I have spun up an Amazon EC2 instance, and I'm trying to connect to it via SSH from a Mac.
$ ls | grep 'pem'
AWSKeyPair1.pem
$ ssh -vvv -i AWSKeyPair1.pem ec2-user@54.210.10.190
OpenSSH_6.2p2, OpenSSL 0.9.8zf 19 Mar 2015
debug1: Reading configuration data /Users/jackjack/.ssh/config
debug1: /Users/jackjack/.ssh/config line 1: Applying options for *
debug1: Reading configuration data /usr/local/etc/ssh_config
debug1: /usr/local/etc/ssh_config line 20: Applying options for *
debug1: /usr/local/etc/ssh_config line 102: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 54.210.10.190 [54.210.10.190] port 22.
debug1: connect to address 54.210.10.190 port 22: Operation timed out
ssh: connect to host 54.210.10.190 port 22: Operation timed out
According to this troubleshooting guide, I should check my security rules. I've confirmed that all my Security Groups allow all traffic to and from any source ("0.0.0.0/0").
I don't understand the second and third points in that guide, though. None of the options on the EC2 dashboard mention VPC or ACL – how do I check those settings?
What's more, the instance doesn't even respond to ping:
$ ping 54.210.10.190
PING 54.210.10.190 (54.210.10.190): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2
Request timeout for icmp_seq 3
Request timeout for icmp_seq 4
Request timeout for icmp_seq 5
Request timeout for icmp_seq 6
Request timeout for icmp_seq 7
Request timeout for icmp_seq 8
...
I've already tried shutting down the instance and starting a new one – same result.
EDIT: Added System Log – http://cryptb.in/lFDJTHdo4W
Best Answer
Working from the bottom up, layer three would be VPC subnets and routing along with your own local routing. For routing in a VPC, check your subnet routing tables. For an instance to be routable by a public IP address, the instance needs to route to the VPC Internet Gateway which will maintain a 1:1 mapping of the public IP address and the internal private IP address for traffic going and traffic going out of the VPC.
For layer 4 (transport) issues there may be a problem with your security group inbound rules, the VPC Subnet ACL, and lastly local firewalls. Another possibility is an intermediary carrier is dropping ICMP as they apt to do from time-to-time for QoS reasons.
Working from the inside out, if you can ping other sites such as www.google.com and get a response, it's unlikely your network is the problem. If you can't ping www.google.com at all, then the problem is probably very close to you. If you can ping www.google.com, check your security group rules allow ICMP, check VPC Subnet permits ICMP, and also double-check your instance firewall as it's possible you're dropping the ICMP packets with IPTables (or something similar).
That you can SSH is a good sign, because at least we know you can route to your instance.