Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

On AWS EC2, I cannot do wget or curl, or any outbound connection

On a freshly installed EC2:

  1. The Security Group is default. "All Traffic" is ALLOWed for 0.0.0.0/0 for both Inbound and Outbound.

  2. The "Network ACL" has some limitations for inbound as we want our website on this domain to be an internal network for our charity organisation. But from this server, we want to install some things via SSH so we need wget and curl. So the Outbound is also

    100 ALL Traffic 0.0.0.0/0 ALLOW

    • ALL Traffic 0.0.0.0/0 DENY

That last "DENY" is added by default.

With these settings, which seems to be quite normal, what else am I missing? Note that all iptables rules are flushed, and we do not use iptables to the best of my knowledge. All firewall stuff is managed by the Amazon VPC security settings.

Any thoughts or pointers? Thank you.

like image 222
Khom Nazid Avatar asked Oct 11 '15 09:10

Khom Nazid


People also ask

Why is my EC2 instance not connecting?

The following are common reasons why EC2 Instance Connect might not work as expected: EC2 Instance Connect doesn't support the OS distribution. The EC2 Instance Connect package isn't installed on the instance. There are missing or incorrect AWS Identity and Access Management (IAM) policies or permissions.

What are the 3 different methods that you connect to a EC2 instance?

The EC2 Instance Connect service endpoint is reachable over the internet or over an AWS Direct Connect public virtual interface. To connect to the instance's private IP address, you can leverage services such as AWS Direct Connect , AWS Site-to-Site VPN , or VPC peering.

How do you troubleshoot if you Cannot SSH into an AWS instance?

Confirm that the security group is permitting inbound SSH traffic (port 22) from your IP address (or even 0.0. 0.0/0 for testing purposes) Keep NACLs at default settings unless you understand them deeply. Make sure the instance is a Linux instance (Windows does not have SSH enabled)

Why can't my EC2 instance in a private subnet connect to the internet?

To troubleshoot why your Amazon EC2 can't access the internet, do the following: Verify that the EC2 instance meets all prerequisites. Verify that the instance has a public IP address. Verify that a firewall isn't blocking the access.


1 Answers

It appears that you are able to connect to your instance (via ssh or RDP), but you cannot access Internet resources from the instance. If so, things to check are:

  • Inbound Security Group: Not relevant (but probably OK since you are able to connect to the instance)
  • Outbound Security Group: Allow 0.0.0.0/0
  • Network Access Control Lists (NACLs): Start by allowing all traffic in & out to get things working, then limit them later per requirements. This is the default setting, too (as you listed, above)
  • Assign a public IP address (either when launching, or as an Elastic IP Address). If you are able to connect to the instance, then this is fine.
  • Launch the instance in a Public Subnet, which means the subnet has a rule in the Route Table that directs traffic to the Internet Gateway (if you are able to connect to the instance, then this is fine)

The fact that you can connect INWARDS suggests that your network settings are all correct. Being unable to initiate an OUTWARDS connection is normally due to an Outbound Security Group setting.

like image 74
John Rotenstein Avatar answered Sep 22 '22 09:09

John Rotenstein