Home > Net >  AWS - Connection refuse only ec2.us-east-1.amazonaws.com, but any other region works
AWS - Connection refuse only ec2.us-east-1.amazonaws.com, but any other region works

Time:03-11

All my ec2 instances are in us-east-1. All are managed by the system manager, except one (a pfsense machine).

When I try to give a "curl" command from any machine to "https://ec2.us-east-1.amazonaws.com" I get a "connection refused - timeout".

If I curl to "https://ec2.us-west-2.amazonaws.com" (or any other region) it works.

When I do the same operation from my pfsense machine curl works correctly.

I've already created new instances in the same subnet as my pfsense machine, same security group too and it still doesn't work.

As the connection to ec2.us-east-1.amazonaws.com doesn't work I'm having problems with my EKS. As a palliative I had to change the /etc/hosts of the machines, with this it works, but this is horrible.

Has anyone had this kind of problem?

CodePudding user response:

It looks like the EC2 endpoint for us-east-1 is being DNS-resolved to an IP address (172.26.1.74) that is inside your VPC. The other regional EC2 endpoints are resolving to their usual public IPs (e.g. us-west-2 resolving to 52.94.214.8).

That suggests that you are using VPC Endpoints, specifically for access to the EC2 service. That is what causes DNS to resolve ec2.us-east-1.amazonaws.com to a 172 address inside your VPC (it's actually the IP address associated with the VPC Endpoint).

So, review and correct your VPC Endpoint policy to allow the relevant traffic.

  • Related