Try connecting using the EC2 Instance Connect feature through the AWS Management Console. This bypasses some potential local network issues.
-
Check the instance's system log in the EC2 console for any boot-time errors.
-
If possible, try launching a new instance in a different subnet or VPC to isolate whether the issue is specific to your current network configuration.
-
Verify that the EC2 Instance Connect package is installed on your instance. If not, you may need to install it manually.
-
Use the AWS Systems Manager Automation runbook "AWSSupport-TroubleshootEC2InstanceConnect" to diagnose connectivity issues systematically.
If none of these steps resolve the issue, you may need to contact AWS support for further assistance, as there could be account-specific settings or restrictions that are not immediately visible.
Sources
AWSSupport-TroubleshootEC2InstanceConnect - AWS Systems Manager Automation runbook reference
Connect to an Amazon EC2 instance using EC2 Instance Connect Endpoint - Amazon Elastic Compute Cloud
Install EC2 Instance Connect on your EC2 instances - Amazon Elastic Compute Cloud
Your EC2 will need a Public IP on a Public Subnet with a route of 0.0.0.0/0 to the Internet Gateway
I've checked everything on the AI response and everything look good.
Thanks Gary for the answer, my instance has a public IP and the subnet is on a VPC that has a internet gateway attached. On the Route table tab I can see a route with destination 0.0.0.0/0 to the internet gateway.
If the Security Group and Routing configurations are OK, then last config to verify from AWS end is to check Network ACL rules.
Please verify the Network ACL associated with subnets of EC2 and whether the rules allow the connectivity over TCP port 22. Please note that Network ACL are Stateless unlike Security group and you need to allow rules in both directions (Inbound and Outbound). Please refer AWS doc to understand basics of NACL and how to create Custom NACL rules. https://docs.aws.amazon.com/vpc/latest/userguide/nacl-basics.html https://docs.aws.amazon.com/vpc/latest/userguide/custom-network-acl.html
You can also enable VPC flow logs on the ENI of EC2 instance. VPC Flow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC. Flow logs can help you with a number of tasks, such as:
- Diagnosing overly restrictive security group rules
- Monitoring the traffic that is reaching your instance
- Determining the direction of the traffic to and from the network interfaces
Please refer AWS doc "https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html" for more info regarding VPC flow logs.
Hi! Thanks for the answers, the Network ACL rules look fine everything is enabled by default.
I've just tried to create the instance on eu-west-1 (Ireland) and everything works fine, it seems the problem is on eu-west-2 (London). I don't know why it doesn't work on that region.
Thanks for the time and the help!
Relevant content
- asked 14 days ago
- asked 3 years ago
- asked 2 months ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 6 months ago
- AWS OFFICIALUpdated 3 months ago