[EC2] I can't connect to EC2 from the AWS Management Console (web browser).

Print

Issue 

  • Unable to connect to EC2 via AWS Console in a web browser

  • Connection via SSH Client works fine

  • When Security Group is set to allow all for SSH, connection is possible, but the IP is not the user’s own IP

Cause 

  • Browser-based SSH connections use the EC2 Instance Connect service to redirect access to your instance.
    [Your PC] ---<TCP/443>---> [AWS Web Console: EC2 Instance Connect] ----<TCP/22>---> [EC2 Instance] 

Solution 

It is recommended to allow inbound SSH traffic from the published IP blocks for service use (Amazon EC2 console browser-based client). Use the EC2_INSTANCE_CONNECT filter for the service parameter to obtain the IP address ranges used by EC2 Instance Connect.
For more information, refer to the “AWS IP address ranges” section of the Amazon Web Services General Reference.

  •  The AWS IP used in the Korea region can be identified using the following command, and the identified CIDR should be entered in the "Source" field of the Security Group for SSH connection: 

    $ curl -s https://ip-ranges.amazonaws.com/ip-ranges.json | jq -r '.prefixes[] | select(.region=="ap-northeast-2") | select(.service=="EC2_INSTANCE_CONNECT") | .ip_prefix'
    
    13.209.1.56/29

     

  • You can verify that the client IP (FROM) checked with the w command is included in the above CIDR. 

  • Reference 

此回答是否有所帮助?

Send feedback
抱歉没能帮到您。欢迎您给出反馈以帮助我们改善本文档。