By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Instance connection is denied - CLIENT_FORBIDDEN [771]

0

I have used aws lightsail instance for small web service. about 2~3yrs. Unfortunately, service is blocked because of it hasn't been paid for a while. Now I have paid all. I tried to revive existing instance. And it looks like service is starting again.

but aws console connection is denied with error message bellow

[ An error occurred and we were unable to connect or stay connected to your instance. If this instance has just started up, try again in a minute or two. CLIENT_FORBIDDEN [771] ]

I have tried for hours but same error. SSH, HTTP, ping, all connections are also blocked, I haven't encountered login console. AWS monitoring saids it is working but I have no clue with it.

I tried clonning lightsail or EC2 instance with its snapshot. lightsail instance is blocked with same error message. EC2 instance is blocked with error message below

[ Failed to connect to your instance EC2 Instance Connect is unable to connect to your instance. Ensure your instance network settings are configured correctly for EC2 Instance Connect. For more information, see EC2 Instance Connect Prerequisites at https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-connect-prerequisites.html. ]

I feel like my credential is blocked with some reasons even though I have paid all. But i cannot unserstand, I cannot reach server at all while monitoring says it is working.

Is there anything I can try for revive my web service?

OS: Ubuntu 22, All ports are opened with all IP clean new installed amazon-linux access is also denied.

Topics
Compute
Tags
Amazon LightsailAmazon EC2Monitoring
Language
English
sbbdbba
asked 23 days ago70 views
3 Answers
0

It appears you're experiencing a complex issue with your Lightsail instance after reactivating your account. The CLIENT_FORBIDDEN [771] error typically indicates a problem with the instance's configuration or network settings, rather than an account-level block.

Here are some steps you can try to resolve the issue:

  1. Check your instance's firewall settings in the Lightsail console. Ensure that port 22 (SSH) is open for inbound connections.

  2. Verify that your instance is in a public subnet with an internet gateway attached, allowing for outbound traffic.

  3. Review your instance's security group settings to confirm they allow the necessary inbound and outbound traffic.

  4. Try rebooting the instance from the Lightsail console. If that doesn't work, try stopping and then starting the instance (note that this will change your public IP unless you're using a static IP).

  5. Create a snapshot of your instance's root volume. This will allow you to recover your data and potentially attach it to a new, functioning instance if needed.

  6. When creating a new instance from the snapshot, you can add a startup script to modify the SSH configuration. Add these lines to /etc/ssh/sshd_config:

    TrustedUserCAKeys /etc/ssh/lightsail_instance_ca.pub CASignatureAlgorithms +ssh-rsa

  7. If possible, try to access the instance's serial console to troubleshoot any OS-level issues.

  8. Consider upgrading to a larger Lightsail plan, as resource constraints could potentially cause connection issues.

If none of these steps resolve the problem, it may be necessary to contact AWS Support for further assistance. They can help identify any underlying issues with the instance or host system that aren't visible to you as a user.

Regarding the EC2 instance created from the Lightsail snapshot, the error suggests that EC2 Instance Connect is not properly configured. This is a separate issue from your Lightsail problem and would require additional configuration to resolve.

Remember, while AWS monitoring may show the instance as "working," this typically refers to the virtual machine being powered on and responding to basic health checks. It doesn't necessarily mean all services within the instance are functioning correctly.
Sources
EC2 Instance Connect cannot connect to my instance ! | AWS re:Post
Lightsail SSH - Connection (Request) Port 22: Connection timed out Issue . | AWS re:Post
CLIENT_UNAUTHORIZED [769] after update ubuntu | AWS re:Post

profile picture
re:Post Agent
answered 23 days ago
0

Hi,

Have you tried creating a root disk snapshot and attaching the disk to a newly created instance? https://docs.aws.amazon.com/lightsail/latest/userguide/amazon-lightsail-create-an-instance-root-volume-snapshot.html

  1. You can create the snapshot with the CLI
  2. Create a new instance with the console
  3. Verify that you can connect to the new instance.
  4. Create a disk from the snapshot.
  5. Attach the disk to the newly created instance.
AWS
Varun_R
answered 22 days ago
0

Hi,

There can be some delay to reinstate dependent services that Lightsail uses. Have you tried again recently? If its still not working, you can cut another support ticket to AWS.

AWS
Varun_R
answered 15 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content