I am unable to connect to an EC2 instance in a virtual private cloud (VPC) from the Internet.

Problems connecting to EC2 instances in a VPC are often related to the configuration of security groups, network access control lists (ACLs), or route tables.

Complete the following steps to ensure proper configuration of security groups, network ACLs, and route tables:

vpc-1-StatusChecks

In this example, ports 22 and 3389 are opened to allow inbound traffic from a source IP address using SSH and RDP respectively.

For testing purposes, you can specify a Custom IP address of 0.0.0.0/0 to enable all IP addresses to access your instance using SSH or RDP. Note that this should only be done for brief periods in test environments. In a production environment, only a specific IP address or range of addresses should be allowed to access your instance.

vpc-2-InboundRules
vpc-3-ACLs

Network ACLs are stateless; responses to allowed inbound traffic are subject to the rules for outbound traffic (and vice versa). Therefore, make sure both the inbound and outbound traffic is allowed.

vpc-4-RouteTables

If the subnet route table does not have a route entry to an Internet gateway, then the instance is in a private subnet and is inaccessible from the Internet.

You can run the commands route -n (Linux) or netstat -rn (Linux and Windows) to find this information. The routes should look like this:

vpc-5-netstat

Connectivity, EC2 instance, Internet, VPC, Internet gateway, firewall, route table, EIP, ENI, ACL


Did this page help you? Yes | No

Back to the AWS Support Knowledge Center

Need help? Visit the AWS Support Center.