By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Cannot run EC2 instance - got REFUSE_CONNECTION

0

I'm studying AWS. I'm creating VPC, Subnet (us-east-1a/1b for public and 1a/1b for private with different Ipv4). I created Route Table for private/public route for private/public subnet. Private will explicit 2 subnet private and public is without explicit 2 subnet. Internetgateway is attached to VPC. Using Internetgateway to public Route table Create NAT gateway and attached to private Route table Create security group: attached VPC, inbound I set all traffic

After that: I use command like this to create EC2 aws ec2 run-instances --image-id <value> --instance-type <value> --security-group-ids <value> --subnet-id <value> --key-name <value> --user-data <value>

My EC2 is running. However, when I click on the "Public IPv4 address". I will open a new window and I got the REFESUE CONNECTION from that.

I don't know what I miss configuration. The expected value that the website will show something like this is the instance is in the subnet with ID:...

Topics
Networking & Content DeliveryComputeAWS Well-Architected Framework
Tags
Amazon VPCAmazon EC2SecuritySecurity GroupAWS Academy
Language
English
David
asked 4 months ago270 views
4 Answers
1

Hi,

I hope that I understand your issue correctly.

Theory: The public network should be used as public one, so should have InternetGateway. The private network should be used as private one, so should not have InternetGateway.

Now, if you setup like above, once you will put machine into public network and assign public IP you should be able to connect, of couse if you have proper SecurityGroup in-place. If you put machine into private network, even if you assign public IP it won't be accessible due missing InternetGateway in that network. NAT gateway is only for outgoing connection, should be placed into public network and then allow machines from private network to reach internet (if proper routing is done). Anyway NAT Gateway is for outgoing connection only, you won't reach any machine from outside using NAT Gateway.

https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html

Thanks,

profile picture
Marcin Gondek
answered 4 months ago
  • David
    4 months ago

    Thank you so much for your support. I'm sorry for my missing information. I opened the EC2 with attached to Public subnet and using InternetGateway. For public subnet, I've already assigned the enable auto-assign public IPv4 address. For the EC2 attached with private subnet, I will use EC2 public to call it. I can connect both by SSH but open the website doesn't work. So, I guess EC2 are healthy at this time.

1

Hi David

Website on which EC2? Public - check security groups- that allow http traffic. Private thru Public - may require little magic with reverseproxy on Public one

Thanks,

profile picture
Marcin Gondek
answered 4 months ago
  • David
    4 months ago

    Hi Marcin,

    54.1**.2**.7* i use this thing to open ec2. I've checked my SG, I didn't touch the outbound rules. Inbound rules, i choose all trafic and http can connect from anywhere.

1

Ensure your security groups allow correct ports or http and https to your ec2.

profile picture
EXPERT
Gary Mclean
answered 4 months ago
1

Hi David,

So one by one: Check that http service is up, in LISTEN mode on EC2 level:

ss -l | grep -e http

you can check it also using on EC2 level:

curl http://127.0.0.1

and see that this connect.

If doesn't run, you need to start http server.

Then check that SecurityGroup is really connected to the specific EC2. Ensure that you have not blocked traffic by NACL by mistake on VPC level.

Thanks

profile picture
Marcin Gondek
answered 4 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content