Issue
Tl'Dr: I'm unable to (ssh) connect to amazon EC2 instance using private IP.
I'm using private IP because
- href="https://stackoverflow.com/a/56159299/2125837">https://stackoverflow.com/a/56159299/2125837
- my machine and ec2 are both within my company's VPN & intranet
The errors I'm getting are:
Resource temporarily unavailable or Connection refused
In fact, I had never been able to, and this is a problem that I've been trying to solve for weeks, as aws is so new to me that I don't even know where to start to ask questions. Now I'm able to replicate the problem with the simplest scenario:
- Following the Quick Start to launch an instance using my default zone and the IAM of Amazon Linux 2, which is supposed to have everything working out of the box.
- Using the most open rules:
- Verified that it is appearing under Managed Instances in the Systems Manager console
Yet the connectivity is not there:
$ telnet 172.xx.xx.121 22
Trying 172.xx.xx.121...
telnet: Unable to connect to remote host: Connection refused
And ping is NOK too -- 3 packets transmitted, 0 received, 100% packet loss, time 2002ms
Trying to use the AWSSupport-TroubleshootSSH automation workflow to troubleshoot SSH connection issues is failing for both of my Ubuntu and Amazon Linux instances:
What I'm missing?
The answer to Unable to connect to amazon EC2 instance via PuTTY talked about VPC Configuration, Internet Gateway and NACLs. Do I need to worry about them? As launching Amazon Linux, with everything default is supposed to have everything working out of the box, right?
Solution
The answer to Unable to connect to amazon EC2 instance via PuTTY talked about VPC Configuration, Internet Gateway and NACLs. Do I need to worry about them? As launching Amazon Linux, with everything default is supposed to have everything working out of the box, right?
None of those things you mentioned (VPC Configuration, Internet Gateway, NACLS) exist on the EC2 instance, those are all part of the VPC network infrastructure. Launching a default Amazon Linux EC2 server just means it has some default AWS stuff configured on the virtual machine, it has no bearing on the configuration of the network you are launching it into. So yes, you still need to worry about all those things.
my machine and ec2 are both within my company's VPN & intranet
This is the part I would focus on first. How does your company's VPN and intranet interface with the VPC? How does your company's network know to route the traffic for your EC2 instance's private IP over to the AWS VPC?
Verified that it is appearing under Managed Instances in the Systems Manager console
Then why not use Systems Manager Session Manager instead of SSH? It's more secure.
Answered By - Mark B Answer Checked By - Clifford M. (WPSolving Volunteer)
