{ "id": "aws/ec2-instance-connect-connection-refused", "signature": "Connection to EC2 instance timed out while using Instance Connect: Connection refused", "signature_zh": "使用 Instance Connect 时连接到 EC2 实例超时:连接被拒绝", "regex": "Connection to EC2 instance timed out while using Instance Connect.*Connection refused", "domain": "aws", "category": "network_error", "subcategory": null, "root_cause": "The EC2 instance's SSH daemon (sshd) is not running, or the security group inbound rule does not allow SSH traffic (port 22) from AWS Instance Connect IP ranges, or the instance is in a subnet without internet access for the Instance Connect service.", "root_cause_type": "generic", "root_cause_zh": "EC2 实例的 SSH 守护进程 (sshd) 未运行,或安全组入站规则不允许来自 AWS Instance Connect IP 范围的 SSH 流量(端口 22),或者实例位于没有互联网访问权限的子网中,无法使用 Instance Connect 服务。", "versions": [ { "version": "EC2 API 2016-11-15", "introduced": null, "deprecated": null, "removed": null, "behavior_change": null, "status": "active" }, { "version": "AWS CLI 2.17.0", "introduced": null, "deprecated": null, "removed": null, "behavior_change": null, "status": "active" }, { "version": "Amazon Linux 2023", "introduced": null, "deprecated": null, "removed": null, "behavior_change": null, "status": "active" } ], "os_specific": {}, "dead_ends": [ { "action": "Restarting the EC2 instance from the AWS Console, assuming a complete reboot will fix the SSH daemon.", "why_fails": "If sshd is misconfigured or not enabled, a reboot does not change its state unless the init system is fixed.", "fail_rate": 0.7, "condition": "", "sources": [] }, { "action": "Adding a security group rule allowing SSH from 0.0.0.0/0, thinking it's a general connectivity issue.", "why_fails": "While this may allow SSH, it is overly permissive and does not address the Instance Connect-specific IP ranges or sshd status.", "fail_rate": 0.6, "condition": "", "sources": [] } ], "workarounds": [ { "action": "Verify sshd is running on the instance by connecting via EC2 Serial Console or using AWS Systems Manager Session Manager: `aws ssm start-session --target instance-id`. Then run `systemctl status sshd` and start it if not running.", "success_rate": 0.85, "how": "Verify sshd is running on the instance by connecting via EC2 Serial Console or using AWS Systems Manager Session Manager: `aws ssm start-session --target instance-id`. Then run `systemctl status sshd` and start it if not running.", "condition": "", "sources": [] }, { "action": "Ensure the security group allows inbound SSH from AWS Instance Connect IP ranges. Check the current ranges at https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-connect-set-up.html#ec2-instance-connect-inbound. Add a rule for port 22 from the source `35.180.0.0/16` (example for us-east-1).", "success_rate": 0.9, "how": "Ensure the security group allows inbound SSH from AWS Instance Connect IP ranges. Check the current ranges at https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-connect-set-up.html#ec2-instance-connect-inbound. Add a rule for port 22 from the source `35.180.0.0/16` (example for us-east-1).", "condition": "", "sources": [] } ], "workarounds_zh": [ "Verify sshd is running on the instance by connecting via EC2 Serial Console or using AWS Systems Manager Session Manager: `aws ssm start-session --target instance-id`. Then run `systemctl status sshd` and start it if not running.", "Ensure the security group allows inbound SSH from AWS Instance Connect IP ranges. Check the current ranges at https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-connect-set-up.html#ec2-instance-connect-inbound. Add a rule for port 22 from the source `35.180.0.0/16` (example for us-east-1)." ], "transition_graph": { "leads_to": [], "preceded_by": [], "frequently_confused_with": [] }, "official_doc_url": "https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-connect-set-up.html", "official_doc_section": null, "error_code": null, "verification_tier": "ai_generated", "confidence": 0.84, "fix_success_rate": 0.8, "resolvable": "true", "first_seen": "2023-11-01", "last_confirmed": "2024-06-01", "last_updated": "2024-06-01", "evidence_count": 1, "tags": [], "locale": "en", "aliases": [] }