Understanding how to handle network connectivity issues is the top most practical skill to have while dealing with AWS. It’s almost certain that at some point along your cloud journey, irrespective of whether you’re a Developer, SysOps Engineer, or a Solutions Architect, network connectivity problems may arise. The ability to swiftly recognize and resolve network connectivity problems is an important expertise that will help you in advancing in your career.
Common Network Problem in AWS Deployments
Before we move on to troubleshooting network connectivity, let’s go through some of the most common network problems on AWS.
- Users are unable to access the online app.
- Could not establish an SSH connection to an EC2 instance.
- An app environment on an EC2 instance is unable to establish a connection with the RDS server.
While these are just a few common connectivity problems, they reflect some frequently noticed correlations, and you might find that additional problems also resemble these patterns. Let’s move on to troubleshooting these problems.
Users Are Unable to Access the Online App
You can use a port check to determine whether connectivity is functioning or not.
Below are some frequent explanations that could apply if the port check was affirmative.
- Your app is perhaps experiencing problems. One possibility is that the application platform is down or experiencing other problems. Therefore, look for any probable faults in the application logs.
- If you are utilizing a load balancer, examine the server health within that load balancer configuration to make sure the app is using it to deliver traffic. The load balancer will only guide traffic flow to healthy servers; therefore, inspect the logs for any unhealthy instances that can be investigated further.
If the port check was unsuccessful, there could be a few explanations:
- Use of an invalid DNS name or IP address – make sure that a valid DNS name or IP address is being used in accessing the app.
- Invalid port usage – ensure your app is functioning on a standard web port (443 for HTTPS and 80 for HTTP).
- Wrong security group set up – Confirm the web tier resource(s) has been allocated to the right Security Group, and then check its entrance rules to make sure they allow connection to the right port.
Unable To Establish an SSH link To an EC2 Instance
If you are unable to Login into an EC2 server, you can test the connectivity by running a port check on the SSH port using the instance’s DNS name or IP address.
Even after a successful port check, if you were unable to log in through SSH, consider the option below:
- Invalid SSH user usage – While the ec2-user is frequently used, some AMIs utilize a distinct username. For instance, centos is the CentOS AMI’s default user.
There could be some other causes for connectivity issues if the port check was unsuccessful.
- The SSH access is being blocked by a firewall – Occasionally, the InfoSec corporate team may disable SSH access to publicly accessible IP addresses. This is usually done to prevent the possibility of hackers using an SSL weakness to access the business network. When making an SSH connection, you may usually perform some preliminary troubleshooting with this by selecting the verbose mode (-v or -VVV). If so, you will have to collaborate on the solution with your InfoSec team. If so, you will need to collaborate on the solution with your InfoSec team. Assigning an Elastic IP to your EC2 Server and requesting permission from them to let SSH access this IP address is a potential option. The OS firewall might be the source of another firewall problem if it is preventing SSH connectivity. You must either disable the firewall or change the configuration of the firewall to resolve the issue.
- Wrong security group set up – This is extremely common, specifically in manual installations, when the EC2 instance either lacks the required entrance control or hasn’t been allocated the Security Group that authorizes SSH connection. Review the entrance settings and Security Group configuration again. You should keep in mind that you can apply several access controls to an EC2 Server and that you can update the security group authorization after the Server has been created.
- Incorrect use of the EC2 instance’s public DNS name or IP address – this may result from an operator error or rebooting in which the EC2 instance’s public IP addresses and DNS name were modified. Now, if you give the Server an Elastic IP, it won’t change after rebooting. However, elastic IPs are pricey and often reserved for essential situations. Therefore, verify that the IP/DNS address is accurate.
An App Environment On An EC2 Instance Is Unable To Establish A Connection With The RDS Server
Again, a port check should be undertaken to troubleshoot this problem; and if it is successful, here’s what you can do:
- Using an erroneous RDS server port or name – Verify that the RDS instance port and name values in your app configuration are accurate.
In case the port check is unsuccessful, consider the following explanations:
- RDS server port or name is incorrect – verify the server port and name a second time to make sure they are accurate.
- Invalid Security Group settings – Verify that the RDS instance’s Security Group has the proper entrance controls to allow connection from the EC2 Server. This usually entails checking that the targeted (database) port and appropriate origin subnet (which is the EC2 network) are mentioned in the entrance control.
- Is the RDS server running? – Whenever the Server is not being used, this can help with cost management. For instance, turning off an RDS instance for development on the holidays. Verify to see if the RDS server is accessible.
Connectivity problems might be difficult to troubleshoot. Therefore, it is essential to invest some time and become familiar with some of these procedures and tools beforehand in order to be more equipped when problems emerge.
While we haven’t covered everything about troubleshooting network connectivity on AWS, we hope this article will help you understand some of the basic and most common connectivity problems when it comes to AWS deployment.
Further blogs within this Troubleshooting Network Connectivity On AWS category.