In this video I'll show you how you can make your Amazon EC2 instance "ping-able". By default, AWS Security Groups, disallow ping requests. I will walk you through the step-by-step process which will allow you to ping an instance.
TIMESTAMPS:
Introduction: 0:00
Test the default configuration: 0:21
Why ping doesn't work by default: 0:38
How to create a Security Group that allows ping requests: 01:16
How to attach a Securty Group to an EC2 instance: 02:20
Test the new configuration with ping requests allowed: 03:00
FOLLOW ME ONLINE:
➡️ Twitter: https://twitter.com/dtraub
➡️ LinkedIn:https://www.linkedin.com/in/dennis-traub
➡️ The German 🇩🇪 AWS Podcast 🎧: https://bit.ly/aws-de
VIDEO TRANSCRIPT:
Hey everyone, I'm Dennis, AWS Developer Advocate, and in this video I'll show you how to make an Amazon EC2 instance "Ping-able".
Sometimes, you want to check the connectivity of your EC2 instance using a simple tool called Ping. By default, an instance's firewall, also known as a Security Group, doesn't allow inbound ping requests.
To see this in practice , here's my running EC2 instance, a web server with a public IP address. Let's copy the address, go to the terminal and send a few pings. As you can see, the ping times out, all packets are lost. Let's go back and see why we can't ping the instance. With the instance selected, let's click on the "Security" tab, scroll down a bit and have a look at the security groups. Currently, there is one security group attached, which allows inbound traffic on ports 80 and 443 which are the default ports for web traffic. So even though the instance is alive and running, all ping requests are filtered by the security group and won't reach the instance.
Thankfully, configuring your instances to allow ping requests can be done in two easy steps.
Step 1: Create a new security group.
Step 2: Attach the security group to the instance
Let's start with Step 1: Create a new security group.
To do this, go to "Network & Security" in the navigation and click on "Security Groups". This will open a list of available security groups. Let's click on "Create security group", give it a name and a brief description. Now let's scroll down and add an inbound rule. Click on "Add rule" and select "Custom ICMP - IPv4" from the dropdown. ICMP stands for Internet Control Message Protocol, which has tools to diagnose network communication issues, like Ping. We could allow all ICMP requests, but in this case, we want to restrict it to Ping only. Technically, the ping request is an echo request, so let's select this as the protocol.
Next we'll set the source, which means from where should these requests be allowed. It is a security best practice to restrict access to only where it's necessary, so I will choose "My IP". Scroll down and click "Create Security Group".
Now we can go back to the instance list for Step 2: Attach the security group to the instance. Make sure the instance is selected and click on "Actions" → "Security" → "Change security groups". This will open a new window with the associated security groups. An EC2 instance needs at least one, but can have multiple security groups. Click in the search box, select our "Ping", which is the one we've just created, click on "Add security group", and save the new configuration.
Now let's go back to the instance, open the "Security" tab, and as you can see, both security groups are attached to the instance. It can now be reached by HTTP, HTTPS, and Ping requests.
To test this, let's go back to the terminal and try to ping the instance again.
And it works!
ABOUT THIS CHANNEL
My name's Dennis and I share tips to help you grow your Amazon Web Services (AWS) skills, build well-architected applications, and learn the best tools and skills required to help you on your cloud journey. If you're a developer, business owner or hobbyist who is interested in learning about AWS and the cloud make sure to subscribe for helpful training videos.
I'm working at AWS as a Developer Advocate and Technical Evangelist, taking care of the builder community in Germany, Austria, and Switzerland. I'm AWS Certified (SA Pro, DevOps Pro, Security Specialist, and all Associate-level certifications) and have been actively developing for the cloud since 2011. During that time I've helped countless developers and businesses build their applications in the cloud through training, content, and consulting.
If you have any questions or want to request a topic or tutorial just leave a comment on any of my videos and I'll see what I can do to answer it.
Thanks for watching, welcome to the cloud!
#AWS #In5MinutesOrLess #Tutorial
0 Comments