Why I cant access my new AWS EC2 instances?

Question

I am new to AWS Ec2. I just launch a instance, uploaded a test.php and test.html, both just display a "Hello world" text.

I copied my public DNS: ec2-XXX-XXX-XXX-XXX.compute.amazonaws.com

But it always has connection time out.

I managed to connect to the instance, I do a netstat, here is the result:

Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name   
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      -                   
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      -                   
tcp        0      0 :::22                       :::*                        LISTEN      -                   
udp        0      0 0.0.0.0:68                  0.0.0.0:*                               -                   
udp        0      0 XX.XXX.XXX.XX:123           0.0.0.0:*                               -                   
udp        0      0 127.0.0.1:123               0.0.0.0:*                               -                   
udp        0      0 0.0.0.0:123                 0.0.0.0:*                               -                   
udp        0      0 XXXX::XXXX:XXXX:XXX:123     :::*                                    -                   
udp        0      0 ::1:123                     :::*                                    -                   
udp        0      0 :::123                      :::*                                    -                                                 -

I cant see the port 80 which is for websvr, so i tried this:

ec2-authorize default -p 80

BUt it always required me to include the private key and cert, so I include them

ec2-authorize default -p 80 -K XXX.pem -C cert-XXX.pem

Then, it always said the cert failed to authenticate the SOAP.

Is it something wrong with my cert? (even though I request a new one, it still the same)

Or what should I do to enable to view my webpages (test.php or test.html)?

EDIT:

When I run : sudo tcpdump -pn port 80

Result:

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes

After open in webpage:

09:43:16.353743 IP XXX.XXX.X.XXX.4570 > XX.XXX.XXX.XX.http: Flags [S], seq 1XXXXXXXX6, win 8190, options [mss 1440], length 0
09:43:16.353779 IP XX.XXX.XXX.XX.http > XXX.XXX.X.XXX.4570: Flags [R.], seq 0, ack 1XXXXXXXX7, win 0, length 0
... etc

score 2 · Answer 1 · answered Feb 28 '11 at 09:21

2

The default is not allowed http connection to the instance:

open https://console.aws.amazon.com/ec2/
NETWORKING & SECURITY->Security Groups
select default
add rules to HTTP

answered Feb 28 '11 at 09:21

ooshro

10,874
1
31
31

I did. Here is my details for default, Security Group, HTTP:Connection method: HTTP, Protocol: tcp, from port:0, to port:0, source/ip: 0.0.0.0/0. Is my source/ip wrong?? – moderaga Feb 28 '11 at 09:25
Ok, then run "tcpdump -pn port 80" and open page. Output copy to question. – ooshro Feb 28 '11 at 09:27
where do I run the command? Terminal after connected to the instances(I use OSX)? It gives me this: -bash: tcpdump: command not found – moderaga Feb 28 '11 at 09:29
What the instances OS? – ooshro Feb 28 '11 at 09:31
Amazon Linux AMI Base 2010.11.1, EBS boot, 64-bit architecture with Amazon EC2 AMI Tools. I guess its Linux – moderaga Feb 28 '11 at 09:33
then use yum to install tcpdump: yum install tcpdump – ooshro Feb 28 '11 at 09:33
When I install, it says: Package 14:tcpdump-4.0.0-3.20090921gitdf3cb4.1.4.amzn1.x86_64 already installed and latest version. Then, I run exactly this command: tcpdump -pn port 80, it says: -bash: tcpdump: command not found. Am I missing something? Sorry, I am new to server stuff :( – moderaga Feb 28 '11 at 09:36
I browse the folder, and I use the commadnd, it gives me this: tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes – moderaga Feb 28 '11 at 09:41
Look like web server not run or iptables REJECT. add "netstat -an | grep \:80" and "iptables -nv -L" outputs. – ooshro Feb 28 '11 at 09:48
While I don't use amazon at all, I do find it weird that your to port is 0 instead of 80. – becomingwisest Mar 01 '11 at 04:03

score 0 · Accepted Answer · answered Mar 01 '11 at 00:46

I'm guessing you're connecting to the EC2 instance as ec2-user, as that is the default login for Amazon Linux AMI Base 2010.11.1. But to run the tcpdump command you need to use sudo.

sudo tcpdump ...

I am not familiar with with the tcpdump command so you will have to sort out the proper syntax on your own.

I may not be familiar with tcpdump, but I am familiar with the Amazon Linux AMI Base 2010.11.1, and based on your question I am wondering if you installed Apache, PHP, MySQL, etc? These programs are not included by default in Amazon's base AMI. You can run the following command to see all the packages installed.

yum list installed

Any programs you need installed that are not listed either need to be installed using yum, or compiled from the source.

sudo yum install <program_name_here>

For example, to install Apache 2.2 you can run:

sudo yum install httpd

Here are some good resources:

HowTo: Get started with Amazon EC2 api tools

AWS EC2 Getting Started Guide

Hope this all helps...

Why I cant access my new AWS EC2 instances?

2 Answers2