Why can't I ping my freshly set up amazon web service EC2 instance?

Question

I was following this tut on how to set up a EC2 instance on Ubuntu but qhen trying to execute ssh command on my IP address, I had an operation Timeout.

So I tried to ping it but no chance neither. got Request timeout

Any idea what to do to make it working ? Status is green on my dashboard.

Thanks !

score 24 · Accepted Answer · answered May 29 '13 at 17:24

24

AWS security groups block ICMP (including ping, traceroute, etc.) by default. You need to explicitly enable it.

answered May 29 '13 at 17:24

ceejayoz

32,469
7
81
105

2

Does it usually take time for ping to work after I make this change? Coz, I made the change and tried to ping again but I am getting the timeout again! – Raj Pawan Gumdal Feb 23 '15 at 09:14
How does one do this? – Startec Jul 21 '16 at 18:55
2

@Startec Scroll down to Claudio Henrique da Silva's answer. It's in the security group settings. – ceejayoz Jul 21 '16 at 19:01
@RajPawanGumdal i am also having the same issue as I could not still ping the server – Arjun K P Jul 01 '18 at 19:43

score 21 · Answer 2 · answered May 29 '13 at 17:40

21

You need to add a rule to the security group of your server:

In EC2 Dashboard, on "Security Groups", select the group of your instance, click on the "Inbound" tab, select "Custom ICMP rule" in the Type field select "Echo Request" and click "Add Rule".

answered May 29 '13 at 17:40

Claudio Henrique da Silva

311
1
2

score 18 · Answer 3 · edited Apr 10 '19 at 18:19

18

What you need to do is that you need to add a rule to the security group. Steps Given below.

Go to EC2 Dashboard and click "Running Instances"
on "Security Groups", select the group of your instance which you need to add security.
click on the "Inbound" tab
Click "Edit" Button (It will open an popup window)
click "Add Rule"
Select the "Custom ICMP rule - IPv4" as Type
Select "Echo Request" as the Protocol (Port Range by default show as "N/A)
Enter the "0.0.0.0/0" as Source
Click "Save"

This will add the new entry. Once above configuration is done, you should be able to ping your freshly set up amazon web service EC2 instance.

edited Apr 10 '19 at 18:19

Community

1

answered May 04 '17 at 10:35

kds

281
2
3

Select "Echo Request" as the Protocol (Port Range by default show as "N/A) I had to select Echo Reply also to make it work – vincent mathew Jun 14 '18 at 21:14
In case *Select "Echo Request" and "Echo Response"* is unclear for anyone (like me): you have to make two entries, one for *Echo Request* and one for *Echo Response* – LinusGeffarth Apr 02 '19 at 14:10
3

This still doesn't work for me either, even after adding both rules for Echo Request and Echo Response. Any other suggestions? – user26270 Oct 31 '19 at 11:16

score 5 · Answer 4 · answered May 29 '13 at 17:48

5

In security group from AWS console you need to allow port 22 and by default ICMP is blocked on AWS , so if you want to enable ping you need to allow ICMP too.

answered May 29 '13 at 17:48

Abhishek Anand Amralkar

1,949
12
16

Junaid · Answer 5 · 2019-07-09T16:07:24.057

If you want to allow ICMP using AWS CLI, here you go:

$ # Create a security group
$ aws ec2 create-security-group --group-name icmp-sg-1 --description 'icmp security group'

$ # Modify sec group to allow ICMP from everywhere
$ aws ec2 authorize-security-group-ingress --group-id <sg-id of icmp-sg-1> --protocol icmp --port -1 --cidr 0.0.0.0/0

$ # Now attach the sec group to a new/existing instance

It is to be noted that --port refers to ICMP type. Ref: http://docs.aws.amazon.com/cli/latest/reference/ec2/authorize-security-group-ingress.html

Why can't I ping my freshly set up amazon web service EC2 instance?

5 Answers5

Linked