- 最新
- 投票最多
- 评论最多
Hello.
Are communications allowed by the network ACLs set for the security groups and subnets configured on the EC2?
Has someone on your team accidentally changed the settings?
Also, is the IP address from which you are connecting a fixed IP address?
Make sure that the IP address from which you are connecting is allowed in the security group.
I'd start by checking following through AWS config if you have AWS config already enabled:
- VPC
- Subnets
- NACL
- Security groups
Go to AWS config console -> Click Resources -> Type subnet in resource type and select based on what you want to check first(you can choose multiple resource type too) -> Search for those commonly used subnets and see if there was any recent change occurred. There might be some routes reconfigured, which is why this started happening ll at sudden. Similarly, check for security groups, NACL in aws config and verify if there are any changes happened to any of those commonly used security groups and impact of the change.
This would give you some clue, what changes are made recently, which is why this started happening since it's completely account/org specific issue.
Hope this helps.
Comment here if you have additional questions, happy to help.
Abhishek
How do you connect to EC2 and RDS, is it across the public internet (even if using VPN) or is it using Direct Connect (or is it something else)?
if your internet connection had an outage that would have caused this behaviour, though I would expect you would have noticed not being able to connect to anything else on the internet.
If it's Direct Connect then that sometimes has maintenance outages (usually communicated well in advance by email from AWS) which would cause an interruption to service if you don't have redundant DX connections setup.
Also check for an interruption to service at the provider who hosts your Direct Connect link.
Someone changed inbound rules for the Default VPC NACL by mistake and that stopped us connecting to the resources
Yes, everything seems to be configured the way it was earlier and IP address from which we connect is not really fixed but we allow from any IP address for these machines. Nothing seems obvious but no one is able to connect for some reason, it only times out
Thanks for the reply. Have you checked the network ACL settings for your subnet? Also, can you confirm that there is a route to the Internet Gateway in the route table of the subnet on which the EC2 is running? https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html