Troubleshooting — Amazon Web Services

If the appliance is deployed but isn't behaving as expected, work through the issues below. If it boots but never connects — or the tunnel drops right after it establishes — the cause is usually firewall L7/TLS inspection or NAC, not this platform: see Connectivity Troubleshooting.

The shared AMI doesn't appear in my console

Check that you are in the correct AWS region — the AMI is only visible in the region it was shared into. In the EC2 console navigate to AMIs, set the first filter to Private images, and confirm the region selector (top-right) matches what your engagement lead specified. If it still doesn't appear, ask your engagement lead to verify the share was applied to your exact AWS account ID.

Instance launch fails with 'Unsupported configuration: UEFI boot mode'

The selected instance type does not support UEFI. Choose a Nitro-based instance type (t3, m5, c5, r5, m6i, c6i, or similar). Xen-based families (t2, m4, c3, c4, r3) are not supported.

The instance starts but never activates / boot console is blank

First use Actions → Monitor and troubleshoot → Get instance screenshot in the EC2 console to see what the VM console is showing. On a healthy generic image you should see the Appliance Registration screen with an activation code — give that code to your engagement lead. If the screenshot is blank, the instance is likely using a Xen-based type — see above. If you see a kernel panic or cloud-init errors, capture the output and share it with your engagement lead.

I can't SSH to the instance

The instance has no public IP and no inbound rules — this is intentional. SSH from a host inside the same VPC (e.g. a bastion or VPN endpoint) using the instance's private IP. Use ssh swag@<private-ip> with the key pair specified at launch.