By using AWS re:Post, you agree to the AWS re:Post Terms of Use

Unable to ssh to an EC2 instance

0

I've just reinstated my account on AWS. At first I had troubles creating EC2 instances because my account was invalid, but that is sorted now.

The problem is I cannot ssh to my instance.

I've launched a simple t2.micro instance, using the wizard I selected the amazon OS, created the key pair and select I want ssh. Once the instance is ready I try to ssh into it but I get a timeout. I've checked:

  • The security group has an inbound rule type ssh, port 22 and source 0.0.0.0/0
  • The security group has an outbound rule where everything is allowed
  • The vpc has an internet gateway attached
  • The subnet is on the vpc

Everything is as it is created by the launch instance form. The only modification I made is allowing ICMP to check if I can ping (I can't either)

Needles to say I cannot connect using EC2 instance connect either.

Somewhere I read that my account could be "isolated" but, according to AWS support my account is fine.

Thank you very much

5 Answers
0

It seems you're experiencing connectivity issues with your EC2 instance. Let's go through some potential causes and solutions:

  1. Network Configuration: While you've mentioned that the VPC has an internet gateway attached and the subnet is in the VPC, ensure that the subnet's route table has a route to the internet gateway (0.0.0.0/0 pointing to the IGW). This is crucial for public internet access.

  2. Public IP: Verify that your instance has a public IP address assigned. Without this, you won't be able to connect from the internet.

  3. Instance State: Confirm that the instance is in the "running" state and has passed all status checks.

  4. Key Pair: Ensure you're using the correct private key that corresponds to the key pair you selected when launching the instance.

  5. SSH Client: Check that you're using the correct username for the Amazon OS (typically "ec2-user") and the correct syntax for the SSH command.

  6. Firewall: If you're connecting from a corporate network, check if there are any firewall rules blocking outbound SSH connections.

  7. EC2 Instance Connect: Since you mentioned EC2 Instance Connect isn't working either, there might be an issue with the instance's metadata service or the EC2 Instance Connect package installation.

To troubleshoot further:

  1. Try connecting using the EC2 Instance Connect feature through the AWS Management Console. This bypasses some potential local network issues.

  2. Check the instance's system log in the EC2 console for any boot-time errors.

  3. If possible, try launching a new instance in a different subnet or VPC to isolate whether the issue is specific to your current network configuration.

  4. Verify that the EC2 Instance Connect package is installed on your instance. If not, you may need to install it manually.

  5. Use the AWS Systems Manager Automation runbook "AWSSupport-TroubleshootEC2InstanceConnect" to diagnose connectivity issues systematically.

If none of these steps resolve the issue, you may need to contact AWS support for further assistance, as there could be account-specific settings or restrictions that are not immediately visible.
Sources
AWSSupport-TroubleshootEC2InstanceConnect - AWS Systems Manager Automation runbook reference
Connect to an Amazon EC2 instance using EC2 Instance Connect Endpoint - Amazon Elastic Compute Cloud
Install EC2 Instance Connect on your EC2 instances - Amazon Elastic Compute Cloud

profile picture
answered a month ago
profile picture
EXPERT
reviewed a month ago
0

Your EC2 will need a Public IP on a Public Subnet with a route of 0.0.0.0/0 to the Internet Gateway

profile picture
EXPERT
answered a month ago
0

I've checked everything on the AI response and everything look good.

Thanks Gary for the answer, my instance has a public IP and the subnet is on a VPC that has a internet gateway attached. On the Route table tab I can see a route with destination 0.0.0.0/0 to the internet gateway.

answered a month ago
0

If the Security Group and Routing configurations are OK, then last config to verify from AWS end is to check Network ACL rules.

Please verify the Network ACL associated with subnets of EC2 and whether the rules allow the connectivity over TCP port 22. Please note that Network ACL are Stateless unlike Security group and you need to allow rules in both directions (Inbound and Outbound). Please refer AWS doc to understand basics of NACL and how to create Custom NACL rules. https://docs.aws.amazon.com/vpc/latest/userguide/nacl-basics.html https://docs.aws.amazon.com/vpc/latest/userguide/custom-network-acl.html

You can also enable VPC flow logs on the ENI of EC2 instance. VPC Flow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC. Flow logs can help you with a number of tasks, such as:

  1. Diagnosing overly restrictive security group rules
  2. Monitoring the traffic that is reaching your instance
  3. Determining the direction of the traffic to and from the network interfaces

Please refer AWS doc "https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html" for more info regarding VPC flow logs.

AWS
answered a month ago
0

Hi! Thanks for the answers, the Network ACL rules look fine everything is enabled by default.

I've just tried to create the instance on eu-west-1 (Ireland) and everything works fine, it seems the problem is on eu-west-2 (London). I don't know why it doesn't work on that region.

Thanks for the time and the help!

answered 25 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions