amazon-web-servicesamazon-ec2aws-cloudshell
Connecting to EC2 instance via CloudShell using its private IP
I am trying to connecting to an EC2 instance via CloudShell.
When I use its public IPv4 DNS it works but when I use its private IP I get the following message:
connect to host 172.xx.xx.xxx port 22: No route to host
The goal is to dissociate the public ip to save the cost.
The instructions provided are clear:
What am I missing?
LOGS
OpenSSH_8.7p1, OpenSSL 3.0.8 7 Feb 2023
debug1: Reading configuration data /etc/ssh/ssh_config
debug3: /etc/ssh/ssh_config line 55: Including file /etc/ssh/ssh_config.d/50-redhat.conf depth 0
debug1: Reading configuration data /etc/ssh/ssh_config.d/50-redhat.conf
debug2: checking match for 'final all' host 172.xx.xx.xx originally 172.xx.xx.xx
debug3: /etc/ssh/ssh_config.d/50-redhat.conf line 3: not matched 'final'
debug2: match not found
debug3: /etc/ssh/ssh_config.d/50-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1 (parse only)
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug3: gss kex names ok: [gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-]
debug3: kex names ok: [curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512]
debug1: configuration requests final Match pass
debug2: resolve_canonicalize: hostname 172.xx.xx.xx is address
debug1: re-parsing configuration
debug1: Reading configuration data /etc/ssh/ssh_config
debug3: /etc/ssh/ssh_config line 55: Including file /etc/ssh/ssh_config.d/50-redhat.conf depth 0
debug1: Reading configuration data /etc/ssh/ssh_config.d/50-redhat.conf
debug2: checking match for 'final all' host 172.xx.xx.xx originally 172.xx.xx.xx
debug3: /etc/ssh/ssh_config.d/50-redhat.conf line 3: matched 'final'
debug2: match found
debug3: /etc/ssh/ssh_config.d/50-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug3: gss kex names ok: [gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-]
debug3: kex names ok: [curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512]
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/cloudshell-user/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/cloudshell-user/.ssh/known_hosts2'
debug3: ssh_connect_direct: entering
debug1: Connecting to 172.xx.xx.xx [172.xx.xx.xx] port 22.
debug3: set_sock_tos: set socket 3 IP_TOS 0x48
debug1: connect to address 172.xx.xx.xx port 22: No route to host
ssh: connect to host 172.xx.xx.xx port 22: No route to host
Solution
AWS CloudShell is not running inside your VPC, so there is no way for it to resolve that address to the EC2 instance and connect to it. Only resources inside the VPC can communicate with each other over their private IP addresses.
For an alternative, you should look into use AWS SSM Session Manager to connect to your EC2 instances, instead of SSH. SSM Session Manager can connect to EC2 instances without public IPs, from outside the VPC.
- AWS Elastic Beanstalk and Secret Manager
- Unable to upload data using sagemaker_session.upload_data in s3 bucket that I created, it is getting stored in default s3 bucket
- Parse Aws IoT message in python
- How to temporarily switch profiles for AWS CLI?
- Python Sqlalchemy insert data into AWS Redshift
- Using AWS Bedrock Prompt Management with InvokeCommand
- How to skip IAM change confirmation during a cdk deploy?
- Restarting AWS lambda function to clear cache
- How to send data to API Post to be used by Lambda Function
- Why is postman showing error message but react app not showing it?
- Terraform shows `InvalidGroup.NotFound` while creating an EC2 instance
- How to delete keys matching pattern in AWS Elasticache Valkey
- I can't delete my VPC
- SemaphoreCI OIDC AWS connection
- Proper way of passing in variables to CloudFormation
- Missing Build settings in AWS Amplify Hosting for Flutter Web Apps deployment
- How can I quickly and effectively debug CloudFormation templates?
- Use AWS CLI to import existing resources into CloudFormation
- How to delete a Module from the AWS CloudFormation Registry?
- How to get public URL after uploading image to S3?
- Why does S3 file upload not trigger event to SNS topic?
- AWS step functions and optional parameters
- Downloading an entire S3 bucket?
- DynamoDB vs Redis for persistent storage?
- Route53 and Cloudfront The request could not be satisfied?
- Lambda unable to delete object from s3 in another account
- Use Cloudshell to get instances in specific AZ
- EC2 Userdata script : nvm cannot find .bashrc
- Cannot RDP to Amazon EC2 instance(windows server)
- Reducing memory consumption of mysql on ubuntu@aws micro instance