AWS EC2 学习： Error connecting to your instance: Connection timed out

Troubleshooting Connecting to Your Instance

Security groups act as a firewall for associated instances, controlling both inbound and outbound traffic at the instance level. You must add rules to a security group that enable you to connect to your Linux instance from your IP address using SSH.

To add a rule to a security group for inbound SSH traffic over IPv4 using the console

1. In the navigation pane of the Amazon EC2 console, choose Instances. Select your instance and look at the Description tab; Security groups lists the security groups that are associated with the instance. Choose view rules to display a list of the rules that are in effect for the instance.

2. In the navigation pane, choose Security Groups. Select one of the security groups associated with your instance.

3. In the details pane, on the Inbound tab, choose Edit. In the dialog, choose Add Rule, and then choose SSH from the Type list.

4. In the Source field, choose My IP to automatically populate the field with the public IPv4 address of your local computer. Alternatively, choose Custom and specify the public IPv4 address of your computer or network in CIDR notation. For example, if your IPv4 address is 203.0.113.25, specify 203.0.113.25/32 to list this single IPv4 address in CIDR notation. If your company allocates addresses from a range, specify the entire range, such as 203.0.113.0/24.

   For information about finding your IP address, see Before You Start.

5. Choose Save.

(VPC only) If you launched an instance with an IPv6 address and want to connect to your instance using its IPv6 address, you must add rules that allow inbound IPv6 traffic over SSH.

To add a rule to a security group for inbound SSH traffic over IPv6 using the console

1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

2. In the navigation pane, choose Security Groups. Select the security group for your instance.

3. Choose Inbound, Edit, Add Rule.

4. For Type, choose SSH.

5. In the Source field, specify the IPv6 address of your computer in CIDR notation. For example, if your IPv6 address is 2001:db8:1234:1a00:9691:9503:25ad:1761, specify 2001:db8:1234:1a00:9691:9503:25ad:1761/128 to list the single IP address in CIDR notation. If your company allocates addresses from a range, specify the entire range, such as 2001:db8:1234:1a00::/64.

6. Choose Save.

Note

Be sure to run the following commands on your local system, not on the instance itself. For more information about these command line interfaces, see Accessing Amazon EC2.

To add a rule to a security group using the command line

1. Find the security group that is associated with your instance using one of the following commands:

   • describe-instance-attribute (AWS CLI)

     aws ec2 describe-instance-attribute --instance-id instance_id --attribute groupSet

   • Get-EC2InstanceAttribute (AWS Tools for Windows PowerShell)

     PS C:\> (Get-EC2InstanceAttribute -InstanceId instance_id -Attribute groupSet).Groups

   Both commands return a security group ID, which you use in the next step.

2. Add the rule to the security group using one of the following commands:

   • authorize-security-group-ingress (AWS CLI)

     aws ec2 authorize-security-group-ingress --group-id security_group_id --protocol tcp --port 22 --cidr cidr_ip_range

   • Grant-EC2SecurityGroupIngress (AWS Tools for Windows PowerShell)

     The Grant-EC2SecurityGroupIngress command needs an IpPermission parameter, which describes the protocol, port range, and IP address range to be used for the security group rule. The following command creates the IpPermission parameter:

     PS C:\> $ip1 = @{ IpProtocol="tcp"; FromPort="22"; ToPort="22"; IpRanges="cidr_ip_range" }
     PS C:\> Grant-EC2SecurityGroupIngress -GroupId security_group_id -IpPermission @($ip1)