Can’t Connect EC2 Instance to the Internet using an Internet Gateway? We can help you.
To prevent this error, we need to verify the instance meets all prerequisites, has a public IP, and ensure the firewall isn’t blocking access.
Here, at Bobcares, we assist our customers with several AWS queries as part of our AWS Support Services.
Today, let us see how to fix this error.
Can’t Connect EC2 Instance to the Internet using an Internet Gateway
In this article, our Support Techs discuss each method to fix this error in detail.
Verify that the instance meets all prerequisites
The instance must meet the following conditions:
- The route table that associate with the instance’s subnet should have a default route to an internet gateway (0.0.0.0/0).
- The internet gateway that associate with the route should not delete.
- The security group that attaches to the instance’s elastic network interface has rules allowing outbound internet traffic (0.0.0.0/0) for the ports and protocols.
- The network ACL has rules that allow both outbound and inbound traffic to the internet.
Verify that the instance has a public IP address
Suppose, the instance doesn’t have a public IP address but has an internet gateway. In such a case, the instance isn’t accessible outside of the virtual private cloud that it resides in.
To allow the instance connectivity, we allocate an Elastic IP address and associate it with the instance.
Or, we can enable the public IPv4 addressing attribute in the subnet.
This means that instances we launch in the subnet attribute to public IP addresses at launch.
Verify that a firewall isn’t blocking access
If the instance issues persist, then we try the following:
- FSPTest the accessibility of the site or location from a known working instance or device using the ping or curl tools.
- FSPVerify that any firewall devices or software allow traffic over HTTP or HTTPS.
To verify that there aren’t rules blocking traffic, we run:
$ sudo iptables -L $ sudo iptables -L -t nat
Suppose it indicates blocked traffic. Then we remove the rule or add a rule to allow traffic for that specific port.
$ sudo iptables -D examplerule $ sudo iptables -A INPUT -p tcp --destination-port 80 -j ACCEPT
Here, we replace examplerule with the new rule and port 80 with the specific port number.
When it comes to Windows Server default firewalls, we run:
netsh advfirewall firewall show rule name=all
If the output indicates blocked traffic, then we remove the old rule or add a new rule to allow traffic for that specific port.
netsh advfirewall firewall add rule name="Open Port 80" dir=in action=allow protocol=TCP localport=80
Here, we replace port 80 with the specific port number.
[Need help with the fix? We are here for you]
In short, we saw how our Support Techs fix the ‘Can’t Connect EC2 Instance’ error.