2

I have created an EC2 Instance.

I have checked security groups, subnets - inbound traffic and public IP and DNS entry, but still not able to connect it remotely. I am constantly getting following error on accessing it from localmachine and also from trying to connect to it using AWS online ssh content method:

Error: Operation timed out

I have also tried to ping the server, but it also fails.

Can you please help me in connecting remotely with the EC2 Instance?

I am sharing the output of instance describe command so that you can help me. What's wrong with this instance or configuration?

Describe command output:

    "Reservations": [
        {
            "Groups": [],
            "Instances": [
                {
                    "AmiLaunchIndex": 0,
                    "ImageId": "ami-0d6621c01e8c2de2c",
                    "InstanceId": "i-0ba33f0cdd3e555fd",
                    "InstanceType": "t2.micro",
                    "KeyName": "jump-key",
                    "LaunchTime": "2020-04-10T05:04:23.000Z",
                    "Monitoring": {
                        "State": "disabled"
                    },
                    "Placement": {
                        "AvailabilityZone": "us-west-2a",
                        "GroupName": "",
                        "Tenancy": "default"
                    },
                    "PrivateDnsName": "ip-10-0-1-250.us-west-2.compute.internal",
                    "PrivateIpAddress": "10.0.1.250",
                    "ProductCodes": [],
                    "PublicDnsName": "ec2-18-236-76-162.us-west-2.compute.amazonaws.com",
                    "PublicIpAddress": "18.236.76.162",
                    "State": {
                        "Code": 16,
                        "Name": "running"
                    },
                    "StateTransitionReason": "",
                    "SubnetId": "subnet-00532a34e49b7f98f",
                    "VpcId": "vpc-01cd162cf4afcb926",
                    "Architecture": "x86_64",
                    "BlockDeviceMappings": [
                        {
                            "DeviceName": "/dev/xvda",
                            "Ebs": {
                                "AttachTime": "2020-04-10T05:04:24.000Z",
                                "DeleteOnTermination": true,
                                "Status": "attached",
                                "VolumeId": "vol-00907015e8b1b54a4"
                            }
                        }
                    ],
                    "ClientToken": "",
                    "EbsOptimized": false,
                    "EnaSupport": true,
                    "Hypervisor": "xen",
                    "NetworkInterfaces": [
                        {
                            "Association": {
                                "IpOwnerId": "amazon",
                                "PublicDnsName": "ec2-18-236-76-162.us-west-2.compute.amazonaws.com",
                                "PublicIp": "18.236.76.162"
                            },
                            "Attachment": {
                                "AttachTime": "2020-04-10T05:04:23.000Z",
                                "AttachmentId": "eni-attach-0f18a9b5254184a11",
                                "DeleteOnTermination": true,
                                "DeviceIndex": 0,
                                "Status": "attached"
                            },
                            "Description": "Primary network interface",
                            "Groups": [
                                {
                                    "GroupName": "default",
                                    "GroupId": "sg-0efd8084b6328f481"
                                }
                            ],
                            "Ipv6Addresses": [],
                            "MacAddress": "06:09:8f:cf:5d:e8",
                            "NetworkInterfaceId": "eni-048052fc271148c16",
                            "OwnerId": "811886212371",
                            "PrivateDnsName": "ip-10-0-1-250.us-west-2.compute.internal",
                            "PrivateIpAddress": "10.0.1.250",
                            "PrivateIpAddresses": [
                                {
                                    "Association": {
                                        "IpOwnerId": "amazon",
                                        "PublicDnsName": "ec2-18-236-76-162.us-west-2.compute.amazonaws.com",
                                        "PublicIp": "18.236.76.162"
                                    },
                                    "Primary": true,
                                    "PrivateDnsName": "ip-10-0-1-250.us-west-2.compute.internal",
                                    "PrivateIpAddress": "10.0.1.250"
                                }
                            ],
                            "SourceDestCheck": true,
                            "Status": "in-use",
                            "SubnetId": "subnet-00532a34e49b7f98f",
                            "VpcId": "vpc-01cd162cf4afcb926",
                            "InterfaceType": "interface"
                        }
                    ],
                    "RootDeviceName": "/dev/xvda",
                    "RootDeviceType": "ebs",
                    "SecurityGroups": [
                        {
                            "GroupName": "default",
                            "GroupId": "sg-0efd8084b6328f481"
                        }
                    ],
                    "SourceDestCheck": true,
                    "VirtualizationType": "hvm",
                    "CpuOptions": {
                        "CoreCount": 1,
                        "ThreadsPerCore": 1
                    },
                    "CapacityReservationSpecification": {
                        "CapacityReservationPreference": "open"
                    },
                    "HibernationOptions": {
                        "Configured": false
                    },
                    "MetadataOptions": {
                        "State": "applied",
                        "HttpTokens": "optional",
                        "HttpPutResponseHopLimit": 1,
                        "HttpEndpoint": "enabled"
                    }
                }
            ],
            "OwnerId": "811886212371",
            "ReservationId": "r-0e1cc9591c1fd51ff"
        }
    ]
}

Subnet settings

Security Group Inbound Settings

Improve this question
12
  • Did you try to ssh from your commandline? Commented Apr 13, 2020 at 3:59
  • Yes, but no luck in that too Commented Apr 13, 2020 at 4:00
  • 1
    I know you said you checked the security group, but just to confirm - did you explicitly allow access to the SSH port (22) for any IP address? Commented Apr 13, 2020 at 4:02
  • 1
    Can you post the verbose output, ssh -vvv -i ... Commented Apr 13, 2020 at 4:02
  • 1
    Your Security Group has only one rule that too is meant to allow aws security group. It does not have a rule to allow your IP address! Commented Apr 13, 2020 at 4:12

1 Answer 1

Reset to default
3

The things to check are:

  • The EC2 instance is running Linux (Your AMI is Amazon Linux 2, looks good)
  • The instance is in a public subnet, defined as having its Route Table pointing to an Internet Gateway (Unknown)
  • The security group permits inbound access on port 22 (Unknown)
  • Default Network ACLs (Looks good!)
  • Connecting via public IP address (looks good!)
  • Your network allows outbound SSH access (test this by trying an alternative network, such as work vs home vs tethered via your phone)

The Connection Timeout is an indication that there is no network connectivity.

In 80% of cases, the cause is the Security Group (which you have not shown in your question).

Failing that, I'd say that the instance is probably in a private subnet.

Amazon VPC networks are private by default. To connect them to the Internet, you need to attach an Internet Gateway. Then, to make a subnet "public", it needs a Route Table configuration that points to the Internet Gateway. Alternatively, you could use the Default VPC, which has already been configured with public subnets.

If your Default VPC is not present, it can be recreated via Create Default VPC (in the Actions menu).

Update: Here's the steps to launch a publicly-available Amazon EC2 instance in a new VPC (just to avoid any potential problems with your existing VPC).

  • Go to the VPC management console
  • Click Launch VPC Wizard
  • The default will create a "VPC with a Single Public Subnet", so click Select
  • Give it a Name and click Create VPC
  • Go to the EC2 management console
  • Click Launch Instance, then:
  • Step 1: Choose Amazon Linux 2 AMI
  • Step 2: Use defaults
  • Step 3: Auto-assign Public IP: Enable
  • Click Review and Launch (leaving everything else at default values)

You will be asked to select a Keypair when launching the instance. Make sure you have the private half of the selected keypair.

Once the instance is running, connect to it with:

ssh -i keypair.pem ec2-user@IP-ADDRESS

If the above works for you, it is then just a matter of comparing the differences between the above configuration and your current configuration. Try to spot what is different, which might be an instance configuration or a VPC/subnet configuration.

If the above does not work for you, then it is likely that your network is not permitting the outbound SSH connection. Try it on a different network (eg via a tethered phone) to test this.

Improve this answer
Sign up to request clarification or add additional context in comments.

12 Comments

Thank John, I have added the security group settings. and for the reason why again and again, ec2 instances are failing to be connecting remotely, I have shared the detailed instance overview as well.
I am able to login to ec2 instance by integrating a network gateway to the subnet, to which the ec2 instance is attached? is this is correct way or the only way ? if you know some otherway, without using it, it would be great. I followed the tutorials, but none of them mentioned the internet gateway is required to have the ssh connection from local machine.
I'm confused by your comment -- are you saying it worked, or are you asking about the setup? I added some more information to my answer. Security is of paramount importance in AWS, so if you created your own VPC, it is private by default.
@Vicky I have added extra steps to my answer showing how to launch an instance in a new VPC. Please try this to see whether it works. If it does, it's then just a matter of comparing what is different with your existing setup.
@Vicky Please try the instructions I added to my answer. This will create a new VPC so you can test whether everything works. Based on the results of that test, you can then determine what to do next.
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.