How Do You Troubleshoot “Connect timeout on endpoint…”?

Problem scenario
You try to run an aws ssm command. But you get an error about a connection timing out. What should you do?

Find the EC-2 server's VPC and subnet. Go to VPC in the AWS console. Go to the Subnet section. Find the Route Table associated with the subnet for the EC-2 server. Make sure that the "Destination" field accommodates the IP address of the hostname. To find what IP addresses the resolve to, ping the hostname several different times manually. If you find the first octet is 43, then create a rule like this: as the destination and have that traffic go to a NAT gateway. Now the EC-2 server should be able to route traffic to the URL. In our experience sending all traffic outward via does not work very well.

This may not be a best practice as any traffic bound for an IP address that starts with the given octet will be sent outward through the NAT gateway. If you can do special configuration (e.g., forwarding) to limit the IP address resolution of the, that would be advisable.

Leave a comment

Your email address will not be published. Required fields are marked *