EC2 - 'Failed to connect...' on newly created EC2 instance on specific AWS account

Question

Hello Forum

Suddenly we are not able to connect to EC2 instances - nor SSH, nor through AWS Console

![Failed to connect to your instance](/media/postImages/original/IMU0RKzHaURz2ooWofFE2ZjA)

After trying troubleshooting 'lots' of possible scenarios, decided to create a new instance on that account with (AWS Linux 2023 and AWS Linux 2), new keys (RSA and ED25519), network firewall: 0.0.0.0/0, ::/0 for port :22 - usual default settings - then click on the `Connect` and no joy

BTW: tried different browsers, different computers, delete cookies, etcetera, etcetera, etcetera...

Now the funny thing is that only happens in one specific AWS account, using other AWS account (different customers) it works just fine, so this is just happening on a specific account.

Anyone knows where can I raise this `case`?
(Working with AWS for more than 8 years and this is my first re:Post - looks good)

Thanks for reading

Answer

Hi,

I would start by confirming that e.g. network connection to public network is working correctly as well. We have a troubleshoothing guide that you can follow https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/TroubleshootingInstancesConnecting.html.

You can also do troubleshooting from the instance perspective by creating AWS Systems Manager VPC endpoints in the VPC. Then your instance would be able to connect to SSM without connection to public networks. https://docs.aws.amazon.com/systems-manager/latest/userguide/setup-create-vpc.html

Third option could be using VPC Reachability Analyser that enables you to specify start and end for your connection and it will tell if there is something blocking connection. https://docs.aws.amazon.com/vpc/latest/reachability/what-is-reachability-analyzer.html

Answer

Hi Riku and jose

Thanks for the suggestions but no joy. In reality the EC2 instance that we lost SSH access is still working fine (we only have one on this account), it has public HTTP access and is doing its job, I can stop/restart using AWS Console and all good, but I am not able to connect: nor SSH client nor AWS Console

Lets forget that instance and back to the basics - lets rephrase the question:

I am able to create a new EC2 instances on AWS Console, but not able to 'Connect' to that newly created instance using the AWS Console.  And it only happens on this specific account, every other account I give support works just fine.

Where can I open an `AWS Console bug ticket`?

Answer

Hi iBehr

Thanks for your comment - yep, done that.

The point is: I am not able to 'Connect' to newly created instance using the AWS Console on this specific account.
There is a bug on this specific account regarding EC2 / SSH - using AWS Console (and SSH clients).

The one instance we have on this account is working fine, TCP-reachable - available through Internet, but not able to connect - nor SSH, nor AWS Console. But if a newly created EC2 is not 'connectable' no point in digging anymore on that specific instance.

This needs to escalate to respective AWS team, how and where can I log this case?

Thanks

Answer

Have you checked the Network ACL (NACL) that is applied to the subnet in which the instance sits?  Remember all that NACLs are not stateful and you must allow both the inbound and outbound flows.

Answer