Chatwithcloud logo


AWS GenAI Tools

Troubleshooting Why I Can't Connect To My EC2 Instance By SSH

In this article, we'll explore how to debug and troubleshoot connection issues with EC2 instances using a specific piece of JavaScript (JS) code. This code uses AWS SDK to automate checks on your AWS EC2 instances to identify why SSH connection might be failing.


The following is a formatted JavaScript code snippet:

const AWS = require('aws-sdk'); AWS.config.update({region: 'REGION'}); // Create EC2 service object let ec2 = new AWS.EC2({apiVersion: 'latest'}); async function findFaultyInstances() { try { let data = await ec2.describeInstances({}).promise(); for (let reservation of data.Reservations) { for (let instance of reservation.Instances) { console.log("Check instance: ", instance.InstanceId); if (instance.State.Name !== 'running') { console.log(`Instance ${instance.InstanceId} is not running`); } } } } catch (err) { console.error(err); } } findFaultyInstances();

Detailed Code Explanation

This code employs the AWS SDK for JavaScript to check the state of your EC2 instances. The script sets the AWS region, creates an EC2 service object, and then calls the describeInstances method.

If an EC2 instance isn't running, the script logs that instance's ID to the console. If an error is encountered, it is console logged.

What's the expected output format

The output will be string messages logged to the console with the instance ID of either a running or non-running instance. Here is a sample format:

"Check instance: i-01234567890abcdef" "Instance i-01234567890abcdef is not running"

Considerations & Caveats

  1. The script only checks if the instance state is 'running'. Other grounds of SSH connectivity issues like security group settings, network ACLs, or instance's Public/Private IP are not covered.
  2. The script does not perform any actions. If an instance is found not running, you'll need to manually start it or script that action.
  3. Region is hardcoded as 'REGION'. It should be replaced with the actual AWS region of your instances.

Required IAM permissions and example policy

To run the script, you require an IAM user with permissions to ec2:DescribeInstances. Below is a sample policy:

{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": "ec2:DescribeInstances", "Resource": "*" } ] }

Ensure to attach this policy to the IAM user executing the script.


  1. Q: Why is my script not finding my EC2 instances?

    A: Ensure the IAM user executing the script has the appropriate ec2:DescribeInstances IAM permission.

  2. Q: Why does the script say my instances are not running even though they are?

    A: Check the AWS region configured in the script. It needs to match the region where your instances are running.

  3. Q: Are stopped or terminated AWS instances causing my SSH issues?

    A: It depends on the instance's intended state and its roles. If you expect it to be running but it's not, it could be why you're having SSH connectivity problems.

  4. Q: Can the script fix my instances if they aren't running?

    A: This script only identifies if your instances are not running. It does not perform any actions to modify the state of the instances.

Related articles
Monitor and Notify When Approaching Service LimitsGet Current IAM Identity TypeScriptCalculate the Size of Each S3 Bucket and Find the One with the Most Data