By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

problems migrating EC2-Classic to Amazon VPC

0

I'm in the process of migrating an EC2-Classic instance to Amazon VPC. I have created the VPC and a new AMI. The AMI is running, and passes security checks, but I cannot open any network connections to it at all. I cannot even ping it using IPv4 or IPv6. I set up security group rules based on the rules that I am currently using for the EC2-Classic instance. The only thing I can do is access the console using the EC2 serial console. I cannot login from there (presumably because the ec2-user account has no password), and there are no indications on the console of any problems (no error messages, etc.).

What can I do? Have I missed a step? I followed the directions for the migration sent to me and attempted to recreate the same type of environment I have on the new instance as the previous EC2-Classic instance. Do I need to purchase a support option? (I don't currently have one.)

Topics
Networking & Content DeliveryCompute
Tags
Amazon VPCAmazon EC2Security Group
Language
English
rePost-User-4883738
asked 2 years ago314 views
2 Answers
1
Accepted Answer

Did you create an Internet Gateway and assign it to the VPC?

Does your route table have a 0.0.0.0/0 entry pointing to the IGW?

profile picture
cloudcake_uk
answered 2 years ago
profile picture
EXPERT
Giovanni Lauria
reviewed 35 minutes ago
  • rePost-User-4883738
    2 years ago

    I checked and for some reason, no Internet Gateway was created when I initially set up the VPC. (I took the default settings.) I created one, assigned it to the VPC, and created default v4 and v6 route table entries. I can now ssh to the new instance using v4 but not v6. I can use curl to get to www.ripe.net from the new instance using v4 and v6.

0

If you're trying to ping it from a client on the internet, make sure you have given your instance a public IP address and that's what you're pinging. Also open up your SG for ICMP inbound from your client's IP or whole internet. On the other hand if you're trying to ping its private IP address from an on-prem client connected via site-to-site VPN or Direct Connect, make sure your VPC's routing and NACLs are correct as well as your SG.

EXPERT
skinsman
answered 2 years ago
  • rePost-User-4883738
    2 years ago

    I took the default settings for networking when creating my instance, so it has public v4 and v6 addresses that are granted by EC2. The v4 address changes after a restart, but the v6 has remained the same. The SGs grant the same access as the old EC2 instance I have, which I am able to access without any problems. Using dig, it appears that DNS knows of the existence of the v4 address. I'm just trying to connect with ssh from my ISP, not using VPN or anything like that.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content