5

I am new to AWS and not a networking expert but curious to know more about it.

I created a VPC with a public subnet only. Then i created an EC2 instance using an Ubuntu 14.04 64-bit pv AMI image (ami-e84d8480) as well generating the key pair needed to connect to it through ssh.

I followed amazon's instructions to connect to an EC2 instance via ssh which did not work.

Here is my attempted input and debug log:

Running on OS X 10.9.4

user$ ssh -vvv -i key.pem [email protected] OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011 debug1: Reading configuration data /etc/ssh_config debug1: /etc/ssh_config line 20: Applying options for * debug1: /etc/ssh_config line 102: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to xxx.xxx.xxx.xxx [xxx.xxx.xxx.xxx] port 22. debug1: connect to address xxx.xxx.xxx.xxx port 22: Operation timed out ssh: connect to host xxx.xxx.xxx.xxx port 22: Operation timed out 

To attempt to resolve the issue:

  1. I enabled the SSH port.
  2. Tried different usernames other than ubuntu, like ec2-user and root.
  3. Initially set an inbound ssh rule in the security group to connect to only my ip address. When that did not work, i changed it to allow any ip to connect.

But those actions did not fix the problem.

Here are my guesses as to what i am missing in getting the EC2 instance connection to work.

  1. My etc/ssh_config file may be preventing the connection from taking place.
  2. I may have missed an important networking detail when setting up the VPC.
  3. I do not have a public ip address specified for the instance. I am connecting through the private ip address.

My questions for the community:

  1. Am i going about it the wrong way connecting to the instance through the private ip address? if so, do i need to specify a public ip address for it to connect or some other method?

2 Answers 2

1

After reading the VPC documentation more closely, my first EC2 instance is connected.

Here is what i got wrong when setting up the EC2 instance and VPC.

With only a private ip, my development machine would never be able to connect to the EC2 instance unless it was a part of the VPC's network. So to talk to it from the outside, I needed to specify that for every instance created that an associated public ip address be assigned as well.

Here is what did to fix it:

  1. Correct me if i am wrong, but it looks like there was not an option in the EC2 browser console to assign a public ip address to the already created instance, So i ended up deleting it.

  2. I want back to the VPC console, and went to the subnets option. I then selected the public subnet that was initially created in the VPC wizard and specified in the "Modify Auto-Assign Public IP" option to enable the auto-assignment of a public ip address for every new EC2 instance created.

  3. Create a new EC2 instance, and a new public ip address is assigned.

  4. Followed amazon's directions for ssh and communication was successfully initiated.

0

It's possible that instead of using the option to setup a public IP address when creating the instance you could have created what Amazon calls an "Elastic IP" which is remarkably like a public IP address that you manually associate with your EC2 instance.

The thing that makes it different is that like everything else in EC2 it's kind of "modular". You can associate it with one box and then later swap it to another. Also, it persists beyond the life of any particular EC2 instance you have, whereas I suspect the Public IP addresses you've got assigned at creation go away if you shut down the instance.

There is some potential difference in the pricing if you choose to use an Elastic IP, see Amazon's Pricing page.

I found that setting one up and using it as the DNS Record IP worked better than using the public IP assigned by Amazon.

2
  • Thanks for the additional insight Kate. I have heard about the Elastic IPs but most online articles i have read about on the subject recommended using NAT as each AWS account is limited to 5 Elastic IPs. Correct me if i am wrong, But does an AWS account get charged for having created Elastic IPs that not are associated with a particular EC2 instance? Being a persistence ip address that survives instances, what are some use cases for having that ability of the Elastic IP address? I am getting my head used to the idea that servers on the cloud are ephemeral. Commented Aug 23, 2014 at 14:54
  • You're welcome. As far as I know, if you choose to retain a dissociated elastic IP Amazon will charge you for it. I don't know offhand how much. The primary use case for elastic IP is to allow you to have a stable IP address to use when working with your Amazon boxen. The public IP that you get by default is a 'temporary' (dynamic) IP that, if the box goes down for any reason, can change. The result being that any hard-coded links you may have to that box will suddenly be invalid. Also, should you have some reason to spin up another instance, an elastic IP can be useful in restoring access. Commented Aug 25, 2014 at 14:01

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.