Port wont open even after configuring security group

Terraform
1

Hello, I am new to terraform and aws. I am stuck with this problem for couple of days now. I went through every possible post related to my issue but I am not able to resolve this issue.

I am unable to connect to EC2 instance and receive the following error:-

There was a problem connecting to your instance
We were unable to connect to your instance. Make sure that your instance’s network settings are configured correctly for EC2 Instance Connect. For more information, see Task 1: Configure network access to an instance.

This is how my main.tf file looks

terraform {
  required_providers {
    aws = {
      source = "hashicorp/aws"
      version = "4.5.0"
    }
  }
}

provider "aws" {
    region = "us-east-1"
}

resource "aws_instance" "example" {
  ami = "ami-04505e74c0741db8d"
  instance_type = "t2.micro"
  vpc_security_group_ids = [aws_security_group.instance.id]

  user_data = <<-EOF
              #!/bin/bash
              echo "Hello, World" > index.html
              nohup busybox httpd -f -p 8080 &
              EOF

  tags = {
      Name = "terraform-example"
  }

}

resource "aws_security_group" "instance" {
  name        = "terraform-example-instance"
  
  ingress {
    from_port        = 8080
    to_port          = 8080
    protocol         = "tcp"
    cidr_blocks      = ["0.0.0.0/0"]
  }
}

Also sharing my netstat. Getting this same issue on both Windows and Debian11. I am not sure what I am doing wrong but surely the required port is not opening.

jeevan@jaswik:~$ netstat -tunlp
(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.1:57343         0.0.0.0:*               LISTEN      4129/steam          
tcp        0      0 0.0.0.0:5355            0.0.0.0:*               LISTEN      -                   
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      -                   
tcp6       0      0 :::5355                 :::*                    LISTEN      -                   
udp        0      0 127.0.0.53:53           0.0.0.0:*                           -                   
udp        0      0 0.0.0.0:58533           0.0.0.0:*                           -                   
udp        0      0 0.0.0.0:27036           0.0.0.0:*                           4129/steam          
udp        0      0 224.0.0.251:5353        0.0.0.0:*                           2691/chromium --sho 
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           -                   
udp        0      0 0.0.0.0:5355            0.0.0.0:*                           -                   
udp6       0      0 :::59294                :::*                                -                   
udp6       0      0 :::5353                 :::*                                -                   
udp6       0      0 :::5355                 :::*                                -

I will greatly appreciate any form of help related to this issue. Thanks in advance.

2

Hello jeevanmore,

I can recommend to complete the HashiCorp learn guide with terraform and aws.
Your code is fine and the index.html is accessible from the public address of your VM on port 8080.
However if you want to connect or to ping the VM you need to add additional rules to the aws security group.
for example two additional ingress rules for ssh connection, port 22 and icmp protocol.

resource "aws_security_group" "instance" {
  ###
  ###
  ingress {
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  ingress {
    from_port   = -1
    to_port     = -1
    protocol    = "icmp"
    cidr_blocks = ["0.0.0.0/0"]
  }
}

Best Regards,
Kiril Krastev

1 Like
3

Hello Kiril,

Appreciate your quick response. I am actually learning from the book “Terraform - up and running” by yevgeniy brikman. I was following the step-by-step code from the book.

Anyways after adding the two ingress rules which you suggested I was able to connect to EC2 instance from aws console, but when I try to curl to the address I get following error:-

jeevan@jaswik:~$ curl http://3.86.199.213:8080
curl: (7) Failed to connect to 3.86.199.213 port 8080: Connection refused

Also when I try to open the address in chrome it gives me following error:-

This site can’t be reached3.86.199.213 took too long to respond.
Try:
Checking the connection
Checking the proxy and the firewall
ERR_CONNECTION_TIMED_OUT

Can you provide any solution on these error?

Regards
Jeevan

4

Hello Jeevan,

Did you remove the ingress rule for port 8080 in the resource block aws_security_group ?

Best Regards,
Kiril Krastev

5

Hello Kiril,

At first no but after reading your reply I did so. But still no luck.
Here are curl errors I get :-

jeevan@jaswik:~$ curl http://54.91.203.99
curl: (28) Failed to connect to 54.91.203.99 port 80: Connection timed out

jeevan@jaswik:~$ curl http://54.91.203.99:22
curl: (1) Received HTTP/0.9 when not allowed

Also when I ping the above address it seems to be working:-

jeevan@jaswik:~$ ping 54.91.203.99 -c 3
PING 54.91.203.99 (54.91.203.99) 56(84) bytes of data.
64 bytes from 54.91.203.99: icmp_seq=1 ttl=42 time=210 ms
64 bytes from 54.91.203.99: icmp_seq=2 ttl=42 time=210 ms
64 bytes from 54.91.203.99: icmp_seq=3 ttl=42 time=210 ms

--- 54.91.203.99 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 210.029/210.073/210.138/0.046 ms

Regards
Jeevan

6

Hello Jeevan,

You should not remove the ingress rule for port 8080.
The application wont be accessible otherwise. AWS security groups acts as firewalls. When you are saying to your application to use port 8080 you must allow it with ingress rule in your security group.

Best Regards,
Kiril