Unable to ssh into AWS instance

Good day,

I am unable to ssh into AWS instance. I have searched the forum for the problem, but did not see any related posts. I am new to AWS.

I am running q2cli version 2019.1.0 in the newest version of Virtualbox (5.2.28) installed on 2019-05-07.

I followed instructions for installing QIIME2 using Amazon Web Services and was able to find the correct community AMI (ami-067dda7811453b303). I selected the existing security group and proceeded without a keypair.

From within my VM, I typed the following command:
ssh [email protected]
(which was the public IP of the AWS instance - in the meantime I have terminated the instance after unsuccessful ssh attempts).

I received the following error message:
ssh: connect to host port 22: Connection timed out

I tried to rerun the ssh command with --verbose flag, but then I get an “unknown option” error.

Could you please assist me?

I also tried using putty, but still unsuccessfully so.

Hi @Bianca_Peterson! I think this is because we are no longer able to distribute EC2-Classic AMI images, instead, these are “EC2-VPC” images, which means you have to use an AWS VPC for networking. Sounds like AWS will create a VPC for you by default (at least in some cases), but otherwise, they have a migration guide here: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-migrate.html

An alternative is to rent cloud resources from another service (like Digital Ocean, or Azure), and follow the conda-based QIIME 2 installation instructions there. Sorry, none of these options sound particularly appetizing, but I think our hands might be tied here.

Thanks @thermokarst! I will see what I can figure out and report back in case someone else wants to try this.


Hi @thermokarst, I managed to figure it out. You need to choose “Create a new security group” in stead of “Use an existing security group”. I checked the QIIME2 AWS installation instructions to make sure I didn’t miss it previously, but this is not in the instructions. Might be worth adding a line in there. Thanks for your previous suggestions though!


Hi @Bianca_Peterson, thanks for following up!

This isn't quite right, you can use an existing security group, or create a new one (I use both options rather frequently). What matters is that the necessary port 22 is open (as specified in the security group's settings).

There is a tiny note about that in the docs:

We could certainly expand on the highlighted text above to make this more clear, though. Thanks for bearing with us!


Hi @thermokarst, I made sure that port 22 was open, but when I use an existing security group, it doesn’t seem to work. I am new to AWS, so maybe I missed something else? Anyway, just wanted to let you (and others that may want to try AWS) know the AMI was working. Again, thanks for your quick responses! :v: