Problems connecting to public IP address from EC2 instance

Question

I'm new to setting up applications and currently facing issues connecting to my IP address.

Recently, I launched my first AWS instance and it was working fine before I attached it to an Elastic IP (trying to attach to my GoDaddy domain). The instance state is "running" and everything looks healthy, but when I go to the Public IP/Elastic IP, I get an error message saying: "This site can’t be reached. XX.XXX.XX.XXX refused to connect". I'm using a Mac and my web server is listening on port 80.

Things I have checked:

• internet connection is working
• not using any firewall/anitvirus
• emptied all cache/cookies
• not using a proxy server

• My Security Group

• – inbound ports 80, 8080, 22 and 3389;

• – outbound ports 8080, All traffic.

• My VPC

• – subnet ID is verified and "available"

• – route Tables 172.31.0.0/16 & 0.0.0.0/0 are "active", not propagated

Can someone help and please point out what I'm doing wrong?

Answer 1

Attaching an Elastic IP Address to an Amazon EC2 instance does not change anything on the instance itself. It is purely an assignment of a Public IP Address within the Amazon VPC.

Amazon EC2 instances do not normally know their own public IP address. Instead, traffic sent to the Public IP Address is routed through the Internet Gateway and then to the private IP address of the instance. As long as you did not somehow configure the old public IP address within the instance, the assignment of the Elastic IP Address should not be a problem.

You can remove the Elastic IP Address and try connecting again -- the instance will receive an auto-assigned IP address again (which might change whenever you start/stop the instance).

Some things you could try are:

• Connect to another instance in the same subnet, with the same Security Group. If this works, then you know that the problem is with the instance itself, rather than the network.
• Try connecting to the non-responsive instance from another instance in the same subnet using the private IP address of the non-responsive instance. This will eliminate potential networking problems.

The standard things to always check when attempting to connect from the Internet to an EC2 instance are:

• Internet Gateway attached to the VPC
• You are referencing the instance via a Public IP Address
• Instance was launched in a public subnet, which means that the subnet is associated to a Route Table that routes to the Internet Gateways
• Security Group is permitting the inbound traffic from your IP Address and port (outbound traffic configuration is irrelevant because Security Groups are stateful)
• Network ACL is not blocking the traffic (by default it permits all inbound and outbound traffic)
• The instance is listening on the port (eg Linux SSH on port 22, Windows RDP on port 3389)
• There are no host-based firewalls on the instance blocking traffic (eg Windows Firewall)

Answer 2

I always reboot my Linux servers on AWS after associating an elastic IP. Normally I wouldn't blindly suggest rebooting a Linux server, but I have found it helpful in cases like this. There are several things you should think about before rebooting. Making sure you don't have important files exclusively on volatile storage would be one example.

Re "...when I go to the Public IP/Elastic IP..." How are you going to the address? Sounds like you're trying to connect with a web browser.

• Have you tried connecting from your Mac over some other protocol, like ssh? That would be another way to confirm that your elastic IP is in effect
• Have you tried to connect to the web server more directly? Like using wget from the server's shell? You would use the private IP address or localhost, so that doesn't help diagnose the elastic IP address.