Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

ec2 private subnet can't reach 169.254.169.254 when os is windows server 2019

Tags:

amazon-web-services

amazon-ec2

i've got multiple ec2 instances running in a private subnet (only traffic within the vpc is allowed). some of those instances are custom OS, some of those instances run AWS windows server 2012 ami, and some run AWS windows server 2019 ami.

on all machines, except the windows server 2019 - i can retrieve the meta data of the instance by calling "http://169.254.169.254/latest/meta-data". on windows server 2019 - it fails. firewall is down, same route table for all machines, and mostly the only diff between them is that the working instances run EC2Config, and the windows server 2019 run EC2Launch (of course, the OSes are different too).

any idea what can cause this behavior?

thanks!!

like image 468
drizzt13 Avatar asked Jan 23 '26 06:01

drizzt13

1 Answers

This recently happened to the Windows Server 2019 machine that I have on AWS. From my limited understanding, there were faulty rules in the routing tables as shown by ROUTE PRINT which for me had the following lines:

Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      172.31.48.1    172.31.51.191     15
  169.254.169.254  255.255.255.255       172.31.0.1    172.31.51.191     30 **FAULTY**
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
  169.254.169.254  255.255.255.255       172.31.0.1      15 **FAULTY**

This means all traffic is routed thru the correct 172.31.48.1 gateway EXCEPT for 169.254.169.254 which gets routed to a black hole. So, a remedy is needed to override the faulty routes. One suggestion is to create a new routing rule for 169.254.169.254, for example (N.B. you need an administrator elevated Command Prompt to run this command):

ROUTE ADD 169.254.169.254 mask 255.255.255.255 172.31.48.1 METRIC 10

Setting the metric to 10 means this new route will have a stronger priority over the faulty routes (which had weaker priority metrics 15 and 30).

C:\Windows\system32>route add 169.254.169.254 mask 255.255.255.255 172.31.48.1 metric 10
 OK!
C:\Windows\system32\route print
...
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      172.31.48.1    172.31.51.191     15
  169.254.169.254  255.255.255.255      172.31.48.1    172.31.51.191     10 **NEW**
  169.254.169.254  255.255.255.255       172.31.0.1    172.31.51.191     30 **FAULTY**
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
  169.254.169.254  255.255.255.255       172.31.0.1      15 **FAULTY**
...
like image 85
Stephen Quan Avatar answered Jan 25 '26 14:01

Stephen Quan
Sign in to Comment

Related questions

Amazon Pinpoint vs SNS vs ADM
Does AWS Lambda use S3 during invocation or only during deployment?
AWS - Load Balanced Instances & Cron Jobs
AWS DynamoDb Transactions in C#
Single Quotes Converting to Special Characters using AWS CLI
Can't access my elasticsearch through public IP in EC2 instance
aws ApiGateway deploy to specific stage
Create s3 bucket policy for multiple existing s3 bucket using terraform
Not getting input in scheduled event
Is it possible to install Apache superset on a ECS container
How to play an audio file from S3 Bucket on AWS Lambda function using Node.js?
How to properly delete with AWS CDK
in SQS - Does a change in visibility timeout affects In-flight messages
XSD validation clarification for Amazon MWS product feed
Grafana - Configure Custom Metrics from Cloudwatch

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!