CODEWITHSUNDEEP
amazon-web-servicesamazon-ec2amazon-ecsamazon-vpc
NickHunt2243
NickHunt2243

Reputation: 3

Unable to connect to AWS EC2 instance via http and https

I've been fighting this one for a bit. This was meant to be a test so I know how to configure my ec2 for hosting my personal website. I created a test ec2 instance to set up a react web app. I am able to ssh into the instance via the AWS Console and via PuTTY (I am on a Windows machine).

Configuration

I have configured my VPC, subnet, acl, etc. for all outbound traffic on any IPv4 and inbound (ssh, http, https) traffic anywhere IPv4. Ec2 has an Elastic public IP. Therefore I do not need a NAT Gateway (Correct?).

Main Issue

Yet still when I try to run sudo apt update I am welcomed with:

sudo apt update result

The update fails with a 101 error code. As you can see below I feel like my outbound connection should be open.

Inbound Rules - Subnet

Type Protocol Port Range Source
HTTP TCP 80 0.0.0.0/0
SSH TCP 22 0.0.0.0/0
HTTPS TCP 443 0.0.0.0/0

Outbound Rules - Subnet

Type Protocol Port Range Source
All Traffic TCP All 0.0.0.0/0

Routing Table

My routing table also has two routes:

Destination Target
0.0.0.0/0 IGW ID
CIDR Local

ACL - Inbound

Rule Number Type Protocol Port Range Source Allow/Deny
1 HTTP TCP 80 0.0.0.0/0 Allow
2 SSH TCP 22 0.0.0.0/0 Allow
100 HTTPS TCP 443 0.0.0.0/0 Allow
* All Traffic All All 0.0.0.0/0 Deny

ACL - Outbound

Rule Number Type Protocol Port Range Source Allow/Deny
100 All Traffic All All 0.0.0.0/0 Allow
* All Traffic All All 0.0.0.0/0 Deny

I have also attached an elastic IP to the instance as I figured that would help the reachability of inbound traffic.

I have checked and disabled the Ubuntu firewall via sudo ufw disable

ubuntu firewall

Additionally

I am unable to ping any http or https addresses. They come back as unreachable.

ping example

I ran a reachability test to the IP of one of the failed endpoints in sudo apt update and what do you know.. it is reachable.

Reachability test

I am open to anything at this point (with regard to safety obviously haha). But I am new to VPC's so it is possible that I am missing something fundamental. However, I will say I have been scrounging the internet for days and nothing seems to fit my issue. Or it has at least pushed me to where I am now.

The overall outcome is to have a public IP that you can access via https and view a host react app example. I am not looking for assistance with the react stuff - I am fine in that regard. Mostly concerned with the connectivity aspect.

Upvotes: 0

Views: 2094

Answers (1)

John Rotenstein
John Rotenstein

Reputation: 269861

When an HTTP request is sent, the request comes from a random port on your own computer (in this case, the Amazon EC2 instance). While the request is sent TO port 80 or port 443, the request comes from a port number that is tied to the specific request being made.

The remote computer will send a response to that port number.

For example, if you make a request to google.com, it might come from port 12345. Google will then send the respond back to your IP address and port 12345.

However, your configuration of the NACL rules specifically disallows this incoming traffic. Thus, the responses are being blocked.

Resolution: You should leave NACL settings as "Allow All" for both inbound and outbound traffic. There is rarely a need to limit traffic in NACLS -- instead, use Security Groups to restrict access to resources.

Also, I do not recommend PING as a test of the network. All it does is tell you if PING is working and doesn't help for diagnosing other problems. Also, the security group and the NACL would both need to allow ICMP protocol for it to work (and yours don't). Instead, concentrate on getting HTTP to work, since that is what you actually want.

Upvotes: 0

Related Questions