AWS Autoscaling Troubleshooting

Exam Question Scenario

EC2 instances fail to launch with Autoscaling configuration

Description

  • Autoscaling configuration requires the following :-
  • Autoscaling launch configuration which allows you to select an
    • AMI
    • Instance type
    • IAM role (optional)
    • Security group
    • Key pair file
  • Autoscaling group configuration allows you to select AZ to be used to launch the EC2 instances with the selected launch configuration

Troubleshooting key points :-

  • AMI id does not exist or is still pending and cannot be used to launch instances
  • Security group provided in the launch configuration does not exist
  • Key pair associated with the EC2 instance does not exist
  • Autoscaling group not found or is incorrectly configured
  • AZ configured with the Autoscaling group is no longer supported cause it might not be available
  • Invalid EBS block device mappings
  • Instance type is not supported in the AZ
  • Capacity limits reached either cause of the restriction on the number of instance type that can be launched in a region or cause AWS is not able to provision the specified instance type in the AZ (for e.g. no more spot instances or On-demand instances availability)

References

More details @ AWS Autoscaling Developer Guide

AWS – EC2 Troubleshooting Connecting to an Instance

AWS – EC2 Troubleshooting Connecting to an Instance

  1. Verify the Security groups are properly configured to allow ssh access from the ip to the EC2 instance. For Security groups, Inbound traffic from the public ip address should be enabled
  2. Verify the NACLs are properly configured to allow ssh access from the ip to the EC2 instance. For NACLs, Inbound traffic from the public ip address should be enabled as well as the Outbound traffic for the response should be enabled
  3. Verify you are using the private key file that corresponds to the key pair that you selected when you launched the instance
  4. Verify you are connecting with the appropriate user name for your AMI.
  5. Mind the user names used to connect to the EC2 instance are different depending upon the AMI (which also determines the OS for the Instance)
    Private User key file is not recognized by the Server

Exam Scenario Question

  1. You try to connect via SSH to a newly created Amazon EC2 instance and get one of the following error messages: “Network error: Connection timed out” or “Error connecting to instance], reason: -> Connection timed out: connect,” You have confirmed that the network and security group rules are configured correctly and the instance is passing status checks. What steps should you take to identify the source of the behavior? Choose 2 answers
    • Verify that the private key file corresponds to the Amazon EC2 key pair assigned at launch.
    • Verify that your IAM user policy has permission to launch Amazon EC2 instances.
    • Verify that you are connecting with the appropriate user name for your AMI.
    • Verify that the Amazon EC2 Instance was launched with the proper IAM role.
    • Verify that your federation trust to AWS has been established.

References

EC2 User Guide