Troubleshooting AWS Ground Station Contact - AWS Ground Station

Troubleshooting AWS Ground Station Contact

If you are unable to successfully complete an AWS Ground Station contact, you will need to verify that your Amazon EC2 instance is running, verify that Data Defender is running, and verify that your Data Defender stream is configured properly.


The following procedures assume that an Amazon EC2 instance is already set up. To set up an Amazon EC2 instance in AWS Ground Station, see Getting Started.

Step 1: Verify that Your EC2 Instance is Running

  1. Locate the Amazon EC2 instance that was used for the contact you are troubleshooting. Use the following steps:

    1. In your CloudFormation dashboard, select the stack that contains your Amazon EC2 instance.

    2. Choose the Resources tab and locate your Amazon EC2 instance in the Logical ID column. Verify that the instance is created in the Status column.

    3. In the Physical ID column, choose the link for your Amazon EC2 instance. This will take you to the Amazon EC2 management console.

  2. In the Amazon EC2 management console, ensure that your Amazon EC2 Instance State is running.

  3. If your instance is running, continue to the next step. If your instance is not running, start the instance by using the following step:

    1. With your Amazon EC2 instance selected, choose Actions > Instance State > Start.

Step 2: Verify that Data Defender is Running

Verifying the status of Data Defender requires you to connect to your instance in Amazon EC2. For more details on connecting to your instance, see Connect to Your Linux Instance.

The following procedure provides troubleshooting steps using commands in an SSH client.

  1. Open a terminal or command prompt and connect to your Amazon EC2 instance by using SSH. Forward port 80 of the remote host in order to view the Data Defender web UI. The following commands demonstrate how to use SSH to connect to an Amazon EC2 instance through a bastion with port forwarding enabled.


    You must replace <SSH KEY>, <BASTION HOST>, and <HOST> with your specific ssh key, bastion host name, and Amazon EC2 instance host name.

    For Windows

    ssh -L 8080:localhost:80 -o ProxyCommand="C:\Windows\System32\OpenSSH\ssh.exe -o \"ForwardAgent yes\" -W %h:%p -i \"C:\path\to\my.pem\" ec2-user@<BASTION_HOST>" -i "C:\path\to\my.pem" ec2-user@<RECEIVER_INSTANCE>

    For Mac

    ssh -L 8080:localhost:80 -o ProxyCommand="ssh -A -o 'ForwardAgent yes' -W %h:%p -i <SSH KEY> ec2-user@<BASTION HOST>" -i <SSH KEY> ec2-user@<HOST>
  2. Verify that Data Defender (also called DDX) is running by grepping (checking) for a running process named ddx in the output. The command for grepping (checking) for a running process and a successful example output is provided below.

    [ec2-user@Receiver-Instance ~]$ ps –ef | grep ddx Rtlogic 4977 1 10 Oct16 ? 2-00:22:14 /opt/rtlogic/ddx/bin/ddx –m/opt/rtlogic/ddx/modules –p/opt/rtlogic/ddx/plugins –c/opt/rtlogic/ddx/bin/ddx.xml –umask=077 –daemon –f installed=true –f security=true –f enable HttpsForwarding=true Ec2-user 18787 18657 0 16:51 pts/0 00:00:00 grep –color=auto ddx

    If Data Defender is running, skip to Step 3: Verify that Your Data Defender Stream is Configured Otherwise, continue to the next step.

  3. Start Data Defender using the command show below.

    sudo service rtlogic-ddx start

    If Data Defender is running after using the command, skip to Step 3: Verify that Your Data Defender Stream is Configured Otherwise, continue to the next step.

  4. Inspect the following files using the commands below to see if there were any errors while installing and configuring Data Defender.

    cat /var/log/user-data/log cat /opt/aws/groundstation/.startup.out

    A common issue discovered when inspecting these files is that the Amazon VPC that your Amazon EC2 instance is running in does not have access to Amazon S3 to download the installation files. If you discover in your logs that this is the issue, check your EC2 instance's Amazon VPC and security group settings to ensure they are not blocking access to Amazon S3.

    If Data Defender is running after checking your Amazon VPC settings, continue to Step 3: Verify that Your Data Defender Stream is Configured. If the problem persists, contact AWS Support and send your log files with a description of your issue.

Step 3: Verify that Your Data Defender Stream is Configured

  1. In a web browser, access your DDX Web User Interface by entering the following address in the address bar: localhost:8080. Then, press Enter.

  2. On the DataDefender dashboard, choose Go to Details.

  3. Select your stream from the list of streams, and choose Edit Stream.

  4. In the Stream Wizard dialog box, do the following:

    1. In the WAN Transport pane, ensure WAN to LAN is selected for Stream Direction.

    2. In the Port box, ensure the WAN port you have chosen for your dataflow endpoint group is present. By default, this port is 55888. Then, choose Next.

    3. In the Local Endpoint pane, ensure that a valid port is present in the Port box. By default, this port is 50000. This is the port that you will receive your data after Data Defender has received it from the AWS Ground Station service. Then, choose Next.

    4. Choose Finish in the remaining menu if you have changed any values. Otherwise, you can cancel out of the Stream Wizard menu.

You have now ensured that your Amazon EC2 instance and Data Defender are both running and configured properly to receive data from AWS Ground Station. If you continue experience issues, contact AWS Support.