I have created an auto scaling group with EC2 machines. These EC2 machines have installed a webserver. The EC2 machines have a public IP adress and a load balancer in front of them. When querying the load balancer, I get a success message.
When creating the same scenario with no public EC2 machines for the EC2 machines, I get bad gateway 502. When I check the reachable analyzer, the ec2 machine is being reached.
Why is this the case? Is the public lb in a different network, so that I need an extra route?
I found my error. The webserver was not running, because in the user data I was trying to reach dockerhub and it could not reach it because my Ec2 machine is in a private network and that makes sense, because the reachable analyzer showed, that everything is right.
Related
I have a fairly simple architecture with only two subnets: Public and private. In the same Public Subnet with Internet Gateway configured, I have two EC2 instances:
Linux EC2 instance (Where I run a REST API)
OpenVPN Access Server
https://i.stack.imgur.com/2MHco.png
The problem is, from the Linux EC2 instance, I cannot
ping for example cnn.com
aws ecr docker login (To pull docker images)
Python scripts sitting on the Linux EC2 instance also need call REST APIs from outside world
Thru trial and errors, I found out if I add a Inbound Rule to allow all traffic from 0.0.0.0/0, then I can ping and do those aws/docker commands. This approach is of course a security hole and less than ideal. Any suggestion please?
Thanks in advance.
i am new to using EC2, I have an EC2 instance that can reboot daily for maintenance and after the reboot, i get new public IP(i can't use elastic IPS there are all allocated).
so my problem is the instance contains an application that I need to be accessible via a domain (exemple.com), but I can figure out how to set custom DNS on NameCheap and in AWS this DNS automatically resolve the new public IP of that instance after reboot.
If you feel your architecture warrants additional Elastic IP addresses, you can request a limit increase. To request an increase, complete the Amazon VPC limit request form (choose VPC Elastic IP Address Limit). Describe your use case so that AWS can understand your needs.
You can put your instance behind ElasticLoadBalancer. Each Classic Load Balancer receives a default Domain Name System (DNS) name. This DNS name includes the name of the AWS region in which the load balancer is created. For example, if you create a load balancer named my-loadbalancer in the US West (Oregon) region, your load balancer receives a DNS name such as my-loadbalancer-1234567890.us-west-2.elb.amazonaws.com. You can then use your DNS service to create a CNAME record to route queries to your load balancer. Then, your EC2 instance does not need to have stable public IP address.
You can delegate example.com resolution to AWS DNS service, Route53, and then you can run a script on server boot to update Route53 records with the latest IP address.
I accidentally enabled firewall in my Ec2 instance which blocked me from SSHing --> Then, I used this answer to https://stackoverflow.com/a/50999373/3705478 gain access to my Ec2 instance, but my public Ip address changed. --> This caused me to update my Ip address with Domain registrar as it is a web server facing public. Also I have to change the ip address of the DB running Ec2 instances.
How can I prevent my public Ip address changing under such situations in Amazon EC2?
See the aws documentation for allocating a static ip here https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html#using-instance-addressing-eips-allocating
I had a running instance, and then I became unable to connect to it via http(80) and ssh(22). I tried to reboot the instance, but nothing went up. This has happened to me twice in the past month.
Why does it happen? Can I do anything to fix and/or prevent it from happening?
If I launch a new instance in same region, and it works.
Things to check when trying to connect to an Amazon EC2 instance:
Security Group: Make sure the security group allows inbound access on the desired ports (eg 80, 22) for the appropriate IP address range (eg 0.0.0.0/0). This solves the majority of problems.
Public IP Address: Check that you're using the correct Public IP address for the instance. If the instance is stopped and started, it might receive a new Public IP address (depending on how it has been configured).
VPC Configuration: Accessing an EC2 instance that is launched inside a Virtual Private Cloud (VPC) requires:
An Internet Gateway
A routing table connecting the subnet to the Internet Gateway
NACLs (Network ACLS) that permit through-traffic
If you are able to launch and connect to another instance in the same subnet, then the VPC configuration would appear to be correct.
The other thing to check would be the actual configuration of the operating system on the instance itself. Some software may be affecting the configuration so that the web server / ssh daemon is not working correctly. Of course, that is hard to determine without connecting to the instance.
If you are launching from a standard Amazon Linux AMI, ssh would work correctly anytime. The web server (port 80) would require installation and configuration of software on the instance, which is your responsibility to maintain.
I'm testing a Hadoop cluster with juju and Amazon EC2, and I would like to know how could I stop a cluster and then start it again, manteining the cluster configuration.
The problem is that after start the instances again the public addresses changes, and the juju-status command shows the machines are down.
The problem is that after start the instances again the public addresses changes
Above is true for EC2 instance. Its Public IP address changes when it is stopped and then started.
To avoid this, you have 2 options:
use Elastic IP. You can attach an EIP to you instance so that the instance will have the same IP address accross the start/stop cycles. Caveat: you can get only 5 EIPs per account.
To get rid of above limitation of 5 EIPs per account, you can setup your cluster in side a VPC where all your instances will have a private IP address and it will remain same across start/stop cycles. But you have to understand how VPC works in order to use that. Please read this.