EC2 Bad Config Diagnostic Troubleshooter (Part 1)
Use the interactive troubleshooter below to identify your EC2 bad configuration symptom, review the raw evidence, understand the root cause, and apply the recommended fix.
🚨 Step 1: What specific error symptom are you experiencing?
Please click the most accurate description:
Quick Reference Table
| # | Scenario | Key Error Signal | Root Cause | The Fix |
|---|---|---|---|---|
| 1 | JSON — spot-fleet-request resource-level permissions | "Resource": "arn:aws:ec2:us-east-1:111122223333:spot-fleet-request/*" | We currently do not support resource-level permissions for the spot-fleet-request resource. If you specify spot-fleet-request as a resource, you will get an unauthorized exception when you try to tag the fleet. | Change "Resource" to "*" |
| 2 | INI/conf — Old TLS versions supported | #SSLProtocol all -SSLv3 | Old TLS versions are supported. The configuration supports TLS 1.0 (already deprecated) and TLS 1.1 (on a path to deprecation). Only TLS 1.2 has been recommended since 2018. | SSLProtocol -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 +TLSv1.2 |
| 3 | INI/conf — RC4 cipher supported | #SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 | The RC4 cipher is supported for use by certain older browsers. RC4 is known to have several serious weaknesses. Unless you have very good reasons to support legacy browsers, you should disable this. | Replace with ECDHE cipher suite |
| 4 | INI/conf — SSLCertificateKeyFile self-signed dummy certificate | SSLCertificateKeyFile /etc/pki/tls/private/localhost.key | The self-signed dummy certificate also contains the key. If you do not comment out this line before you complete the next step, the Apache service fails to start. | N/A |