AWS/Azure/OpenShift Network

Unable to Ping an EC2 Instance

Unable-to-ping-an-EC2-Instance
Unable to Ping an EC2 Instance

In this guide, I show you how to fix the unable to Ping an EC2 Instance. Ping which is an abbreviation for Packet Internet or Inter-Network Groper is a simple Internet program that allows a user to test and confirm whether a specific destination IP address exists and can accept requests over a network connection. Before we get into the issue it’s crucial to understand how ping works. Ping does not use any port. It uses a separate layer 3 protocol called Internet Control Message Protocol (ICMP). Layer 3 is the same layer used by UDP and TCP. When troubleshooting this issue, look out for Security Groups, Firewalls, and NACLs setting not allowing ICMP through. Also, learn how to Fix an Elastic IP Address that Could not be Associated.

What is ICMP Protocol?

Internet Control Message Protocol (ICMP) is a protocol used by network devices to communicate data transmission issues. The issue of not being able to an EC2 instance is usually associated with ICMP. You can also learn about setting up a Site-to-Site VPN Connection on AWS? See the related guide on how to create and mount FSx File System: Join EC2 instance to AWS Managed AD. Unable to ping an EC2 Instance can occur if ICMP is not allowed in the security groups, Firewalls or NACL settings on your AWS Account.

Fixing Unable To Ping EC2 Instance

Method 1 – Allow ICMP Access via the security group settings.

To fix unable to ping EC2 instance problem, login to your EC2 dashboard. When you’re in the EC2, do the following:

Step 1: Select the EC2 instance you want to allow pinging on.

Unable-to-ping-an-EC2-Instance-Metadata-page
Unable to Ping EC2 Instance Metadata page

Step 2: From the EC2 Instance metadata page, scroll down to the Security tab

unable-to-ping-an-ec2-security-tab
EC2 Security Settings

Step 3: Select the security group and click on Edit Inbound Rules from the security group tab.

Unable-to-Ping-an-EC2-Instance-edit-inbound-security-rules
Editing the Inbound Rules

Step 4: From the Edit Inbound Rules console, under rule type, select All ICMP – IPv4. The protocol automatically applies as ICMP. Leave the port range to be “All” depending on your requirements. Next, click on Save rules to save the settings.

Method 2: The EC2 Instance doesn’t have a Public IP.

In this case, learn How to Allocate, Associate, Disassociate and Release Elastic IP Address from an EC2 Instance.

Method 3: The NACL (Network ACL) doesn’t Allow ICMP. Fix it by doing the following:

Step 1: From the VPC consol, click on Network ACLs under the Security tab.

Checking-for-NACL-Setting
Network ACLs Settings

Step 2: Click to select the available NACL

Select-NACL-
Selecting NACL

Step 3: Click on Edit inbound rules

Click-Edit-Inbound-Rule
Editing Inbound Rules

Step 4: Add rule. Provide the priority number depending on your requirements. Select all other fields as shown below and click on save changes:

Add-Rule
Adding NACL rule for ICMP

Method 4: Allow ICMP Inbound rule during EC2 creation.

To do this, from the EC2 creation console, click to edit VPC details under Network settings.

Unable-to-ping-Creating-an-EC2-Instance
EC2 Instance creation

Add the additional rule to allow ICMP under the security group settings.

Unable-to-Ping-EC2-Add-additional-security-group-rule
Adding additional Security group rule

Define the rule as shown below:

Add-ICMP-rule
Defining the Aditional Security group rule

In this post, you have learned how to fix unable to ping an EC2 Instance from your local PC.

Subscribe
Notify of
guest

0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x