Possible reasons for timeout when trying to access EC2 instance

Question

I cannot SSH into my instance - Operation timed out. What could be the reasons why, and what can I do to resolve it? Rebooting normally takes a long time to take effect, an

Answer 1

The following are possible issues:

• The most likely one is that the Security Group is not configured properly to provide SSH access on port 22 to your i.p. Change in security setting does not require a restart of server for it to be effective but need to wait a few minutes for it to be applicable.

• The local firewall configuration does not allow SSH access to the server. ( you can try a different internet connection, your phone/dongle to try it)

• The server is not started properly ( then the access checks will fail even on the amazon console), in which case you would need to stop and start the server.

Answer 2

Allow ssh and port 22 from ufw, then enable it and check with status command

sudo ufw allow ssh
sudo ufw allow 22
sudo ufw enable
sudo ufw status

Answer 3

If SSH access doesn't work for your EC2 instance, you need to check:

• Security Group for your instance is allowing Inbound SSH access (check: view rules).

If you're using VPC instance (you've VPC ID and Subnet ID attached to your instance), check:

1. In VPC Dashboard, find used Subnet ID which is attached to your VPC.
2. Check its attached Route table which should have 0.0.0.0/0 as Destination and your Internet Gateway as Target.

On Linux, you may also check route info in System Log in Networking of the instance, e.g.:

++++++++++++++++++++++++++++++++++++++Net device info+++++++++++++++++++++++++++++++++++++++
+--------+------+------------------------------+---------------+-------+-------------------+
| Device |  Up  |           Address            |      Mask     | Scope |     Hw-Address    |
+--------+------+------------------------------+---------------+-------+-------------------+
|   lo   | True |          127.0.0.1           |   255.0.0.0   |   .   |         .         |
|  eth0  | True |         172.30.2.226         | 255.255.255.0 |   .   | 0a:70:f3:2f:82:23 |
+--------+------+------------------------------+---------------+-------+-------------------+
++++++++++++++++++++++++++++Route IPv4 info+++++++++++++++++++++++++++++
+-------+-------------+------------+---------------+-----------+-------+
| Route | Destination |  Gateway   |    Genmask    | Interface | Flags |
+-------+-------------+------------+---------------+-----------+-------+
|   0   |   0.0.0.0   | 172.30.2.1 |    0.0.0.0    |    eth0   |   UG  |
|   1   |   10.0.3.0  |  0.0.0.0   | 255.255.255.0 |   lxcbr0  |   U   |
|   2   |  172.30.2.0 |  0.0.0.0   | 255.255.255.0 |    eth0   |   U   |
+-------+-------------+------------+---------------+-----------+-------+

where UG flags showing you your internet gateway.

For more details, check: Troubleshooting Connecting to Your Instance at Amazon docs.

Answer 4

Just reboot the Ec2 Instance once you applied Rules

Answer 5

Check out this help page on AWS docs:

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/TroubleshootingInstancesConnecting.html#TroubleshootingInstancesConnectionTimeout You will probably find your solution there. for me this part did the fix:

[EC2-VPC] Check the route table for the subnet. You need a route that sends all traffic destined outside the VPC to the Internet gateway for the VPC.

• Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

• In the navigation pane, choose Internet Gateways. Verify that there is an Internet gateway attached to your VPC. Otherwise, choose Create Internet Gateway and follow the directions to create an Internet gateway, select the Internet gateway, and then choose Attach to VPC and follow the directions to attach it to your VPC.

• In the navigation pane, choose Subnets, and then select your subnet.

• On the Route Table tab, verify that there is a route with 0.0.0.0/0 as the destination and the Internet gateway for your VPC as the target. Otherwise, choose the ID of the route table (rtb-xxxxxxxx) to navigate to the Routes tab for the route table, choose Edit, Add another route, enter 0.0.0.0/0 in Destination, select your Internet gateway from Target, and then choose Save.

But I suggest you check out all the options the link above covers , you may find there the one or more issues that you got.

Answer 6

Destroy and create anew

I had one availability zone where I could connect and another where I could not. After a few hours I got so frustrated that I deleted everything in that availability zone.

Building everything back I had to make sure to create EVERYTHING. This included:

• Create VPC
  • CIDR: 10.0.0.0/24
• Create Internet Gateway
• Attach Internet Gateway to VPC
• Create Routing Table
• Add Route to Routing Table
  • Destination: 0.0.0.0/0
  • Target: <Internet Gateway from earlier>
• Create Subnet
  • CIDR: 10.0.0.0/24
  • Routing Table: <Routing Table from earlier

It took me a LOT of fumbling to get all of this. I've ordered the steps in the way I think might be most efficient, but you may have to adjust them to get one item available for the next.

Suggestion

I'm not suggesting that you go thermo nuclear as I did. I'm offering all this information so that you can check these associations to ensure yours are appropriate.