A developer launched an Amazon EC2 instance showing a 'Running' state but couldn't connect via SSH or a web browser. The core confusion stemmed from assuming a running compute instance equals immediate internet accessibility. AWS architecture separates compute, network security, and networking layers, meaning a misconfigured firewall can block all access despite a healthy instance.

The root cause was missing inbound rules in the Security Group, AWS's virtual firewall acting at the instance level. While the instance had a public IP, the Security Group lacked rules for essential ports like 22 (SSH) or 80/443 (HTTP/HTTPS). This highlights a common AWS pitfall: network access depends on explicit permission, not just instance status.

Fixing this required adding specific inbound rules to the Security Group, allowing traffic from trusted IP ranges. This experience underscores AWS's layered security model, where requests must pass through the Security Group and any Network ACLs. For developers, the lesson is clear: always validate network configurations before assuming a service failure.