I am unable to connect to an EC2 instance in a virtual private cloud (VPC) from the Internet.

Problems connecting to EC2 instances in a VPC are often related to the configuration of security groups, network access control lists (ACLs), or route tables.

Complete the following steps to ensure proper configuration of security groups, network ACLs, and route tables:


In this example, ports 22 and 3389 are opened to allow inbound traffic from a source IP address using SSH and RDP respectively.

For testing purposes, you can specify a Custom IP address of to enable all IP addresses to access your instance using SSH or RDP. Note that this should only be done for brief periods in test environments. In a production environment, only a specific IP address or range of addresses should be allowed to access your instance.


Network ACLs are stateless; responses to allowed inbound traffic are subject to the rules for outbound traffic (and vice versa). Therefore, make sure both the inbound and outbound traffic is allowed.


If the subnet route table does not have a route entry to an Internet gateway, then the instance is in a private subnet and is inaccessible from the Internet.

You can run the commands route -n (Linux) or netstat -rn (Linux and Windows) to find this information. The routes should look like this:


Connectivity, EC2 instance, Internet, VPC, Internet gateway, firewall, route table, EIP, ENI, ACL

Did this page help you? Yes | No

Back to the AWS Support Knowledge Center

Need help? Visit the AWS Support Center.