# Connection to EC2 instance timed out while using Instance Connect

- **ID:** `aws/ec2-instance-connect-timeout`
- **Domain:** aws
- **Category:** network_error
- **Verification:** ai_generated
- **Fix Rate:** 80%

## Root Cause

EC2 Instance Connect service cannot reach the instance due to missing or misconfigured security group rules, lack of public IP, or network ACL blocking.

## Version Compatibility

| Version | Status | Introduced | Deprecated |
|---------|--------|------------|------------|
| ec2-instance-connect-1.0 | active | — | — |
| aws-cli-2.15.0 | active | — | — |
| amazon-ec2-2024 | active | — | — |

## Workarounds

1. **Verify that the security group attached to the instance allows inbound TCP traffic on port 22 from the Instance Connect IP ranges. Use: aws ec2 describe-security-groups --group-ids sg-xxx, then add rule: aws ec2 authorize-security-group-ingress --group-id sg-xxx --protocol tcp --port 22 --cidr 18.206.107.24/29** (80% success)
   ```
   Verify that the security group attached to the instance allows inbound TCP traffic on port 22 from the Instance Connect IP ranges. Use: aws ec2 describe-security-groups --group-ids sg-xxx, then add rule: aws ec2 authorize-security-group-ingress --group-id sg-xxx --protocol tcp --port 22 --cidr 18.206.107.24/29
   ```
2. **Ensure the instance has a public IP address (if connecting from outside VPC) or use a bastion host. If using EC2 Instance Connect without public IP, enable VPC endpoint for EC2 Instance Connect.** (75% success)
   ```
   Ensure the instance has a public IP address (if connecting from outside VPC) or use a bastion host. If using EC2 Instance Connect without public IP, enable VPC endpoint for EC2 Instance Connect.
   ```

## Dead Ends

- **** — 超时是网络层问题，客户端设置无法绕过AWS网络策略。 (90% fail)
- **** — 重启实例不会修复安全组规则或IAM权限配置错误。 (85% fail)