I have an AWS instance that was being used by people via port 443(A web app).
It suddenly stopped accepting connections. As usual, I checked my services by logging into it through SSH. All of them are running as expected. Nginx & few Node.js processes. Using localhost IP I am able to connect to them.

However, from outside, only SSH port is accessible. Port 443 is not accepting connections. As usual, I checked Security Group & it has 443 access from anywhere. To check if my machine is accessible from internet(already confirmed by SSH access), I opened port 90 in SG & ran a small Node.js server on same port. From outside, I am able to connect to this server on port 90(via telnet & curl).

I climbed up & learnt about NACLs could override SG rules. I checked there & saw 4 rules.

1. Accept all traffic
2. Accept traffic on SSH
3. Accept traffic on SSL
4. Deny all traffic

To confirm its effectiveness, I removed “Accept all traffic” from NACLs. This time, as expected, I am not able to connect to port 90, even though it is allowed by SG. With this I confirmed that NACLs is in effect. But, still no answer to why port 80 & 443 are not accessible. I restored the “Allow all traffic” rule.

To confirm if the issue not in the instance(so that I do not have to investigate anything runs on the instance), I launched an another instance in the same VPC & Subnet. This time, I created an another SG. Here also, again, the same behaviour. Port 22 & 90 are accessible. But, not port 80 & 443.

I checked the IGW of my VPC. It is attached & working. Also, when this issue appeared, the system was running(accessible from public) for many hours/days without any configuration change at AWS level.

I am facing this problem second time since last week. Last time, I attempted to create an image of the instance, created a new SG & the problem went away. Tried the same this time & the issue persists.

Anyone faced this problem? Any pointers?

Thank you!