Fix AWS EC2 Instance Not Reachable - Complete Troubleshooting Guide

# AWS EC2 Instance Not Reachable

Common Error Patterns

When an EC2 instance becomes unreachable, you may encounter:

bash

ssh: connect to host 10.0.1.100 port 22: Connection timed out

bash

ping: cannot resolve 10.0.1.100: Unknown host

bash

Connection refused when connecting via SSH

Root Causes

1. Security Group Misconfiguration

The most common cause is incorrect security group rules.

Solution:

1.Navigate to EC2 Console > Security Groups
2.Select the security group attached to your instance
3.Verify inbound rules allow traffic on required ports:

bash

# Check security group rules via AWS CLI
aws ec2 describe-security-groups --group-ids sg-0123456789abcdef0

For SSH access, ensure: - Port 22 is open - Source is set to your IP or appropriate CIDR (e.g., 203.0.113.0/24) - Protocol is TCP

2. Network ACL Blocking Traffic

Network ACLs are stateless and can block return traffic.

Solution:

1.Navigate to VPC Console > Network ACLs
2.Check both inbound and outbound rules
3.Ensure ephemeral ports (1024-65535) are allowed for return traffic

bash

# List NACL rules
aws ec2 describe-network-acls --nacl-ids acl-0123456789abcdef0

3. Instance State Issues

The instance may be in a failed state or still initializing.

Solution:

```bash # Check instance status aws ec2 describe-instance-status --instance-ids i-0123456789abcdef0

# Check instance state aws ec2 describe-instances --instance-ids i-0123456789abcdef0 \ --query 'Reservations[*].Instances[*].State.Name' ```

4. Route Table Misconfiguration

The subnet's route table may lack internet gateway routes.

Solution:

1.Identify the instance's subnet
2.Check the associated route table
3.Ensure route to 0.0.0.0/0 targets an Internet Gateway

bash

# Find route table for subnet
aws ec2 describe-route-tables \
  --filters Name=association.subnet-id,Values=subnet-0123456789abcdef0

5. Public IP Not Assigned

The instance may lack a public IP address.

Solution:

bash

# Allocate and associate Elastic IP
aws ec2 allocate-address --domain vpc
aws ec2 associate-address --instance-id i-0123456789abcdef0 --allocation-id eipalloc-0123456789abcdef0

Quick Diagnostic Checklist

Check	Command
Instance running?	`aws ec2 describe-instances`
Security group rules?	`aws ec2 describe-security-groups`
NACL rules?	`aws ec2 describe-network-acls`
Route table?	`aws ec2 describe-route-tables`
Public IP assigned?	Check instance details

Prevention Tips

1.Use AWS Systems Manager Session Manager for SSH-free access
2.Implement infrastructure as code for reproducible security configurations
3.Set up CloudWatch alarms for instance status checks
4.Document security group rules with descriptions

[AWS Security Group Best Practices](#)
[Troubleshooting VPC Connectivity](#)
[AWS IAM Permission Denied](#)

AWS EC2 Instance Not Reachable

Common Error Patterns

Root Causes

1. Security Group Misconfiguration

2. Network ACL Blocking Traffic

3. Instance State Issues

4. Route Table Misconfiguration

5. Public IP Not Assigned

Quick Diagnostic Checklist

Prevention Tips

Related Articles

Share this guide

More AWS Troubleshooting Guides

AWS DynamoDB Contributor Insights Not Showing

AWS DynamoDB DAX Cache Miss

AWS DynamoDB Global Table Replication Lag

AWS Step Functions Workflow Stuck Waiting

AWS Step Functions Execution Throttled

AWS EventBridge Pipe Source Error