can't connect to any new ec2 instances or rds databases


I've tried this many times over the last couple of weeks. I created a default VPC (virtual private cloud). I edited the default security group (firewall) to allow all inbound and outbound traffic to/from anywhere.

I created EC2 instances running Debian or Ubuntu, connected to my default VPC, using my default security group. I can't connect to them. PuTTY says "Network error: Connection timed out". I noticed today that if I attempt to connect immediately after creating or rebooting the instance, I can successfully connect for a minute or so, then PuTTY stops responding and eventually says that the connection was aborted due to a network failure. After that point, I can't connect anymore. When I try to connect from the browser, in the AWS management console, I get: "There was a problem setting up the instance connection".

The same kind of problem happens with Windows instances. Again, they're connected to my default VPC, using my default security group. If I attempt it immediately after creating or rebooting, I can connect to the instance using Windows's Remote Desktop Connection program. However, after running for a minute, I get disconnected; from that point on, trying to connect results in the error: "Remote Desktop can't connect to the remote computer" (remote computer is turned off, not available on the network, or has remote access disabled).

Neither can I connect to MS SQL or MySQL RDS databases. They are also using my default VPC and security group, so they should be wide open, but I can't reach them.

I can successfully connect to Linux and Windows virtual machines on Lightsail and Azure, so there doesn't seem to be anything wrong on my computer that would prevent outgoing connections. I can also connect to EC2 instances that my employer created from my work computer, but neither my home nor work computer can connect to EC2 instances that I created. Since I can connect to the EC2 instances briefly after rebooting them, that tells me that my VPC's security group is configured correctly to allow access. I can't see that I've done anything wrong, but I can't connect. Have I overlooked something, or could there be something wrong in AWS?

Another interesting thing to note is that if I add a superfluous character to the name of the computer I'm trying to connect to, my computer can tell instantly that the computer I'm trying to reach doesn't exist, but when I try to correct to the correct name, it takes a whole minute to time out. That tells me that, somehow, my computer can tell the instance exists; it just can't get SSH or RDP to work.

asked 2 years ago47 views
3 Answers

I decided to pay for a tech support plan and got help from tech support. It turns out that there was an issue with my individual account that would never have been visible in the AWS Management Console. Only AWS tech support would ever have been able to fix it.

"1. Your AWS resources have been isolated due to previous account suspension in 2015. Although you have reactivated your account in case #... in 2016, some of your resources were not un-isolated correctly and this could result in EC2 disconnection. Regarding this issue, I have requested our internal team to help, and they removed the isolation."

I'm not sure what it means for resources to be "isolated", but it obviously wasn't just a simple firewall configuration issue. If you're having a similar problem, you can't connect to your resources even with a wide-open firewall, and you've ever closed your AWS account and reopened it, then you might need to contact AWS tech support.

answered 2 years ago

Thanks for posting your solution after getting it resolved through other means.
I have been working on EC2 instances without problems until 16-Sep-2020. From Sep-17 I suddenly started seeing the same issue in my account. Getting "Connection timed out" when trying to SSH in to any of the EC2 instances in my account.
I have tried all possible ways I can based on available documentations:

  1. Tried creating fresh instances.
  2. Added security group that allow connection from any IP
  3. Tried following all possible troubleshooting steps described in this doc (Spent lot of time on it):
    But still no positive results.
    After seeing your post, my problem seems so much similar to yours, but I don't think the account on which I'm working(Owned by my client) was suspended like that at some point previously. This is a freshly created account as far as I know.
    I'm hoping someone at AWS support also will see this post here and respond.
answered 2 years ago

I have figured out that my problem is different.
In my case my broadband ISP was blocking my outgoings on port 22. I have no clue from when my outgoing connections became the business for my ISP, and I am not yet sure whether this can be resolved without changing the ISP.
For those facing similar issue:
Try doing a port scan with Nmap to Portquiz to see which all ports are blocked by your ISP.
Here is a blog post I found helpful for doing this:

Ok, you just need to check port 22 for this specific issue, but I think it is definitely useful to be aware about all such outgoing ports where your ISP has decided to poke their nose. That will help you in future when you have to work with those ports.

answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions