Cannot RDP, Ping, etc to Amazon EC2 Instance

I've been trying to ping an Amazon EC2 Server on the Free Tier.

I created a:

Windows-2008-SP2-i386-Base-2012.01.12 (ami-fed396ac) Description: Microsoft Windows 2008 Datacenter 32-bit AMI provided by Amazon Status: available Platform: Windows Image size: 30 GB Visibility: Public Owner: amazon (206029621532)

and I just can't access to it. I've been trying to ping it, or RDP it, but every attermpt is unsuccessful. To do this I created a new security group called "Pingable" that basically allows ALL TCP, UDP and ICMP traffic to all IP addresses (0.0.0.0/0)(just to test why it wasn't working, but still unsuccessful).

Could you please provide some input on what have I done wrong? I reckon it's something small that I'm missing.

While doing tracert to the PublicDNS address, it hops 17 times successfully, reaches amazon, but then in amazon, after several hops gets lost...

edgarator

Posted 2012-02-14T06:58:31.013

Reputation: 123

Answers

ICMP Echo messages (Ping) are disabled by default on recent Windows versions, see Nobody Can Ping My Computer:

By default, Windows Firewall does not allow incoming ICMP Echo messages, and therefore the computer cannot send an ICMP Echo Reply in response.

The article explains how to add a new rule to address this via the Windows Firewall with Advanced Security snap-in as well, an alternate somewhat more concise approach is illustrated in Enable Ping in Windows Server Firewall?, or see Enable Ping in Windows 7 Firewall? for yet another approach.

The bigger problem is actually getting access to an EC2 instance via Remote Desktop (RDP) in the first place, which requires to retrieve the initial administrator password first, as properly explained in Connect to Your Windows Instance though.

That should be enough to get you going, for a more in-depth exploration you might want to look into the Windows on Amazon EC2 Security Guide.

Good luck!

PS: Don't forget to harden your security group again ;)

Steffen Opel

Posted 2012-02-14T06:58:31.013

Reputation: 2 755

I tried this morning, and just as that... it worked... I reckon it had something to do with the DNS within amazon... perhaps it took a while to propagate inbound traffic policies within the domain...

Thanks for your answer, it was comprehensive... :) – edgarator – 2012-02-15T00:22:54.080

If you want to ping among instances that are in the same security gruop you can add the following rule will work:

Type: All ICMP 
Protocol: TCP
Port range: 0 - 65535
Source: Anywhere - 0.0.0.0/0

After doing this you will be able to ping other instances. You should see something like:

PING 10.0.0.15 (10.0.0.15): 56 data bytes
64 bytes from 10.0.0.14: icmp_seq=1 ttl=64 time=3.9 ms
64 bytes from 10.0.0.14: icmp_seq=2 ttl=64 time=3.9 ms
64 bytes from 10.0.0.14: icmp_seq=3 ttl=64 time=10.6 ms
...
64 bytes from 10.0.0.14: icmp_seq=19 ttl=64 time=3.1 ms

--- 10.0.0.14 ping statistics ---
20 packets transmitted, 19 packets received, 5% packet loss round-trip min/avg/max = 3.0/9.9/59.7 ms

That´s it.

Laura Liparulo

Posted 2012-02-14T06:58:31.013

Reputation: 101