25 Reasons Why You Can’t Connect Your App on AWS

In the ever-evolving landscape of cloud computing, ensuring seamless network connectivity is crucial for the smooth operation of applications. This guide walks through a step-by-step approach to troubleshoot connectivity issues in AWS, from checking network connections to investigating code-related problems. Let’s dive into the details.

1. Verify Network Connection

The first step in troubleshooting is to check the network connection. Use the AWS Reachability Analyzer to verify if the Elastic Network Interface (ENI) has a successful connection to the Internet Gateway (IGW).

2. DNS Resolution

For new applications, it’s possible that external users’ DNS cache hasn’t resolved the new domain. Ensure the DNS configuration is correct.

nslookup app.example.com

3. Flush Browser DNS Cache

Even if the DNS settings are correct, external users’ browser DNS cache (DNS over HTTPS) might need to be flushed.

4. Trace Traffic with PingPlotter

If DNS is not the issue, install PingPlotter on the external user’s OS to trace the traffic using ICMP. Ensure there is an ICMP allow rule in the Security Group (SG).

5. DO NOT USE SLIM CONTAINERS

Just use the regular ones instead on development. Dependency of libs is an ocean, just use the regular ones and skip to next step.

6. Load Balancer Health Checks

Focus on Load Balancer health checks.

Misconfigured network policies can block traffic. The type of Load Balancer is also crucial. If you have Authentication errors just use ALB with sticknes option:

• Select this -> ALB (Application Load Balancer): With stickiness enabled, it can handle authentication and always send the same user to the same instance using cookies.

• Escape This -> NLB (Network Load Balancer): Does not support stickiness in the same way as ALB.

7. Error Codes

Obtaining error codes can provide significant insights into the issue.

8. WAF Rules and Logs

Check the Web Application Firewall (WAF) rules and logs for any blocked traffic.

9. Route 53 Geolocation Rules

Although unlikely, Route 53 Geolocation rules might route external users to different regions. Verify these settings.

10. Subnet Router Configuration

Ensure that the subnet router is correctly configured, as misconfigurations can prevent traffic from reaching the external network.

11. NAT Gateway

if you have NAT Gateway try to disable it

12. Spot Instance Availability

If the project is using spot instances, be aware that Amazon can terminate these instances with just a 2-minute notice if they are no longer available. Check if the instance is still running.

13. Architecture Diagrams

Review architecture diagrams to identify potential bottlenecks and ensure all components are correctly integrated.

14. AWS API Gateway Deployment

For applications using AWS API Gateway, ensure that the API has been deployed to the stage after creating resources. Missing deployment is a common oversight.

15. API Gateway Authorizers and Headers

Verify that the Authorizers configurations and accepted header keys are correctly set in API Gateway.

16. API Gateway Cache

If API Gateway is used, ensure the cache Time-To-Live (TTL) is appropriately set. Flush the cache if necessary.

17. Private Subnet Access to Secrets Manager

For applications in a private subnet requiring access to AWS Secrets Manager:

• Ensure there’s an interface endpoint for Secrets Manager within the subnet.

• Enable DNS resolution for the subnet.

18. IAM Role Policies for Secrets Manager

Check that instances have the correct IAM role policies to access Secrets Manager.

19. Secrets Manager Regional Configuration

Ensure the secret is defined in the correct region, as Secrets Manager is a regional service.

20. Lambda Function for Secrets Rotation

If using automatic rotation for secrets via a Lambda function, check the function and its logs for any issues.

21. RDS Security Group Rules

When connecting to an RDS instance, ensure the Security Group rules allow traffic from the EC2 instances. By default, a new SG for an RDS cluster might only allow traffic from the current user’s IP.

22. API Gateway Timeout

For REST APIs using API Gateway, the response time limit is 30 seconds. If the response exceeds this limit, consider switching to WebSocket for longer connections.

23. Developer Collaboration

If the issue persists, collaborate with the developer team:

• Request simple code changes, like printing a “Hello World” log, to check if the application restarts correctly and logs are visible.
• If “Hello World” is visible, the problem likely lies in the code. Arrange a debugging session with the developers to trace and resolve the issue.

24. API-GW CORS

always add this

Access-Control-Allow-Origin

25. Lambda CORS

Do this (only in development)

return {
      statusCode: 200,
      headers: {
        "Content-Type": "application/json",
        "Access-Control-Allow-Origin": event.headers.origin
      },
      body: JSON.stringify({ data: busData || {} })
    };

Conclusion

Troubleshooting network connectivity in AWS requires a systematic approach, covering everything from network configurations and DNS settings to Load Balancer health checks and code issues. By following these steps, you can identify and resolve connectivity problems efficiently, ensuring your applications run smoothly in the cloud.