Troubleshooting AWS Cloud9: What to do if Cloud9 Cannot Resolve Hostnames

If you’re using AWS Cloud9 and find that it cannot resolve the hostname of your running EC2 instance, you’re not alone. This is a common issue that many developers face. In this article, we’ll walk you through a systematic approach to troubleshoot and resolve this problem. For a broader set of frequently asked questions related to Cloud9, you might want to visit our AWS Cloud9 Questions article.

1. Private DNS Hostname

By default, EC2 instances in a VPC are assigned both a private IP address and a private DNS hostname. Ensure you’re using the correct private DNS hostname.

2. Security Groups

Security groups act as virtual firewalls for your instances to control inbound and outbound traffic. If your Cloud9 environment cannot resolve the hostname of your EC2 instance, the security group rules might be a contributing factor. Here’s how to ensure your security group settings are correctly configured:

2.1. Verify Outbound Rules

  • Navigate to the EC2 Dashboard in the AWS Management Console.
  • In the left navigation pane, click on “Security Groups.”
  • Find and select the security group associated with your Cloud9 environment.
  • In the bottom pane, click on the “Outbound rules” tab.
  • Ensure there’s a rule that allows outbound traffic on port 53 for both TCP and UDP. This is essential for DNS resolution.

If there isn’t a rule allowing this:

  • Click on “Edit outbound rules.”
  • Add a new rule with the following settings:
    • Type: Custom UDP Rule
    • Protocol: UDP
    • Port Range: 53
    • Destination: (or restrict it to your VPC’s CIDR block if you want to limit it to internal VPC traffic)

Repeat the above steps for a TCP rule.

2.2. Verify Inbound Rules

While typically not required for DNS resolution, it’s a good practice to ensure that there aren’t any restrictive inbound rules that might be causing unintended issues:

  • In the same “Security Groups” section, click on the “Inbound rules” tab for your Cloud9 environment’s security group.
  • Check if there are any rules that might be blocking responses from DNS servers. If you’re unsure, you can temporarily allow all inbound traffic to see if it resolves the issue, but remember to revert this change later for security reasons.

2.3. Check Associated Security Groups

If your EC2 instance and Cloud9 environment are associated with different security groups, ensure that both security groups have the appropriate rules set up to allow traffic between the two resources.

2.4. Default Security Group

If you haven’t explicitly assigned a security group to your Cloud9 environment or EC2 instance, they might be using the default security group of the VPC. Ensure that this default security group has the appropriate rules set up for DNS resolution.

3. VPC Peering

Virtual Private Cloud (VPC) peering allows you to connect two VPCs privately, making them function as if they were in the same network. If your Cloud9 environment and the EC2 instance are in different VPCs, you’ll need to ensure proper VPC peering configurations. Establishing a VPC peering connection can be a bit involved, but it’s crucial for seamless communication between resources in different VPCs.

For a detailed, step-by-step guide on setting up VPC peering specifically for AWS Cloud9 and EC2, you can refer to our article: Setting Up VPC Peering for AWS Cloud9 and EC2. This guide will walk you through the entire process, from checking existing peering connections to ensuring DNS resolution across the peered VPCs.

Remember, even after setting up VPC peering, other factors like security group rules and network ACLs can still affect connectivity. Ensure that all configurations align with your desired network communication patterns.

4. DNS Resolution and DNS Hostnames

In the VPC settings:

  • Ensure that “DNS resolution” is enabled.
  • Ensure that “DNS hostnames” are enabled. If these are disabled, the private DNS hostnames of EC2 instances won’t resolve.

5. Network ACLs

Check the Network ACLs associated with your Cloud9 and EC2 subnets. Ensure they aren’t blocking outbound or inbound traffic related to DNS resolution.

6. Same VPC and Region

Ensure that both the Cloud9 environment and the EC2 instance are in the same AWS region and VPC. If they’re in different regions, the private DNS hostname of the EC2 instance won’t be resolvable from the Cloud9 environment.

7. Test DNS Resolution

Use tools like dignslookup, or host to test DNS resolution from within your Cloud9 environment:

dig instance-private-dns-name

8. Custom DNS

If you’ve set up custom DNS settings or a custom DHCP options set in your VPC, ensure it’s correctly configured.

9. Instance Metadata

You can retrieve the private DNS hostname of your EC2 instance from its metadata:


10. Hostname Typo

Double-check the hostname you’re trying to resolve to ensure it doesn’t contain any typos.

By following these steps, you should be able to identify and resolve the issue preventing AWS Cloud9 from recognizing the hostname of your EC2 instance. If you’re also looking to set up Java in your Cloud9 environment, our AWS Cloud9 Java Setup Guide can be a valuable resource. If the problem persists, don’t hesitate to reach out to AWS Support for further assistance. Happy cloud-native coding!