We Keep Coding

Connection failure using EC2 Instance Connect (browser-based SSH connection)

Launching an AWS EC2 instance seems quite straightforward although when it comes to connecting to the newly launched instance things get sticky. The process for connecting to an instance proposed by such a tech giant is very counter-intuitive.
As a short reminder I should add that an "instance" is technically a virtual machine running on Amazon's Elastic Compute Cloud (EC2), for more info one could have a look at this link.
The ec2 instance referred to in this discussion is Ubuntu Server 20.04 LTS (HVM).
The instruction for working with EC2 Linux instances is given here.
AWS EC2 proposes three different ways of connecting to an instance:
EC2 Instance connect (browser-based SSH connection),
Session Manager
SSH Client
Now with regard to connecting to the above-mentioned instance there are only certain connections that establish correctly and the rest of the proposed methods fail, here is the list of connection successes and failures :
Ubuntu instance, security group source "Custom=0.0.0.0/0", Connection establishes using both EC2 Instance Connect (browser-based SSH connection) and SSH client.
Ubuntu instance, security group source "My IP=$IP", Connection establishes only using SSH client (terminal on Ubuntu and PuTTY on windows) and not using EC2 instance connect.
Both above cases have been tried on Ubuntu 20.04 and Windows 10 as local machine and the problem remains similar on both machines. I went through most of the failure cases discussed in the troubleshooting documents proposed here and verified them on my instance. Yet the problem persists. I should also add that I never tried "session manager" connection method although opening its tab already would give some info about "not installed" agents and features.
Any idea regarding this problem? Somebody out there facing the same issue?

From Docs
(Amazon EC2 console browser-based client) We recommend that your instance allows inbound SSH traffic from the recommended IP block published for the service.
Reason for this -> EC2 Instance Connect works by making an HTTPS connection between your web browser and the backend EC2 Instance Connect service on aws. Then, EC2 Instance Connect establishes a "mostly normal" SSH connection to the target instance in other words the request is going from backend ec2 instance connect and not your browser that is why it needs IP address from accepted ranges of that region .
Browser based EC2 Instance Connect uses specific IP ranges for browser-based SSH connections to your instance. These IP ranges differ between AWS Regions. To find the AWS IP address range for EC2 Instance Connect in a specific Region, use the following( just replace your region with your region) ( for Linux required curl and jq as prerequisite)
curl -s https://ip-ranges.amazonaws.com/ip-ranges.json| jq -r '.prefixes[] | select(.region=="Your region") | select(.service=="EC2_INSTANCE_CONNECT") | .ip_prefix'
whatever the value is returned just add up to your security rule and it will work.
Ubuntu instance, security group source "Custom=0.0.0.0/0", Connection establishes using both EC2 Instance Connect (browser-based SSH connection) and SSH client.
this works because 0.0.0.0/0 allows connection from all the IP ranges( which includes your region IP too).
for more details try reading this troubleshoot

How do I connect to EC2 instance in AWS?

I am trying to connect to an EC2 instance with the key. But I get an error saying
No supported authentication methods available (the server sent: public key")
In the command window I get:
Using username "ec2-user"
Server refused our key
. Please help me

I will try to help! Suppose you are trying to connect using the PuTTY SSH client on your local machine. (Connecting with an FTP client like WinSCP is very similar).
Short answer: You need to let PuTTY know your ec2user IP address and associate the private key of the EC2 instance with the PuTTY session. On the AWS side you need to create a security group that allows inbound access from your IP address to your EC2 instance for SSH on port 22.
__
Long answer 😊:
Go to your EC2 page and click [CONNECT]
[]1
Copy the ec2User IP address to PuTTY.
When you created the EC2 instance, you were prompted to download the public/private key pair. You need that private key. If you don’t have that file, things are more complicated. (See Change key pair for ec2 instance).
But hopefully, you can find the private PuTTY Private Key file downloaded on your local machine:
Save the session. PuTTY should be all set up now.
Now on the AWS side, you need to make a new security Group:
Create the group and ADD an Inbound Rule:
Go back to EC2 and add security group to EC2.
In the dialog that pops up, check the security group that you just created for PuTTY remote access and click [Assign Security Groups]
Now give it a try!
I hope this works for you like it does for me.
ONE FINAL TIP: Make sure that you associate an Elastic IP address to the instance. Otherwise, this connection might stop working when someday you reboot your EC2. The elastic IP pins it down.

Verify that you are connecting with the appropriate user name for your AMI. Type the user name in User name in the PuTTY Configuration window.
The appropriate user names are as follows:
For Amazon Linux 2 or the Amazon Linux AMI, the user name is ec2-user.
For a CentOS AMI, the user name is centos.
For a Debian AMI, the user name is admin or root.
For a Fedora AMI, the user name is ec2-user or fedora.
For a RHEL AMI, the user name is ec2-user or root.
For a SUSE AMI, the user name is ec2-user or root.
For an Ubuntu AMI, the user name is ubuntu.
Otherwise, if ec2-user and root don't work, check with the AMI provider.
You should also verify that your private key (.pem) file has been correctly converted to the format recognized by PuTTY (.ppk).

Unable to access portal using IP address from Amazon EC2 windows instance

I deployed a Liferay portal on Amazon EC2 windows instance how to access that on client browsers, as I am trying using public IP address but it is giving message it can't be reached.

In order:
Make sure the service is working (telnet locally on 127.0.0.1 8080)
Make sure your instance has a public IP address
Modify the local instance firewall to allow traffic on 8080 (or disable the local firewall)
4.Configure the instance's security group to allow traffic on 8080
If all of above conditions are met, then it MUST work :)

There Few Things Which You Can Check and I think Can be Issue for Windows EC2 Instance.
1) Allow Specific Port In Security Group in AWS .
2) Then You Must allow that port in Windows Firewall ( Create a Rule )
Refer : https://technet.microsoft.com/en-us/library/cc753558.aspx

Unable to connect MySQL Workbench to RDS instance

Am following this tutorial
http://thoughtsandideas.wordpress.com/2012/05/17/monitoring-and-managing-amazon-rds-databases-using-mysql-workbench/
I am not able to Test DB Connection while creating new server instance to connect to the RDS database.
It says Bad_Authentication[allowed_types=public_key], i have a tried different .pem files and have done through a lot of forums.
I have also allowed access to my IP in the DB SecurityGroups for RDS and the Security Groups for EC2.
Please help me out. Thanks.

This worked for me. Assuming you have logged into AWS:
Go to RDS -> Databases -> Select your database
Make sure the Public Accessibility value is Yes
Check your IP address using http://checkip.amazonaws.com/. If it is not added to the Security Rule Groups, you should add it. this step is crucial
3.1. Click on the rule name. This will open up a new tab, then click in the name of the rule.
3.2. Click on Edit inbound rules
3.3. Click on Add new rule, and add a rule with the following values:
Type: MYSQL/Aurora.
Protocol: TCP (default)
Port range: 3306 (default)
Source: My IP -> This will be the IP Address you got at http://checkip.amazonaws.com/.
Fill information in MySQL Workbench
Hostname: Use the value you have for Endpoint at Connectivity and Security
Port: Use the value you have for Port at Connectivity and Security, by default it is 3306.
Username: Use the value you have for master username at Configuration
Password: Use the value you set when you created the database instance.
If you forgot the password, you can change it by clicking on Modify in your database instance)
I hope this also helps you.

In my scenario the problem was simple
I had to enable 3306 port for MYSQL in the related Security group in RDS > db instance section.

For RDS no need to use ssh. You can directly connect the RDS with MySql workbench.
Follow the following steps-
Make sure that in Security Group you should have provide access for MYSQL
Open MySQL workbench and setup New Connection.
Provide a Connection Name.
Connection Method is set to Standard (TCP/IP)
In the HostName provide your RDS end point
Port is 3306
Enter the username what you have given in the RDS.
Test Connection, and provide the password.
That's it.
For Reference GoTo This Link

If you are not using EC2 Instance to connect with RDS DB Instance then DB Instance should have public access to connect.
While launching DB Instance you need to set Publicly Accessible to yes. You will get Public IP to connect from outside network. That means outside of VPC.
You need to launch DB Instance in Public Subnet which has directly access to Internet. To check Subnet has Internet access, you need to check Route Table which was attached with the subnet. In Route table, check Internet Gateway is attached to the subnet.
You don't need to SSH into DB Instance. Though the option is not available also.
In MySQL WorkBench, click on Setup New Connection.
Give connection name. Choose Standard (TCP/IP) option. You are not trying to connect DB Instance over EC2 Instance so the option with SSH with not work out in this case. You have to provide MySQL hostname, username, password and port.
To verify connection, click on Test Connection button.
If you want to use EC2 Instance and connect DB Instance over EC2 Instance, you have to use Standard (TCP/IP) over SSH option. Check the following link
What would prevent me from connecting to a MySQL server on AWS RDS from an AWS EC2 VM?

I had the same issue. I think you need to enable inbound traffic to the VPC. Follow the below article and you'll be fine. Default VPC is not allowing users to access 3306 by default and you need to allow traffic.
RDS and MySQL Connectivity

Make sure Public accessibility should be yes.
Also, Inside security Group section, click on the security link and then add a new rule under inbound rule section which will whitelist your IP address with the below data :
Type: MYSQL/Aurora.
Protocol: TCP (default)
Port range: 3306 (default)
Source: My IP -> This will be the IP Address you got at http://checkip.amazonaws.com/.
Hope this will help to connect with AWS RDS successfully. Thanks!

Based on the details in your question, it seems that you are trying to SSH into the RDS instance. This is not supported on RDS, it only works for EC2 based MySQL servers.
You should instead connect directly to the MySQL server, on port 3306 (or the one you set manually, if this is the case) and using the username and password you created when provisioning the RDS instance. This means using the Connection Type "Standard TCP/IP" in WB.
Also, the public IP address of the machine you're using MySQL Workbench on should be allowed in the RDS security group.

Even I had the same issue, like after trying all the things out there. A thing worked is modifying the RDS database and making it publically accessible. That sorted things out.

All of the other answers are extremely helpful to debug the connection process but for me the literal fix was to not put in the password into the keychain when initializing the MySQL Connections. Instead, I pressed Test and put in the password when prompted to do so. Running on macOS Monterey V.12.3.1 with a MBP M1, 2020

Unable to RDP to EC2 instance

I created a VM using Hyper-V on my local machine which I can RDP onto fine. I exported the VHDX to VHD and then uploaded it to AWS via the API.
This created a new EC2 instance for me but I cannot connect to it as it has no security keypair associated.
Thus I created a private AMI from the instance and re-instantiated a new EC2 instance from this AMI, setting the keypair in the process to ensure HTTP, RDP etc are permitted. The EC2 instance is running, but when I download teh RDP shortcut if fails to connect. I've tried rebooting the instance several times (as this was one of the suggested solutions on here when I searched) but it hasn't helped.
I also cannot ping any of these instances via the public DNS or private DNS.
Any idea what I'm doing wrong? I'm not even getting as far as the password prompt, its the connectivity is the problem.
Thanks

I had a similar problem - this is the tip from the AWS documentation that helped me solve it:
Verify that the route table for the subnet has a route that sends all traffic
destined outside the VPC (0.0.0.0/0) to the Internet gateway for the VPC
Additional debugging tips for this problem can be found here: Remote Desktop can't connect to the remote computer

The problem is probably the security group configuration attached to the instance. Make sure you have inbound TCP port 3389 permitted to be able to connect via RDP.

in username type:
.\Administrator
....and your decrypted password
See, this is local user. but you dont know real local hostname, that different from public DNS name.
Was helpful for me, hope for you too.

My guess for the reason you aren't getting anywhere has to do with the host certificates.
Be mindful that each computer connecting to the server via RDP needs to have an IAM user in AWS with an X.509 certificate uploaded to their account.
When importing or creating a windows AMI it is best to install and configure the EC2Config service.
The EC2 Config service does the following when you launch the instance:
At initial setup:
Sets the hostname to the private DNS name
Generates and sets a random password on the Administrator account
Initializes and formats the ephemeral disks
Generates and installs the host certificate used for Terminal
Services
Syncs the instance clock with a time server
After initial setup:
Writes the last three entries in the System event log to the Amazon
EC2 console so you can debug startup problems.
Prepares instances for bundling
Also, by default, security groups do not allow you to ping the instances. You must enable ICMP in the security group.
Hope that helps.
EDIT: Here is the link to the 64bit version of the EC2Config Installer

I also had the same problem. This is what I got from EC2.
Public DNS ec2-23-22-109-251.compute-1.amazonaws.com
User name Administrator
Password MyPassword
On the remote desktop, enter the domain and user name as
ec2-23-22-109-251\Administrator
If you paste the password is may not work, try to paste it but reenter the last 1 or 2 characters. Once you get the security certificate prompt accept/install it and your connection should open soon.

This is what worked for me:
Use your cell phone as a "hot spot" - which gives you a static IP address. That worked. Now, I'll need to contact my Internet provider to assign a static IP to my wireless router. Currently, it is spitting out DHCP IP addresses.
UPDATE:
12.7.2016
You need to go to the Security Group, select the Instance, then EDIT the RDP. If you click "MyIP" that should work for those of us working from home. If you are onsite, you may need to put in a custom CIDR.

After rebooting an EC2 instance, I found that I needed to reassociate the Elastic IP address associated with the instance. You click the button below then select the instance and private instance IP address when prompted.
RDP access worked after this step.

After patching Windows 2019 on my server, I couldn't access the instance anymore despite all my working settings didn't change. I used EC2Rescue to fix my issue
Please refer to the link below for details on how to use it: https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/troubleshoot-connect-windows-instance.html#AWSSupport-ExecuteEC2Rescue