How do I troubleshoot connectivity issues that I'm experiencing while using an Amazon VPC?
Last updated: 2020-10-19
I'm unable to connect to my destination server using an Amazon Virtual Private Cloud (Amazon VPC) resource as the source. How do I troubleshoot this issue?
To troubleshoot VPC connectivity issues, use the AWSSupport-ConnectivityTroubleshooter automation document to check for common issues with:
- Security group configurations
- Network access control list (network ACL) configurations
- Route table configurations
Confirm that you have the required permissions to run the automation document
The following AWS Identity and Access Management (AWS IAM) permissions are required to run the automation document:
Run the automation document
From the AWS Management Console:
- Open the document in the AWS Systems Manager console. Be sure to open the document in the Region where your resources are located.
- For SourceIP, enter the private IP address of the VPC resource.
- For DestinationIP, enter the destination server IP address.
- For DestinationPort, enter the destination server port.
- Choose Execute.
- Monitor the progress of the document's execution. If the document status is Success, the automation didn't find any misconfigurations. If the document status is Failed, check the step that failed for details to resolve the issue.
From the AWS Command Line Interface (AWS CLI):
Note: If you receive errors when running AWS CLI commands, make sure that you’re using the most recent version of the AWS CLI.
For example, to diagnose connectivity issues from 172.31.2.7 to 172.31.2.8 on port 443 in an Amazon VPC:
aws ssm start-automation-execution --document-name "AWSSupport-ConnectivityTroubleshooter" --parameters "SourceIP=172.31.2.7,DestinationIP=172.31.2.8,DestinationPort=443" --region <region>