How can I fix the connection to my Amazon EC2 instance or elastic network interface that has an attached Elastic IP address?

Last updated: 2019-07-19

I tried to connect to my Amazon Elastic Compute Cloud (Amazon EC2) instance using the attached Elastic IP address. However, I received a Connection timed out error. How can I fix the connection to my Amazon EC2 instance or elastic network interface that has an attached Elastic IP address?

Short Description

If you can't connect to an Amazon EC2 instance or an elastic network interface that has an attached Elastic IP address, be sure that:

  • Security group rules for inbound traffic aren't blocking your connection to the port or protocol.
  • Inbound and outbound network access control list (network ACL) rules aren't blocking your connection to the port or protocol.
  • The route table for the subnet of the elastic network interface has a route to send and receive traffic from the internet.
  • An OS firewall on the Amazon EC2 instance isn't blocking traffic to the port or protocol.

Resolution

  1. Open the Amazon EC2 console, and then select the instance that you're trying to connect to.
  2. On the Description tab, choose the elastic network interface with the attached Elastic IP address.
    Note: If you have multiple elastic network interfaces on your instance, locate the specific elastic network interface:
    Copy the ENI ID.
    In the navigation pane, choose Network Interfaces.
    Paste the ENI ID in the search box.
  3. On the Description tab, choose view inbound rules from Security groups.
  4. Confirm that you have a security group rule that allows traffic from your source to your port or protocol. Add an inbound rule if you don't have one.
  5. On the Details tab, copy the Subnet ID.
  6. Open the Amazon VPC console.
  7. In the navigation pane, choose Subnets.
  8. Paste the Subnet ID in the search box.
  9. Choose the Network ACL tab.
  10. Confirm that the inbound rules and outbound rules of the network ACL allow traffic to your port or protocol. Add inbound and outbound rules if you don't have them.
  11. Choose the Route Table tab.
  12. In the route table, confirm that you have a default route to an internet gateway to send traffic to the internet. If you don't have such a route in your route table, then add a 0.0.0.0/0 route to an internet gateway.
    Note: Be sure that your default route points to an internet gateway, rather than to a NAT gateway. A NAT gateway doesn't allow inbound connections from the internet unless it's the response traffic for an outgoing connection.

If you're still receiving connection timeout errors after completing the troubleshooting steps above:

  • Review the flow logs for your instance's elastic network interface. Check to confirm that the traffic to and from your source IP is recognized on the elastic network interface.
  • Check the instance's OS-level firewall to confirm that it's not blocking traffic.

Did this article help you?

Anything we could improve?


Need more help?