Cannot connect to aws ec2 instance with https

Question

I launched ec2 instance and nginx on it. I can connect to it with http and ssh, but cannot with https. I referenced this page to configure my setup and got this:

ACL settings

inbound rules
Rule number |   Type   |Protocol|Port|  Source |Allow/Deny
1           | HTTP(80) | TCP(6) | 80 |0.0.0.0/0| Allow
2           |HTTPS(443)| TCP(6) |443 |0.0.0.0/0| Allow
3           |  SSH(22) | TCP(6) | 22 |0.0.0.0/0| Allow
4           |HTTPS(443)| TCP(6) |443 |   ::/0  | Allow
*           |Alltraffic|  ALL   |ALL |0.0.0.0/0| Deny   (AWS default)

outbound rules
Rule number |   Type   |Protocol|Port|  Source |Allow/Deny
1           |Alltraffic|  ALL   |ALL |0.0.0.0/0| Allow
2           |Alltraffic|  ALL   |ALL |   ::/0  | Allow
*           |Alltraffic|  ALL   |ALL |0.0.0.0/0| Deny   (AWS default)

Security group

inbound rules
   Type   |Protocol|Port|  Source 
HTTPS(443)| TCP(6) |443 |0.0.0.0/0
HTTPS(443)| TCP(6) |443 |   ::/0  
  SSH(22) | TCP(6) | 22 |0.0.0.0/0
 HTTP(80) | TCP(6) | 80 |0.0.0.0/0

outbound rules
   Type   |Protocol|Port|  Source 
Alltraffic|  ALL   |ALL |0.0.0.0/0
Alltraffic|  ALL   |ALL |   ::/0  

If i run Reachability Analyzer from internet gateway to instance with 80 port, its Reachable

If i run Reachability Analyzer from internet gateway to instance with 433 port, i got message

Network ACL <acl> does not allow inbound traffic

Why its does not allow traffic and how to fix it ?

Answer 1

In general, there should never be a need to modify the Network ACLs (NACLs) unless you have a specific network requirement (eg a DMZ).

They should be left at their default "Allow All" for both Inbound and Outbound traffic.

Given that the error message says "Network ACL does not allow inbound traffic", I recommend that you set the NACLs back to the default of "Allow All". That will resolve the error that you are receiving.