Questions tagged [amazon-vpc]

0

votes
0

answer
12

Views

Is there a way to have AWS RDS Public Accessibility = No but still accessible outside of EC2 instance?

For management-related reasons, I need the Public Accessibility option set to 'No' for the RDS. However, we're also looking into being able to access the RDS from our local devices. The only way we're able to do so is by selecting 'Yes' in Public Accessibility. Of course, the VPC, Gateway, Subnet, a...
ZekiraDrake
1

votes
2

answer
1.7k

Views

AWS NLB in public subnets with EC2 in private subnets

Has someone configured a NLB in the public subnets of your VPC to route traffic to EC2 instances that are in the private subnets? When using an ELB, a good solution is to create a Security Group for the ELB and then create another SecurityGroup for the private EC2 Instances, allowing incoming traffi...
Luis
1

votes
0

answer
202

Views

What causes this error “Failed to connect to github.com port 443: Connection timed out” in AWS Cloud9?

I am trying to push my commits to github in AWS Cloud9, which I was previously able to do. However, I attempted to follow the instructions here https://docs.aws.amazon.com/cloud9/latest/user-guide/app-preview.html?icmpid=docs_ac9_ide#app-preview-share to make the application public, and since doing...
adam tropp
1

votes
0

answer
336

Views

Kinesis Firehose with Lambda decorator getting throttled

I am using Firehose with a lambda decorator to ingest vpc flow logs into Redshift. (VPC Flow Logs -> Kinesis Data Stream -> Kinesis Firehose -> Lambda Decorator -> Redshift) The volume of traffic is high which causes the lambda to error out with task timed out when reingesting unprocessed records ba...
kilomo
0

votes
0

answer
2

Views

AWS VPC connect to more than one Virtual Private Gateways

I am trying to create VPN tunnel from VPC to office location. I have created Virtual Private Gateways and when i try to attached to VPC it says Error VPC vpc-xxxxxxxx is currently attached to the Virtual Private Gateway VPC can only be attached to one Virtual Private Gateways ? If I have to create...
roy
1

votes
0

answer
383

Views

AWS EFS File Sync between Regions

Has someone configured EFS File Sync to copy files from one EFS in one Region to another EFS in another Region? Does the origin EC2 (where the sync agent is located) have to be reachable from the Internet? Or does it have to have Internet access through a NAT Instance/Gateway? Does the destination E...
Luis
1

votes
1

answer
76

Views

Securing AWS ECS Cluster

We are trying to create an ECS Cluster however we noticed that the internal ECS Agent is unable to register. We unblocked TCP 443 (ACL and SG) however it still did not register. We then proceeded to open up everything All Traffic both TCP and UDP and then the agent was able to register. We tried to...
Sarah Cassar
1

votes
0

answer
145

Views

Bind EIP to an ECS cluster

I want all outbound traffic coming from my ECS cluster to using a single EIP. I know I could setup a nat gateway. BUT is there an ECS feature that makes this easier or more built in? Or could I use like a VPC endpoint on the ECS cluster or something? Or is the solution still just setup a nat gateway...
red888
1

votes
0

answer
311

Views

AWS VPC Peering connection issue

AWS VPC peering is created for VPCs in single region by referring to aws docs. The diagram below explains the same. Both the VPC peering connections are active and their route tables adjusted for subnets. But when tried to establish http connection to VPC-A from other two VPCs (kubernetes) it fails...
sap
1

votes
0

answer
24

Views

Subnets creation Based on Availability Zones

AWS Using Cloud Formation Template(CFT)Depending on Azs Subnets should be created and should get CIDR range also automatically. Single CFT should work this. For Ex: if a region has 3 Azs it should create 3 subnets or if it has 2 Azs it should create 2 subnets
mohd
0

votes
0

answer
6

Views

How to assign a fixed IP (for whitelisting purpose) to a group of EC2 that has ASG configured?

I have a group of EC2 worker instances (with ASG configured and within a VPC) that runs hourly to pull data from third-party API. The issue i am facing now is the third-party API is implementing whitelisting of IP. How can i provide static IPs for the third-party API to whitelist? Elastic IP will n...
Jian Hao Tan
1

votes
0

answer
234

Views

Integrate Grafana with AWS Cognito

Is there a tutorial out there that describes how to integrate Grafana (running in an EC2 instance) with AWS Cognito for authentification? Or could somebody tell me how to do it? I'm relatively new to AWS and also Grafana. We use Grafana with ElasticSearch. Or would it be better to put Grafana and E...
Johnny90
1

votes
0

answer
135

Views

How to safely secure micro-services in AWS VPC with ALB and OAuth server?

tldr: See bold generic questions below. I have built the infrastructure outlined below(in attachment) in AWS. OAuth specifies an auth server which issues tokens(Authorizes) and then authenticates tokens on each request and allows a proxy to the internal ALB. It's based on a micro-services architectu...
mortonprod
1

votes
0

answer
299

Views

Why AWS lambda functions In a VPC sometimes timeout and sometimes work fine?

I have some lambda functions in a VPC, some of them need Internet to work so I added a NAT instance (t2.micro) and the problem is that I have some functions sometimes work and sometimes timeout. For example a function that call FB API 80% of the time work and 20% timeout. Another function is using...
Bacem Mehri
1

votes
2

answer
104

Views

How to auto create a Classic Link for AWS EB Instances to VPC

I have a Classic app on EB that needs to connect to RDS in a VPC. I can manually configure the EB instances to allow a Classic Link to the VPC by going into EC2 - Instance - Actions - ClassicLink - Link to VPC. Once I do this all is fine BUT this won't auto-link new instances without manual interve...
fleaheap
1

votes
1

answer
243

Views

Whitelist private API GW api to be accessible from a VPC from another account

I have a Private API in Amazon API Gateway that I want to be consumed from another account, by a lambda with VPC support. I modified the API ResourcePolicy to allow private API traffic based on source VPC as specified here, in the last example. This is how my ResourcePolicy looks like: { 'Version':...
user2534830
1

votes
1

answer
34

Views

Can't connect to RDS Postgres locally after setting up NAT instance

I am working on a Django project that uses Zappa to host a serverless app on Lambda. It uses a Postgres database on the back and I've been able to use it flawlessly for some time. Recently I needed to use urllib, and so I needed a NAT instance (EC2 micro instance) to allow Lambda to access the int...
user3787031
1

votes
1

answer
548

Views

AWS RDS “pg_hba.conf rejects connection for host”

I am working on setting up a Postgres instance on AWS through RDS. It has been placed into a VPC with a private subnet where the subnet CIDRs are: ['10.0.21.0/24', '10.0.22.0/24', '10.0.23.0/24']. I have a public subnet and have successfully connected to postgres through a bastion node from public t...
daswolle
1

votes
1

answer
51

Views

Exposing Kong Admin API to internal network

We have a Kong Gateway running within a VPC in AWS. Currently, the Admin API for the Kong Gateway is restricted to only localhost traffic using export KONG_ADMIN_LISTEN='127.0.0.1:8001' export KONG_ADMIN_LISTEN_SSL='127.0.0.1:8444' We'd like to allow microservices within the same VPC to register th...
Brian
1

votes
0

answer
33

Views

How to use a single EIP with Serverless framework?

I have a script to deploy a serverless based project. I'm currently using serverless-vpc-plugin for setting up AZ, but when using the useNatGateway flag - it creates an EIP per zone. I need to force all outgoing traffic to use a single EIP (I'm accessing a 3rd party provider which has an IP restrict...
Gilad Novik
1

votes
1

answer
206

Views

Connecting to Aurora Serverless via intra-region VPC Peering

I have two AWS accounts, which I will call prod and dev. prod has an Aurora Serverless cluster (not instance!), perfectly connectable within its own VPC in the prod account. To save time and money, I would like to use this cluster in dev (obviously with read-only permissions, etc) instead of spinni...
slaughtr
1

votes
1

answer
39

Views

What are the various ways in which an institution can connect their AWS VPC to the Internet?

What are the various way the institutions can connect their AWS VPC to the Internet? I searched on AWS documentation about VPC but could not figure out
nkashyap
1

votes
0

answer
88

Views

Unable to Telnet on AWS-EC2 instance in private Subnet VPC VPN

I have a VPN tunnel setup between Local Infrastructure and EC2 instances. I am able to ssh on Ec2 Instance. Also I can do SSH from EC2 to some other Local System. I have installed a service which connects on port 8440 and 8441 and few other port. The issue I am facing is, I am not able to telnet...
Jeetendra J
1

votes
0

answer
15

Views

Does direct private-to-private IP routing within a shared VPC go through NATs and is it necessarily faster than going through a public proxy?

Assume we have two instances in two different regions under a shared VPC with no public IPs (i.e. within two private clusters). How exactly does routing from one instance to the other work, assuming private addresses used? Does it necessitate the use of NATs (which I always assumed were for internal...
Leeren
1

votes
0

answer
55

Views

How to create a VPC endpoint for autoscaling

We have our VPCs not directly connected to internet. So we need CLI --endpoint-url option to send commands to the custom VPC endpoints instead of standard AWS service endpoints e.g. aws sns publish --message $MESSAGE --target-arn $SNSTARGET --region $REGION --endpoint-url 'https://vpce-xxxx-xxxxx.s...
HumayunM
1

votes
0

answer
26

Views

Route53 over VPN IPSec and Openvpn

I have got vpn connection: (aws vpn ipsec bgp)linux strongswan to vpc subnet:10.215.0.0/16. In linux machine I have got Openvpn as server whitch push route to 10.215.0.0/16. Now my Desktop PC over Opnevpn can connect to aws vpc 10.215.0.0/16.e.g: (aws vpn ipsec bgp)linux strongswan to vpc subnet:10....
debek
1

votes
1

answer
51

Views

Connecting AWS RDS in VPC with Google Cloud Composer

I am trying to build a google cloud composer connecting to AWS RDS to do schedule ELT jobs. However, the RDS is in private subnet of VPC, and the connection is allowed by a white listing IP in Security Group. I have tried to create a NAT gateway for google kubernetes engine, but I couldn't find any...
Wai Yin Li
1

votes
0

answer
28

Views

EC2 could not resolve private API Gateway

The current set up is: EC2 instance deployed in a VPC in subnet A. VPC Endpoint for execute-api in the same VPC in the same subnet (A) Private API Gateway with a resource policy to Allow both the VPC and VPC Endpoint to invoke the API VPC has all its DNS settings enabled. DNS Hostnames & DNS resolut...
oasisofthestar
1

votes
1

answer
42

Views

User Data is not running on EC2 instance in Private VPC subnet

This is the user data used: #!/bin/bash yum install httpd -y yum update -y aws s3 cp s3://YOURBUCKETNAMEHERE/index.html /var/www/html/ service httpd start chkconfig httpd on NAT gateway is configured for the private EC2 instance and also s3fullaccess permissions are given. Please help me troubleshoo...
SAMRUDDHI MODI
1

votes
0

answer
54

Views

Create AWS VPC Endpoint for SQS

I have a couple of Lambda functions that require access to other services I have in AWS inside a VPC. So I have added these Lambda functions to the same VPC which makes them lose internet access. One of the service I need access to is a SQS queue, which is not in the VPC as it doesn't support it. I...
Ivo Udelsmann
1

votes
1

answer
23

Views

Route traffic of a Client VPN VPC to an instance in the same VPC

I have a use-case where a remote device (ie. Laptop) is connected to the AWS Client VPN endpoint. Client VPN endpoint has a VPC/subnet associated and I want to see the traffic generated on different ports of my laptop in my VPC. The client (i.e. laptop) is able to connect to the VPN server and I see...
instanceOfObject
1

votes
1

answer
1.1k

Views

Uploading to S3 from within an EC2 VPC

If we're uploading files to S3 from within our AWS VPC, do we have to do anything special other than initiate an upload through the S3 API on the standard URL? We're planning on using the aws-s3 Ruby gem to do the transfer and just trying to figure out if there are changes we need to make in order t...
Jeremy Baker
1

votes
1

answer
872

Views

Is the role of router in AWS-VPC played by a virtual machine?

I am wondering is the role of router in AWS-VPC played by a virtual machine ? This vm may have several nics. If not, then how is the router in vpc designed ? Thanks a lot.
user3332490
1

votes
1

answer
1k

Views

How can I attach a private IP from a different subnet to an EC2 instance?

First of all, I know enough about VPN setup just to be dangerous, so hopefully I can explain my problem clear enough. We have a server in our AWS VPC that a client will need to access via a VPN connection. The client wants to access the server as though it's a specific IP address on their internal n...
Jeff French
1

votes
3

answer
1.8k

Views

AWS VPC outbound traffic

I have a VPC in AWS with a public and a private subnet. I added an OpenVPN server to it and as long as I'm logged into the VPN I can access everything just fine. I now need to set it up so that a server in the VPC can access an external REST API. My current ACL rules are completely open. Both inboun...
Jason Neumann
1

votes
1

answer
1.2k

Views

How to find out if an AWS VPC Subnet is a “public subnet”?

I want to find out if a given AWS VPC subnet is a 'public subnet' i.e. if it has direct access to the internet. As I understand it, for this I need to check if the route table associated with that subnet is associated with an internet gateway i.e. it has an entry with 'destination_cidr_block'='0.0.0...
Rohit Agarwal
1

votes
2

answer
777

Views

How to add inbound rule to AWS security group with my default VPC?

I want to add inbound rule to security group with my default VPC. I removed default VPC from a zone and added a default VPC. But I get fault below : '[AmazonServiceException: Status Code: 400, AWS Service: AmazonEC2, AWS Request ID: c99a21bb-c798-4938-994f-ef8b89c64a72, AWS Error Code: VPCIdNotSpeci...
Ozturk
1

votes
1

answer
613

Views

Kibana cannot talk to Elasticsearch cluster in VPC

I have setup Elasticsearch and Kibana in Amazon VPC, where two Elasticsearch instances (forming a cluster) stay in the private subnet and other node having Kibana/nginx sitting in public subnet. I can check the cluster health and it is good - { 'cluster_name' : 'es-cluster', 'status' : 'green', 'tim...
theharshest
1

votes
2

answer
1.7k

Views

EC2 instance in VPC public DNS name

I have an VPC instance created on AWS. But it doesn't have a public DNS value as opposed to my other instance which is a straight EC2 instance. eg ec2-45-55-79-ap-southeast-1.compute.amazonaws.com Is there a way to assign a 'Public DNS' value like the one above for my VPC instance? Cheers to anyone...
Andrew Duffy
1

votes
1

answer
121

Views

AWS: conditional route to EC2 depending on content

I want to build a cluster of EC2 'worker' instances where each EC2 should handle particular shard of users, lets say: EC2-1 handles users-1-2-3 EC2-2 handles users-4-5-6 EC2-3 handles users-7-8-9 So that when user-3 tries to login and execute other requests in my service, each request from that use...
blackdigger

View additional questions