AWS EC2 Instance - ssh "Connection timed out" suspecting iptables

Question

I am new to firewalls. I was playing with iptables on ec2 instance earlier today but now I am unable to connect via ssh - "Connection timed out". The console shows the instance is running and the ssh keys are good, ping is successful. So my conclusion is that I might have disabled/disallowed the ssh port connections while playing with the iptables.

Is there a way to undo the changes without going for a complete re-install ?

Note: I don't have access to shell since I cannot ssh

Answer 1

A simple reboot from the AWS console should do. Hopefully you didn't enable the iptables service in the instance so that it starts at boot up.

If you enabled the iptables services you are going to have to create another instance, instance B (hopefully you are using EBS instances). Also assuming your original instance is instance A:

1. Detach the root EBS volume from instance A
2. Attach that EBS volume to instance B as say /dev/xvdf
3. On instance B run: mkdir -p /mnt/xvdf; mount /dev/xvdf /mnt/xvdf
4. Repair your volume mounted on /mnt/xvdf on instance B
5. Unmount volume from instance B : umount /mnt/xvdf
6. Attach volume back to instance A as root.
7. Restart instance A

If you are using instance-store types of instances you are out of luck.

Answer 2

If you did in fact hose your firewall settings, you could try this:

Stop the instance. Start another instance and attach the volume from the original instance to the new instance. Mount the volume, fix iptables in the mounted volume. Then detach and reattach the volume to the original instance (e.g. as /dev/sda1) and restart your original instance.

Or maybe you made an AMI out of an instance earlier, then launched a new instance from the AMI using a new key, but the new key isn't working? try the key embedded in the original instance when you putty in, that older key may still work.