Home > other >  Cannot connect to EC2 via SSH | AWS Cloudformation Template
Cannot connect to EC2 via SSH | AWS Cloudformation Template

Time:12-31

I have the following CloudFormation template that I use to create an EC2 instance in a single public subnet in a single availability zone. I have attach the internet gateway to the VPC and created ingress and egress routes to allow SSH connection to the EC2 instance.

Below is my CF template

AWSTemplateFormatVersion: "2010-09-09"
Description: "CF template for test website. v1.0.0. DEV Env"
Metadata:
  Instances: 
    Description: "This is the dev environment architecture. Use the dev settings when setting up this environment"
Parameters:
  ECommKeyPair:
    Type: AWS::EC2::KeyPair::KeyName
    Description: Select the dev key pair for the region
Resources:
  DevEnvInternetGateway:
    Type: AWS::EC2::InternetGateway
    Properties:
      Tags:
        - Key: Environment
          Value: Dev
        - Key: WebsiteName
          Value: test
  DevEnvVpc:
    Type: AWS::EC2::VPC
    Properties:
      CidrBlock: 10.0.1.1/16
      EnableDnsHostnames: 'true'
      EnableDnsSupport: 'true'
      Tags:
        - Key: Environment
          Value: Dev
        - Key: WebsiteName
          Value: test
  DevEnvVpcIgwAttachment:
    Type: AWS::EC2::VPCGatewayAttachment
    Properties:
      VpcId:
        Ref: DevEnvVpc
      InternetGatewayId:
        Ref: DevEnvInternetGateway
  DevEnvPublicSubnet:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId:
        Ref: DevEnvVpc
      CidrBlock: 10.0.1.1/16
      AvailabilityZone: "us-west-2a"
      MapPublicIpOnLaunch: 'true'
      Tags:
        - Key: Environment
          Value: Dev
        - Key: WebsiteName
          Value: test
  DevEnvSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Allow all inbound (ingress) and outbound (egress) traffic for port 22
      GroupName: test-website-sec-group
      VpcId:
        Ref: DevEnvVpc
      SecurityGroupIngress:
        - CidrIp: 0.0.0.0/0
          Description: allow all inbound traffic
          IpProtocol: tcp
          FromPort: 22
          ToPort: 22
      SecurityGroupEgress:
        - CidrIp: 0.0.0.0/0
          Description: allow all outbound traffic
          IpProtocol: tcp
          FromPort: 22
          ToPort: 22
      Tags:
        - Key: Environment
          Value: Dev
        - Key: WebsiteName
          Value: test
  DevEnvRouteTable:
    Type: AWS::EC2::RouteTable
    Properties:
      VpcId:
        Ref: DevEnvVpc
      Tags:
        - Key: Environment
          Value: Dev
        - Key: WebsiteName
          Value: test
  DevEnvRoute:
    Type: AWS::EC2::Route
    Properties:
      DestinationCidrBlock: 0.0.0.0/0
      GatewayId:
        Ref: DevEnvInternetGateway
      RouteTableId:
        Ref: DevEnvRouteTable
  DevEnvEc2Instance:
    Type: AWS::EC2::Instance
    Properties:
      InstanceType: t2.micro
      ImageId: ami-00f7e5c52c0f43726
      AvailabilityZone: "us-west-2a"
      KeyName:
        Ref: ECommKeyPair
      SecurityGroupIds:
        - !GetAtt "DevEnvSecurityGroup.GroupId"
      SubnetId:
        Ref: DevEnvPublicSubnet
      BlockDeviceMappings:
        - DeviceName: /dev/xvda
          Ebs:
            VolumeSize: 20
            VolumeType: gp2
      Tags:
        - Key: Environment
          Value: Dev
        - Key: WebsiteName
          Value: test

I am using Putty to connect to the EC2 instance with the private key file(ppk) that I associated with the EC2 instance. When tried to connect to instance with Putty, it is receiving the "Network error: Connection timed out" error message.

Putty error message

I even cannot connect to the instance using the AWS inbuilt "EC2 Instance Connect" through the web browser as well.

Greatly appreciate if you could point out to me the issue in my CF template.

CodePudding user response:

You forgot to create AWS::EC2::SubnetRouteTableAssociation:

  DevRouteAssos:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      RouteTableId: !Ref DevEnvRouteTable
      SubnetId: !Ref DevEnvPublicSubnet
  • Related