Question 286519 in Amazon Web Sevices Question posted in
The official Amazon Web Services documentation can be found here.

Amazon web services – EC2 connection failed via EC2 Instance Connect

Just start to learn AWS. And couldn’t figuring out why I can’t connect to my new created instance. I’m using amazon 2023 linux, and allow http and https to connect. Also I created IAM roles for it.

Here is the error:

Failed to connect to your instance
EC2 Instance Connect is unable to connect to your instance. Ensure your instance network settings are configured correctly for EC2 Instance Connect. For more information, see Set up EC2 Instance Connect at https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-connect-set-up.html.

Tags:

2

Answers


  1. 0

    You need to allow SSH traffic in order to connect to your instance. For security concerns, instead of allowing for all, you can allow only your IP address.

    Login or Signup to reply.
  2. 0

    It appears that you are wanting to connect to the instance by using EC2 Instance Connect.

    EC2 Instance Connects works as follows:

    • Your browser makes a connection to the EC2 Instance Connect Service on AWS
    • That service then makes an SSH connection to the instance

    Therefore, the Security Group Inbound Rule needs to allow inbound SSH access from the EC2 Instance Connect service.

    The easiest way to test things is to add a rule to the Security Group associated with the instance. The rule can permit Inbound access on port 22 (SSH) from 0.0.0.0/0. Note that this is not great for security because it permits all SSH traffic, but it is useful for testing.

    Then, test whether EC2 Instance Connect is working. Once it is working, you can further restrict the Security Group.

    From Prerequisites – Amazon Elastic Compute Cloud:

    EC2 Instance Connect uses specific IP address ranges for browser-based SSH connections to your instance (when users use the Amazon EC2 console to connect to an instance). If your users will use the Amazon EC2 console to connect to an instance, ensure that the security group associated with your instance allows inbound SSH traffic from the IP address range for EC2_INSTANCE_CONNECT. To identify the address range, download the JSON file provided by AWS and filter for the subset for EC2 Instance Connect, using EC2_INSTANCE_CONNECT as the service value. These IP address ranges differ between AWS Regions. For more information about downloading the JSON file and filtering by service, see AWS IP address ranges in the Amazon VPC User Guide.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search