Wednesday, October 5, 2022

[SOLVED] Unable to connect to amazon EC2 instance using private IP

Issue

Tl'Dr: I'm unable to (ssh) connect to amazon EC2 instance using private IP.

I'm using private IP because

  1. href="https://stackoverflow.com/a/56159299/2125837">https://stackoverflow.com/a/56159299/2125837
  2. my machine and ec2 are both within my company's VPN & intranet

The errors I'm getting are:

Resource temporarily unavailable or Connection refused

In fact, I had never been able to, and this is a problem that I've been trying to solve for weeks, as aws is so new to me that I don't even know where to start to ask questions. Now I'm able to replicate the problem with the simplest scenario:

  • Following the Quick Start to launch an instance using my default zone and the IAM of Amazon Linux 2, which is supposed to have everything working out of the box.
  • Using the most open rules:

enter image description here

Yet the connectivity is not there:

$ telnet 172.xx.xx.121 22
Trying 172.xx.xx.121...
telnet: Unable to connect to remote host: Connection refused

And ping is NOK too -- 3 packets transmitted, 0 received, 100% packet loss, time 2002ms

Trying to use the AWSSupport-TroubleshootSSH automation workflow to troubleshoot SSH connection issues is failing for both of my Ubuntu and Amazon Linux instances:

enter image description here enter image description here

What I'm missing?

The answer to Unable to connect to amazon EC2 instance via PuTTY talked about VPC Configuration, Internet Gateway and NACLs. Do I need to worry about them? As launching Amazon Linux, with everything default is supposed to have everything working out of the box, right?


Solution

The answer to Unable to connect to amazon EC2 instance via PuTTY talked about VPC Configuration, Internet Gateway and NACLs. Do I need to worry about them? As launching Amazon Linux, with everything default is supposed to have everything working out of the box, right?

None of those things you mentioned (VPC Configuration, Internet Gateway, NACLS) exist on the EC2 instance, those are all part of the VPC network infrastructure. Launching a default Amazon Linux EC2 server just means it has some default AWS stuff configured on the virtual machine, it has no bearing on the configuration of the network you are launching it into. So yes, you still need to worry about all those things.

my machine and ec2 are both within my company's VPN & intranet

This is the part I would focus on first. How does your company's VPN and intranet interface with the VPC? How does your company's network know to route the traffic for your EC2 instance's private IP over to the AWS VPC?

Verified that it is appearing under Managed Instances in the Systems Manager console

Then why not use Systems Manager Session Manager instead of SSH? It's more secure.



Answered By - Mark B
Answer Checked By - Clifford M. (WPSolving Volunteer)
at