What is Reachability Analyzer? - Amazon Virtual Private Cloud

What is Reachability Analyzer?

Reachability Analyzer is a configuration analysis tool that enables you to perform connectivity testing between a source resource and a destination resource in your virtual private clouds (VPCs). When the destination is reachable, Reachability Analyzer produces hop-by-hop details of the virtual network path between the source and the destination. When the destination is not reachable, Reachability Analyzer identifies the blocking component. For example, paths can be blocked by configuration issues in a security group, network ACL, route table, or load balancer.

For more information, see How Reachability Analyzer works.

Use cases

You can use Reachability Analyzer to do the following:

  • Troubleshoot connectivity issues caused by network misconfiguration.

  • Verify that your network configuration matches your intended connectivity.

  • Automate the verification of your connectivity intent as your network configuration changes.

Working with Reachability Analyzer

You can use any of the following interfaces to work with Reachability Analyzer:

  • AWS Management Console — A web interface for AWS services, including Reachability Analyzer.

  • AWS Command Line Interface (AWS CLI) — Provides commands for AWS services, including Reachability Analyzer. The AWS CLI is supported on Windows, macOS, and Linux. For more information, see the AWS Command Line Interface User Guide.

  • AWS CloudFormation — Enables you to create templates that describe your AWS resources. You use a template to provision and manage AWS resources as a single unit. For more information, see the following resources: AWS::EC2::NetworkInsightsAnalysis and AWS::EC2::NetworkInsightsPath.

  • AWS SDKs — Provides language-specific APIs and takes care of many of the connection details, such as calculating signatures, handling request retries, and handling errors. For more information, see AWS SDKs.

  • Query API — Provides low-level API actions that you call using HTTPS requests. Using the Query API is the most direct way to access Reachability Analyzer. However, the Query API requires that your application handle low-level details such as generating the hash to sign the request, and handling errors. For more information, see the Amazon EC2 API Reference.


You are charged per analysis run between a source and destination. For more information, see Pricing.