Sometimes, you want to check the connectivity of your EC2 instance using a simple tool called Ping. By default, an instance's firewall, also known as a Security Group, doesn't allow inbound ping requests.
To see this in practice , here's my running EC2 instance, a web server with a public IP address. Let's copy the address, go to the terminal and send a few pings. As you can see, the ping times out, all packets are lost. Let's go back and see why we can't ping the instance. With the instance selected, let's click on the "Security" tab, scroll down a bit and have a look at the security groups. Currently, there is one security group attached, which allows inbound traffic on ports 80 and 443 which are the default ports for web traffic. So even though the instance is alive and running, all ping requests are filtered by the security group and won't reach the instance.
Thankfully, configuring your instances to allow ping requests can be done in two easy steps.
Step 1: Create a new security group.
Step 2: Attach the security group to the instance
Let's start with Step 1: Create a new security group.
To do this, go to "Network & Security" in the navigation and click on "Security Groups". This will open a list of available security groups. Let's click on "Create security group", give it a name and a brief description. Now let's scroll down and add an inbound rule. Click on "Add rule" and select "Custom ICMP - IPv4" from the dropdown. ICMP stands for Internet Control Message Protocol, which has tools to diagnose network communication issues, like Ping. We could allow all ICMP requests, but in this case, we want to restrict it to Ping only. Technically, the ping request is an echo request, so let's select this as the protocol.
Next we'll set the source, which means from where should these requests be allowed. It is a security best practice to restrict access to only where it's necessary, so I will choose "My IP". Scroll down and click "Create Security Group".
Now we can go back to the instance list for Step 2: Attach the security group to the instance. Make sure the instance is selected and click on "Actions" → "Security" → "Change security groups". This will open a new window with the associated security groups. An EC2 instance needs at least one, but can have multiple security groups. Click in the search box, select our "Ping", which is the one we've just created, click on "Add security group", and save the new configuration.
Now let's go back to the instance, open the "Security" tab, and as you can see, both security groups are attached to the instance. It can now be reached by HTTP, HTTPS, and Ping requests.
To test this, let's go back to the terminal and try to ping the instance again.
And it works!
ABOUT THIS CHANNEL
My name's Mohavi, an AWS Solutions Architect and I share tips to help you grow your Amazon Web Services (AWS) skills, build well-architected applications, and learn the best tools and skills required to help you on your cloud journey. If you're interested in learning about AWS and the cloud make sure to subscribe for helpful training videos.
background song: Sunset Dream - CHEEL
