0

I've had a website running on an EC2 instance for a while now but it didn't have an Elastic IP so every time I had to reboot the server I had to change the Route53 records as well. After adding an EIP recently, the public IPv4 address has become unreachable from the internet. I couldn't figure out what was wrong with it so I eventually tried just disassociating the EIP from the instance for a temporary fix, but the new IPv4 was also unreachable. I've been able to SSH into the instance throughout this whole process, but not to ping it.

As per every suggestion I could find on the topic, it has just about maximally permissive settings:

The Security Group attached to the instance (and VPC) has inbound rules allowing HTTP/HTTPS traffic (and just for fun I've added an inbound All/All/0.0.0.0/0 rule as well).

The VPC's route table has two rules private-ip/16 -> local and 0.0.0.0/0 -> igw-internet-gateway-id.

The ACL associated with the VPC has the following inbound and outbound rules (same for both):

100 All traffic All All 0.0.0.0/0 Allow

* All traffic All All 0.0.0.0/0 Deny

I'm not sure what else to try at this point, I wouldn't have thought associating an EIP could mess up an instance's network settings so drastically. Any suggestions would be a huge help.

Mark B
  • 183,023
  • 24
  • 297
  • 295
Ulthran
  • 288
  • 2
  • 14
  • You do realize the IP will change when you attach an EIP right? The old public IP will no longer work, and you will have to use the EIP from that point forward. When you say you are able to SSH during this whole process, can you clarify if you are doing SSH directly to the instance's public or elastic IP? Or are you doing SSH from another resource inside the VPC to the instance's private IP? – Mark B Sep 13 '21 at 20:04
  • Thanks Mark. Yea I am using the current IP associated with the instance whenever I'm SSHing. So when the EIP is attached I SSH to that address. And this is from my own computer, nothing inside the VPC. And to clarify, I'm testing the internet-facing connection by just using the "open address" button next to the instances public IPv4 in the AWS console. – Ulthran Sep 13 '21 at 20:06
  • In that case the entire networking issue sounds like it is working fine. How can you say the server is unreachable if you are able to SSH into it? You actually haven't provided any information about what specifically isn't working. I'm guessing you have some web software running on there, and it may just need to be restarted to pick up the new server IP or something. – Mark B Sep 13 '21 at 20:08
  • Oh god that's annoying, I didn't even think to restart nginx. Thanks again, that's got it working. Still trying to get a handle on everything that goes wrong in serverland. – Ulthran Sep 13 '21 at 20:23

0 Answers0