Why can't I connect to an endpoint service from my interface endpoint in an Amazon VPC?

Last updated: 2019-08-30

I can't connect to an endpoint service from my Amazon Virtual Private Cloud (Amazon VPC) interface endpoint using AWS PrivateLink. How do I determine what's preventing me from making this connection?

Resolution

Check the following settings to troubleshoot connectivity problems between an interface VPC endpoint and an endpoint service.

Endpoint connection state

The endpoint connection must be in the Available state. If the endpoint connection is in the Pending or Rejected state, any connection sent to the Network Load Balancer from the interface endpoint times out. You might need to:

Network Load Balancer response

You can simulate the request from an instance in the same VPC as the Network Load Balancer. If you don't get the expected response, troubleshoot your network load balancer.

Network Load Balancer listener port

Be sure that the interface VPC endpoint is sending traffic to the correct listener port of the Network Load Balancer. For example, you might have a Network Load Balancer with a listener configured on port 80. If the client sends traffic on port 443, the client might receive the error Connection refused.

Zonal DNS name

If the client is using a zonal DNS name for the interface VPC endpoint, verify that the zone is responsive on the service provider's end. It's a best practice to use the regional DNS name to verify that requests are sent to healthy zones.

Security group and network access control rules

Check the security group and network access control (ACL) rules on both the service consumer and service provider's end. Be sure to allow traffic to and from the endpoint service.

 


Did this article help you?

Anything we could improve?


Need more help?