Why am I unable to connect to a port on an EC2 Windows instance?

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
[Music] hi i'm ashish a cloud support engineer here at the aws office in bangalore today i'm going to show you why you might be unable to connect to a port on an amazon ec2 instance so let's get started the following are the most common reasons that can cause the issue the service that uses the port isn't running on the instance windows firewall is blocking traffic to the port a security group does not allow traffic on that port network access control list acls are blocking traffic incorrect routes are configured in the route table today i am going to show you how to check for these possible reasons and resolve them here i am taking an example of the iis service which by default listens on port 80. first let us see how to test that whether service using that port is running or not for this video i'm using a ec2 instance which is launched in a public subnet and has public ip assigned to it i already used rdp to connect into the instance i have internet information services iis set up on this instance so i'll directly go to iis manager next let's go to the localhost server and then go to view sites here we can see that status of our iis server is started and under bindings we can see that the service is running on port 80. i'll now use telnet from my client to connect to this instance on port 80. we can see that it's connecting now let's go back to the instance and stop the iis service from the iis manager and see what happens if i again use telnet from my client to connect to this instance on port 80 now it fails because the iis service running on this port is in stopped state let's start the service again we can see that using telnet to connect to the instance on port 80 is successful let's test the second possible reason that the windows firewall is not allowing traffic to the port let's go back to the instance and open windows defender firewall with advanced security we can see that the firewall status is enabled when we check the inbound rules we can see there is an inbound rule that enables connection on port 80. now i'll use telnet from my client to connect to this instance we can see that connection is successful let's again go to inbound rules under firewall on the instance and then disable this rule for now if i now try using telnet from my client machine to connect to this instance the connection fails this is because the rule that allows connection on port 80 from the os that is windows firewall is in disabled state let's enable this rule again from the firewall and then use telnet from my client machine to connect to this instance this time the connection succeeds this test proves that windows firewall must allow traffic to the instance on the port you are trying to establish connection on apart from these two scenarios also check for the anti-virus and security software that runs on the instance in most of the issues usually a third-party software can block the connection to the application running on that port you must allow the application or service in the anti-virus or security software and then test again now moving on to the console level checks if you have checked that the service is running on the port and then configured the firewall correctly but you still have the issue check the security group by following these steps select the instance on instance page and then look at the description tab the security groups list the security groups that are associated with the instance choose view inbound rules to display a list of the rules that are in effect for the instance we can see that port 80 is added under inbound rules if i go to terminal on my machine and try telling it from my client machine to connect to this instance the connection shows as successful let's return to the console and go to the security group from instance description tab in the details pane on the inbound tab choose edit now let's remove the rule allowing port 80. now if i go back to the terminal on my machine and use telnet from my client machine to connect to this instance the connection fails hence we can see that allowing inbound traffic under port 80 in security group is required to connect to the instance on that port next let's check whether network access control list knuckles are blocking the traffic to the port select the instance on instance page and look at the description tab go to subnet on the subnet page choose the associated knuckles check that the inbound and the outbound access to specific ports are allowed under rules we can see that currently there are two numbered rules one is rule 100 this rule allows traffic on all ports the other is asterisk this rule numbered with asterisk denies all the traffic from all ips on all ports rule number 100 has higher precedence over rule asterisk so currently all inbound traffic is allowed on the instance if i use telnet from my client machine to connect to the instance on port 80 the connection succeeds let's go back to the same page in the console and choose edit inbound rules again now let's remove the rule 100 choose save and let's test the connection we see that connection fails now i will add the rule again before doing the last test the last thing to check is the route table associated with the instance subnet to determine if there is an appropriate route let's consider a scenario where the route table associated with the subnet of the web server has no route to the internet gateway however the instance has the required port enabled in the security group knuckles and also has a public ip can i connect to the port on this instance from a machine using the public ip of the instance let's see so now if i check by going to route table associated with the instance subnet we can see that route to the internet gateway is added in the route table hence telnet to port 80 is successful next if i remove the internet gateway from the route table and use telnet from my client machine to connect to this instance on same port 80 we can see that the connection fails this is because now the correct route is missing in the route table associated with the subnet of the instance we have now looked at the following most common reasons that can cause this issue thanks for watching and happy cloud computing from all of us here at aws [Music]
Info
Channel: Amazon Web Services
Views: 56
Rating: 5 out of 5
Keywords: AWS, Amazon Web Services, Cloud, AWS Cloud, Cloud Computing, Amazon AWS, AWS Knowledge Center Videos, EC2 Windows
Id: jBz7uHcymmo
Channel Id: undefined
Length: 9min 15sec (555 seconds)
Published: Tue Oct 05 2021
Related Videos
Why am I getting Access Denied errors when accessing S3 objects encrypted by a custom AWS KMS key?
Amazon Web Services
102
(FREE) Easiest Way To Make your Own Font!
Viral Highlights
57K
Wiring a stranger $20K (no refunds) -- buying a tech company
Aaron Jack
5.2K
iOS 15 Settings You Need To Turn Off Now
Payette Forward
1.3M
AWS Customer Success Story: Algolia | Amazon Web Services
Amazon Web Services
93
Windows 11: The Good, the Bad & the Ugly
ExplainingComputers
365K
How to use Traefik (Part 1) - Introduction to Traefik
Eficode Praqma
33K
How can I grant a user in another AWS account access to upload objects to my Amazon S3 bucket?
Amazon Web Services
179
Kubernetes Tutorial for Beginners [FULL COURSE in 4 Hours]
TechWorld with Nana
2.1M
One of the Greatest Speeches Ever | Steve Jobs
Motivation Ark
10M
Dockerfile Tutorial by Example - ( Part I - Basics )
takacsmark
88K
AWS helps drive innovation and agility across all organisations in Indonesia | Amazon Web Services
Amazon Web Services
2.8M
The Ending Of Interstellar Finally Explained
Looper
7.3M
AWS Certified Cloud Practitioner Complete Video Course
TechTalks
60K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.