Apparently, my EC2 instance can’t access the internet properly. Here is what happens when I try to install a Python module:
[ec2-user@ip-172-31-90-31 ~]$ pip3 install flask
Defaulting to user installation because normal site-packages is not writeable
WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<pip._vendor.urllib3.connection.HTTPSConnection object at 0x7fab198cbe10>: Failed to establish a new connection: [Errno 101] Network is unreachable')': /simple/flask/
etc.
Besides, inbound ping requests to instances the Elastic IP fail (Request Timed Out).
However, the website that is hosted on the same EC2 instance can be accessed using both http and https.
The security group is configured as follows: the inbound rules are
Port range | Protocol | Source |
---|
80 | TCP | 0.0.0.0/0 |
22 | TCP | 0.0.0.0/0 |
80 | TCP | ::/0 |
22 | TCP | ::/0 |
443 | TCP | 0.0.0.0/0 |
443 | TCP | ::/0 |
the outbound rules are
IP Version | Type | Protocol | Port range | Source |
---|
IPv4 | All traffic | All | All | 0.0.0.0/0 |
The ACL inbound rules are:
Type | Protocol | Port range | Source | Allow/Deny |
---|
HTTP (80) | TCP (6) | 80 | 0.0.0.0/0 | Allow |
SSH (22) | TCP (6) | 22 | 0.0.0.0/0 | Allow |
HTTPS (443) | TCP (6) | 443 | 0.0.0.0/0 | Allow |
All ICMP - IPv4 | ICMP (1) | All | 0.0.0.0/0 | Allow |
All trafic | All | All | 0.0.0.0/0 | Deny |
and the outbound rules are:
Type | Protocol | Port range | Source | Allow/Deny |
---|
Custom TCP | TCP (6) | 1024 - 65535 | 0.0.0.0/0 | Allow |
HTTP (80) | TCP (6) | 80 | 0.0.0.0/0 | Allow |
SSH (22) | TCP (6) | 22 | 0.0.0.0/0 | Allow |
HTTPS (443) | TCP (6) | 443 | 0.0.0.0/0 | Allow |
All ICMP - IPv4 | ICMP (1) | All | 0.0.0.0/0 | Allow |
All trafic | All | All | 0.0.0.0/0 | Deny |
This is what the route table associated with the subnet looks like:
Destination | Target | Status | Propagated |
---|
172.31.0.0/16 | local | Active | No |
0.0.0.0/0 | igw-09b554e4da387238c | Active | No |
(no explicit or edge associations).
As for the firewall, executing sudo iptables –L
results in
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
and sudo iptables -L -t nat
gives
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
What am I missing here? Any suggestions or ideas on this would be greatly appreciated.
Thanks
Hi Cameron, I've allowed ICMP traffic, and now outbound pings work fine. There are (at least) two problems though: inbound ping requests fail (the message is Request Timed Out) and, more importantly, functionality like installing Python modules is unavailable (please see the details I added at the beginning of the question). If you could advise me on this, I'd be most grateful. Thank you.