Scribd
Upload
28 views6 pages

AWS Networking Troubleshooting With Linux Commands

This document is a comprehensive guide for troubleshooting AWS networking issues using Linux commands. It covers various topics including basic connectivity checks, DNS resolution, open ports, security groups, network routes, firewalls, HTTP/HTTPS connectivity, PrivateLink, VPC peering, and AWS Load Balancer connectivity. The guide emphasizes the importance of these commands for DevOps Engineers to efficiently diagnose and resolve connectivity problems in cloud environments.

Uploaded by

Hugo Sanchez
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
28 views6 pages

AWS Networking Troubleshooting With Linux Commands

This document is a comprehensive guide for troubleshooting AWS networking issues using Linux commands. It covers various topics including basic connectivity checks, DNS resolution, open ports, security groups, network routes, firewalls, HTTP/HTTPS connectivity, PrivateLink, VPC peering, and AWS Load Balancer connectivity. The guide emphasizes the importance of these commands for DevOps Engineers to efficiently diagnose and resolve connectivity problems in cloud environments.

Uploaded by

Hugo Sanchez
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

AWS Networking Troubleshooting with Linux Commands

Introduction

In the world of AWS cloud computing, networking issues can lead to downtime, performance degradation, and security
vulnerabilities.
As a DevOps Engineer, understanding how to diagnose and resolve network problems is crucial.
This book provides a comprehensive guide to troubleshooting AWS networking using Linux commands,
helping you resolve connectivity issues efficiently.

Chapter 1: Basic Connectivity Checks

1.1 Ping: Check if a Host is Reachable

The ping command is used to test connectivity to a remote host by sending ICMP echo requests.

ping <hostname-or-IP>

Example:

ping [Link]

If ping fails, potential issues include firewall restrictions, security groups, DNS issues, or network failures.

1.2 Traceroute: Identify Network Path

The traceroute command helps track the path packets take to a destination.

traceroute <hostname-or-IP>

For AWS EC2 instances, TCP-based traceroute is often required:

traceroute -T [Link]

1.3 MTR: Continuous Network Monitoring

mtr combines ping and traceroute for real-time network analysis.


mtr <hostname-or-IP>

Chapter 2: DNS Resolution Checks

2.1 nslookup: Check DNS Resolution

The nslookup command verifies if a domain name resolves correctly.

nslookup <hostname>

Example:

nslookup [Link]

2.2 dig: Detailed DNS Lookup

The dig command provides more detailed information, including different DNS record types.

dig <hostname>

Example:

dig [Link] MX # Check mail records

2.3 Check AWS EC2 Internal DNS Resolution

AWS EC2 instances use private DNS within a VPC. To verify:

dig +short [Link]

Chapter 3: Checking Open Ports & Security Groups

3.1 Telnet: Test Port Connectivity

Use telnet to check if a service is running on a specific port.

telnet <hostname-or-IP> <port>


Example:

telnet [Link] 22

3.2 Netcat (nc): Test Open Ports

nc is a faster alternative to telnet for checking port connectivity.

nc -zv <hostname-or-IP> <port>

Example:

nc -zv [Link] 443

3.3 Nmap: Scan Open Ports

Nmap helps find which services are accessible on a server.

nmap -p <port> <hostname>

Example:

nmap -p 22 [Link]

3.4 Check AWS Security Groups

AWS Security Groups may block incoming or outgoing traffic.

aws ec2 describe-security-groups --region <region>

3.5 Check AWS Network ACLs (NACLs)

Network ACLs can block traffic at the subnet level.

aws ec2 describe-network-acls --region <region>

Chapter 4: Checking Network Routes & VPC Connectivity

4.1 Check AWS VPC Routing Table


aws ec2 describe-route-tables --region <region>

4.2 Check AWS EC2 Instance Private/Public IPs

curl [Link] # Private IP


curl [Link] # Public IP

4.3 Check Default Routes

ip route show

4.4 List Active Connections

netstat -tulnp
ss -tulnp # Faster alternative to netstat

Chapter 5: Checking Firewalls & AWS Security Policies

5.1 Check Local Firewall Rules

sudo ufw status


sudo iptables -L -n -v

5.2 Check AWS Security Group Rules

aws ec2 describe-security-groups --filters "Name=group-name,Values=<security-group-name>"

5.3 Check AWS Network ACLs

aws ec2 describe-network-acls --filters "Name=vpc-id,Values=<vpc-id>"

Chapter 6: Testing HTTP/HTTPS Connectivity

6.1 Check if a Website is Reachable

curl -I [Link]

6.2 Test AWS S3 Connectivity


curl -I [Link]

6.3 Check if a Proxy is Used

env | grep -i proxy

6.4 Check Route to AWS Services

traceroute [Link]

Chapter 7: Checking Private Link & VPC Peering Issues

7.1 Verify AWS PrivateLink Connection

nc -zv <vpc-endpoint-dns> 443

7.2 Check VPC Peering Status

aws ec2 describe-vpc-peering-connections --region <region>

7.3 Check AWS VPC Endpoint DNS Resolution

dig +short <service-name>.<region>.[Link]

Chapter 8: Checking AWS Load Balancer Connectivity

8.1 Test AWS Load Balancer Reachability

curl -I [Link]

8.2 List AWS ELBs

aws elb describe-load-balancers --region <region>

8.3 Check ALB/NLB Listener Rules

aws elbv2 describe-listeners --region <region> --load-balancer-arn <alb-arn>


Conclusion

Mastering these AWS networking troubleshooting commands will empower you to quickly diagnose and resolve
connectivity issues in cloud environments.
Whether you're debugging VPC peering, security groups, routing tables, or DNS failures, these commands will be your
go-to toolkit.

You might also like