Optional Steps

Task 1: Troubleshooting connectivity between the private instance and the public instance

In this optional task, you use the Internet Control Message Protocol (ICMP) to validate a private instance’s network reachability from the public instance.

 Note: This task is optional and is provided in case you have lab time remaining. You can complete this task or skip to the end of the lab.

134. Return to the AWS Management Console browser tab.
135. In the left navigation pane, choose Instances.
136. Select  Private Instance.
137. On the Details tab, copy the value of Private IPv4 addresses to your clipboard.

 Note: To copy the private IPv4 address, hover over it and choose the copy  icon.

138. Unselect  Private Instance.
139. Select  Public Instance.
140. Choose Connect.

The Connect to instance page is displayed.

141. Choose the Session Manager tab.
142. Choose Connect.

A new browser tab or window opens with a connection to the Public Instance.

First, use a curl command to retrieve a header file and confirm is the web app hosted on the private instance is reachable from the public instance.

143.  Command: Copy the following command to your notepad. Replace PRIVATE_IP with the value of the Private IPv4 address for the Private Instance:

curl PRIVATE_IP

 Expected output:

<html><body><h1>It works!</h1></body></html>

144.  Command: Copy the following command to your notepad. Replace PRIVATE_IP with the value of the Private IPv4 address for the Private Instance:

ping PRIVATE_IP

145.  Command: Copy and paste the updated command in your terminal and press Enter.

 This is a sample command only. Do not use the following command.

ping 10.0.2.131

146. After a few seconds, stop the ICMP ping request by pressing CTRL+C.

The ping request to the private instance fails. Your challenge is to use the console and figure out the correct inbound rule required in the Private SG to be able to successfully ping the private instance.

If you have trouble completing the optional task, refer to the Optional Task Solution section at the end of the lab.

---

Task 2: Retrieving instance metadata

In this optional task, you run instance metadata commands on AWS CLI using a tool such as cURL. Instance metadata is available from your running Amazon EC2 instance. This can be helpful when you write scripts to run from your Amazon EC2 instance.

 Note: This task is optional and is provided in case you have lab time remaining. You can complete this task or skip to the end of the lab .

147. Return to the browser tab with the AWS Management Console open.

148. In the left navigation pane, choose Instances.

149. Select  Public Instance.

150. Choose Connect.

The Connect to instance page is displayed.

151. Choose the Session Manager tab.
152. Choose Connect.

A new browser tab or window opens with a connection to the Public Instance.

153.  Command: To view all categories of instance metadata from within a running instance, run the following command:

TOKEN=`curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600"` \
&& curl -H "X-aws-ec2-metadata-token: $TOKEN" -v http://169.254.169.254/latest/meta-data/

154.  Command: Run the following command to retrieve the public-hostname (one of the top-level metadata items that were obtained in the preceding command):

curl -H "X-aws-ec2-metadata-token: $TOKEN" -v http://169.254.169.254/latest/meta-data/public-hostname

 Note: The IP address 169.254.169.254 is a link-local address and is valid only from the instance.

You have successfully learned how to retrieve instance metadata from your running Amazon EC2 instance.