How to open port on EC2 to allow api requests from external ips

0

Hello. I am new to EC2. I am trying to make fastapi requests to my EC2 instance from an external ip address (my VM). I started a python docker container on my EC2 instance sudo docker run --name <container_name> -p 5000:5000 -itd python:latest bash. Then inside that container I ran the following script:

from fastapi import FastAPI

app = FastAPI()

@app.get("/")
async def root():
    return "Connection successful and operates on port 5000"

I then run this script with uvicorn main:app --port 5000 in the terminal of the container.

When I try to make an api request from inside the terminal of the container using requests.get('http://localhost:5000') I received the response I expect ("Connection successful and operates on port 5000").

But when I try to make the same request from my VM (external ip), using requests.get('http://3.17.184.122:5000') I always get the error

raise ConnectionError(e, request=request)
requests.exceptions.ConnectionError: HTTPConnectionPool(host='3.17.184.122', port=5000): Max retries exceeded with url: / (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7f94332f45e0>: Failed to establish a new connection: [Errno 111] Connection refused'))

I tried to add an inbound rule on the defaul security group to allow tcp access on port 5000, which did not help. I also tried to allow access from all traffic, which also did not help.

Please advise as far as what I am missing. Thank you.

asked 2 years ago1.3K views
2 Answers
0

https://www.uvicorn.org/#usage

The default interface for uvicorn is 127.0.0.1.

Specify the --host parameter when starting uvicorn, e.g., uvicorn main:app --port 5000 --host 0.0.0.0 to list on all interfaces

answered 2 years ago
0

The issue you are describing is not related to Security Groups or NACLs. Your connection would time out (as opposed to being rejected) if it were.

Double check if you are requesting the correct IP (public IP of the EC2 in the public subnet) - you can also test with ip a show on the ec2 console. You can try to call your running container from your ec2 to check if the docker network is working as expected.

answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions