Your problem may come from the fact that the key file (in our case the aws-tutorial.pem file doesn’t have the right permissions). Make sure to execute:
chmod 400 ~/.ssh/aws-tutorial.pem
This should be done after copying the downloaded pem file to the above folder:
cp $HOME/Download/aws-tutorial.pem $HOME/.ssh/
Also, your machine may not be accessible from the outside and in this case, whether you set the right or the wrong permissions on your key, it will still not accessible.
Your Machine is Not Accessible From the Outside
Normally, when attaching a public IP to the EC2 machine, it should be accessible from the outside, but you had probably changed some of your default VPC configurations.
What is important to us, is the networking part. The subnet that you used to create the EC2 machine must have a valid routing table.
Say we made the choice to use the subnet with the id subnet-ea46b9b0 when we created our EC2 instance. Make sure that the selected subnet has access to the Internet by checking its Route Table.
The Route Table should be at least using one Internet Gateway to reach the Internet.
Make sure that the destination is 0.0.0.0/0 and that the target is a valid Internet Gateway:
We are going to see in details some of the concepts introduced in this troubleshooting part.
Your Security Groups
Everything is good but you can’t SSH to your machine, or you can SSH, install Nginx but you don’t see the Nginx welcome page:
Our VM should be accessible on port 80 (HTTP) and port 443 (HTTPS).
Our SSH port (22), should be at least accessible from your IP address (the public IP address of your home or work).
For the sake of simplicity, we can allow SSH from everywhere (0.0.0.0/0 for the IPV4 and ::/0 for the IPV6).
(Note that, even if we did it on a temporary machine we use to learn, allowing SSH from everywhere is not a good security practice)
To troubleshoot this, go back to the used Security Groups and make sure that you allowed:
– HTTP from everywhere
– HTTPS from everywhere
– SSH from your IP address or from everywhere
Go to your EC2 dashboard, select Security Groups, click on the created one and click on Actions then Edit the inbound rules.