AWS Port in Security Group but Can't Connect

Question

I have a Security Group that has 80, 443, 22, and 8089.

Ports  Protocol   Source    security-group
22      tcp      0.0.0/0      [check]
8089    tcp      0.0.0/0      [check]
80      tcp      0.0.0/0      [check]
443     tcp      0.0.0/0      [check]

However, when I test the connection using a Python program I wrote:

import socket
import sys

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
p = sys.argv[1]
try:
    s.connect(('public-dns', int(p)))
    print 'Port ' + str(p) + ' is reachable'
except socket.error as e:
    print 'Error on connect: %s' % e
s.close()

However, I'm good with all ports but 8089:

python test.py 80
Port 80 is reachable
python test.py 22
Port 22 is reachable
python test.py 443
Port 443 is reachable
python test.py 8089
Error on connect: [Errno 61] Connection refused

Answer 1

The reason why you are able to connect successfully via localhost (127.0.0.1) and not externally is because your server application is listening on the localhost adapter only. This means that only connections originating from the instance itself will be able to connect to that process.

To correct this, you will want to configure your application to listen on either the local IP address of the interface or on all interfaces (0.0.0.0).

This shoes that it is wrong (listening on 127...):

~ $ sudo netstat -tulpn | grep 9966
tcp        0      0 127.0.0.1:9966          0.0.0.0:*               LISTEN      4961/python 

Here is it working right (using all interfaces):

~ $ sudo netstat -tulpn | grep 9966
tcp        0      0 0.0.0.0:9966            0.0.0.0:*               LISTEN      5205/python

Answer 2

Besides the AWS security groups (which look like you have set correctly), you also need to make sure that if there is an internal firewall on the host, that it is also open for all the ports specified.