In this guide, I show you how to fix the unable to Ping an EC2 Instance. Ping which is an abbreviation for Packet Internet or Inter-Network Groper is a simple Internet program that allows a user to test and confirm whether a specific destination IP address exists and can accept requests over a network connection. Before we get into the issue it’s crucial to understand how ping works. Ping does not use any port. It uses a separate layer 3 protocol called Internet Control Message Protocol (ICMP). Layer 3 is the same layer used by UDP and TCP. When troubleshooting this issue, look out for Security Groups, Firewalls, and NACLs setting not allowing ICMP through. Also, learn how to Fix an Elastic IP Address that Could not be Associated.
What is ICMP Protocol?
Internet Control Message Protocol (ICMP) is a protocol used by network devices to communicate data transmission issues. The issue of not being able to an EC2 instance is usually associated with ICMP. You can also learn about setting up a Site-to-Site VPN Connection on AWS? See the related guide on how to create and mount FSx File System: Join EC2 instance to AWS Managed AD. Unable to ping an EC2 Instance can occur if ICMP is not allowed in the security groups, Firewalls or NACL settings on your AWS Account.
Fixing Unable To Ping EC2 Instance
Method 1 – Allow ICMP Access via the security group settings.
To fix unable to ping EC2 instance problem, login to your EC2 dashboard. When you’re in the EC2, do the following:
Step 1: Select the EC2 instance you want to allow pinging on.
Step 2: From the EC2 Instance metadata page, scroll down to the Security tab
Step 3: Select the security group and click on Edit Inbound Rules from the security group tab.
Step 4: From the Edit Inbound Rules console, under rule type, select All ICMP – IPv4. The protocol automatically applies as ICMP. Leave the port range to be “All” depending on your requirements. Next, click on Save rules to save the settings.
Method 2: The EC2 Instance doesn’t have a Public IP.
In this case, learn How to Allocate, Associate, Disassociate and Release Elastic IP Address from an EC2 Instance.
Method 3: The NACL (Network ACL) doesn’t Allow ICMP. Fix it by doing the following:
Step 1: From the VPC consol, click on Network ACLs under the Security tab.
Step 2: Click to select the available NACL
Step 3: Click on Edit inbound rules
Step 4: Add rule. Provide the priority number depending on your requirements. Select all other fields as shown below and click on save changes:
Method 4: Allow ICMP Inbound rule during EC2 creation.
To do this, from the EC2 creation console, click to edit VPC details under Network settings.
Add the additional rule to allow ICMP under the security group settings.
Define the rule as shown below:
In this post, you have learned how to fix unable to ping an EC2 Instance from your local PC.
