I've spend my whole evening on this. guess it is just I missed a stupid step. Here is the procedure I followed:
Then I can see the instance is running well with elastic IP attached. I tried to connect to the ip address with ssh ssh -vvv -i./aws_private.pem ec2-user@ipaddress
and got below failure
OpenSSH_8.1p1, LibreSSL 2.7.3
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 47: Applying options for *
debug2: resolve_canonicalize: hostname <elastic ipaddress> is address
debug2: ssh_connect_direct
debug1: Connecting to <elastic ipaddress> [<elastic ipaddress>] port 22.
debug1: connect to address <elastic ipaddress> port 22: Operation timed out
ssh: connect to host <elastic ipaddress> port 22: Operation timed out
I verified the ACL and Security group. Those are my only ACL and Security Group. I'm using a Mac. And also tried with a windows OS as well as aws cloud shell in the same region. All of them have the same error. telnet <elastic ip> 22
fails as well. what did I do wrong?
You forgot one thing.
Security Groups
You need to allow SSH connection to your instance port 22. to do this add below rule to your Ec2 instance's security group.
Protocol - TCP, type- SSH , port -22, source - 0.0.0.0/0
Actually, you dont need to edit ACL, as those by default allow access to everything.
but you need to add rules to Security Groups as by default it Not allows any connection
In general, NACL rules should not be changed from default unless you have a very specific requirement (eg creating a DMZ).
NACLs are stateless , which means that they need to be specified in both directions . I recommend that you reset the NACLs back to their default setting of "Allow All" for both Inbound and Outbound, and then only use Security Groups for controlling access.
The flow of the connection will be:
turned out it was zscaler on my Mac somehow changes my ip address and messed up the communication between my Mac and aws.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.