0

There are two EC2 windows instance placed in same VPC and same public subnet having same security group. I want to check if both are able to communicate with each other using ping command. I have added rules at both security group and NACL level. ALL ICMP is also been included exclusively other than "all" traffic. but I am not able to test the same. kindly suggest if there is any other way I can check connectivity between two ec2 windows instances?

Vidya
  • 3
  • 4
  • What is the output of the ping from one EC2 to another EC2 instance? – PassionInfinite Jun 11 '21 at 16:08
  • It is giving "Request time out"! – Vidya Jun 11 '21 at 16:09
  • Can you please show me the security inbound rules for EC2 instances? – PassionInfinite Jun 11 '21 at 16:11
  • HTTP TCP 80 0.0.0.0/0 – All traffic All All 0.0.0.0/0 SSH TCP 22 0.0.0.0/0 – All ICMP - IPv4 ICMP All 0.0.0.0/0 – – Vidya Jun 11 '21 at 16:15
  • Sorry, not able to add image here! – Vidya Jun 11 '21 at 16:17
  • The inbound rule looks good to me. How you are trying to ping it? I mean with the attached public IP or the domain name attached with the instance? – PassionInfinite Jun 11 '21 at 16:19
  • I am logging into EC2 windows machine using RDP and then over there using CMD I am firing ping command using other EC2's private IP address/public IP address. both are not working. – Vidya Jun 11 '21 at 16:21
  • Maybe this answer helps you as the question is similar. https://stackoverflow.com/questions/21981796/cannot-ping-aws-ec2-instance – PassionInfinite Jun 11 '21 at 16:22
  • Yes. Actually I checked everything. not very sure what's happening exactly. Is there any other way I can check connectivity between two other than "ping"? – Vidya Jun 11 '21 at 16:36
  • If you have Telnet Client installed then connect to the other instance on the specific opened port. Syntax: `telnet IP PORT` – PassionInfinite Jun 11 '21 at 16:40
  • Frankly, using PING to test connectivity is a waste of time, because all it will test is whether you can use PING. Instead, you should **test for the connectivity that you _actually_ require** and then work on getting that operational. If you want to instances with the same Security Group communicate, simply add an "Allow All Inbound" rule with the Source as the Security Group itself, and make sure it has the default "Allow All Outbound" rules too. – John Rotenstein Jun 11 '21 at 23:23
  • Thanks a lot! I checked all of this. But Finally it worked by turning off windows firewall on EC2 instance – Vidya Jun 14 '21 at 05:59

1 Answers1

1

If the two EC2 instances are in the same VPC, Subnet, and Security Group you just need to check that the following is in place:

  1. Security Group allows inbound ALL ICMP is from self (self reference the security group id)
  2. Security Group outbound ALL TRAFFIC is allowed.
  3. Subnet has a route to LOCAL in the VPC
Coin Graham
  • 1,343
  • 3
  • 11
  • Thanks a lot! I checked all of this. But Finally it worked by turning off windows firewall on EC2 instance. – Vidya Jun 14 '21 at 05:58