Can't connect to EC2 instance over HTTP from outside AWS

3
votes

If it makes any difference, this is in AWS China.

I have a new EC2 instance. I created it a couple of days ago. It's supposed to be an application server for a rails app. Apache is up and running, and it works (curl localhost works). When I try from another EC2 instance, it also responds OK (using the EC2 internal IP address).

However, if I use the external IP address it doesn't work. It times out.

Things I checked:

  • Apache is running, and it's listening on eth0 as well as localhost.
  • No firewall in the instance (default Amazon Linux image, iptables -L returns all ACCEPT policies, no other rules).
  • Security group is correct. It has rules for inbound port 80 and port 443 allowed for the whole world.
  • The security group I'm modifying is indeed applied to the instance with issues. I tried removing SSH access from that security group and my ssh connection into the server died. Added access again and I was able to ssh in. So the security group is working and applying rules.
  • I even tried setting up a load balancer in front of the instance. The load balancer can't reach the instance either.
  • Yes, I'm using the correct IP address. I checked it over and over again.
  • I tried using the public hostname, it still doesn't work (why should it?), but it confirms I have the right IP address because it does work from inside the instance (because inside AWS it points to the internal IP address).

I'm completely stumped on this. It's possible that it's a really silly mistake on my part, but I've already tried everything I could come up with. I googled and tried everything other people said worked for them. I had a coworker look into it, he also couldn't make it work.

So, any ideas? What am I missing?

Thanks!

Edit: a coworker suggested something which made total sense: what if I listen in a different port? Does it work then? Turns out it does. Configured Apache to listen in port 9876, opened it in the security group, and of course, it works. So it's just port 80 which is filtered. My next step was creating a load balancer which listens on port 80 and forwards to port 9876 to the instance. And, of course, it doesn't work. The LB connects to the instance, says it's online, but I can't reach the LB in port 80. So it seems I can't reach anything on AWS China on port 80, and I'm still totally blocked here.

1
linuxamazon-web-servicesamazon-ec2
from where are you trying to use the external IP? - pherris
From my own home, mainly, and from my office. From both places I can SSH in, but I get HTTP timeout. Also, if I use the external IP address from inside the instance itself it also times out. Same from another AWS China EC2 instance, time out while using the external IP, works when using the internal one. - Nacho
It sounds like you covered all of this, but wanted to refer you to this other SO question/answers in case: stackoverflow.com/questions/10253484/… - pherris
Thanks. Yes, I saw that post, and checked all those items. Unfortunately, no luck :( - Nacho
You are in the states? what is the IP? - pherris

1 Answers

5
votes

I eventually got a response by another medium, but I thought I'll share it here in case somebody else with the same issue wanders into this question.

The server owner needed an ICP, which they had, but had not authenticated with AWS China. An ICP is some kind of document in which the Chinese government authorizes a business to operate a website.

More information: https://www.amazonaws.cn/en/about-aws/china/faqs/#do-i-need-icp-recordal