My AKS cluster has an authorized IP. I am trying to deploy a Github Actions workflow to the AKS but the connection is refused because of the IP range. Any ideas? What's the best way to handle this case?
Thanks!
Related
I want to host a database in Heroku server and also a django application. The problem is: To transfer data to my Heroku database i would need be connected to a VPN. Does Heroku provides a way to connect to a VPN in order to access another database, like AWS client VPN?
My infra would be like this:
Airflow running DAGs to pull data from a AWS database that requires VPN connection to source from it. I would transfer the data from this AWS database to my heroku database.
Is it possible?
Thank you
Another thing that i'm wondering is if it is possible to connect Heroku to AWS client VPN, in case Heroku does not have something similar or a way to do this step.
Yes Heroku does provides a VPN labelled as Heroku Private Spaces and Shield Spaces.
Here is the link
https://devcenter.heroku.com/articles/private-space-vpn-connection
I have an ECS instance running in alibaba. My ECS is in a VPC that has a SSL server. I have downloaded the SSL client certificate which allows me to connect to openVPN and to ping the ECS instance from my local box while connected to openVPN.
However, when I login to the ECS instance, I am unable to ping back my local box. My security group is a basic one which allows all connections. I didn't touch the outbound connection.
Here are the details of my SSL Server, and successful ping screenshot (My ECS Primary Private IP Address is 192.168.0.201)
Here is a screenshot of my unsuccessful attempt to ping my local home IP address (The IP, 192.168.10.190,in the screenshot below is an arbitrary one for illustration purpose) from the ECS instance.
When you connect to VPN, you're assigned a private client IP of 192.168.2.0/24 as per your SSL VPN settings. This is the network that will be used for your VPN connection. From your screenshot I see that you're pinging to your local 192.168.10.190. Your cloud server does not have access to this network.
You can try pinging to your client 192.168.2.0/24 IP from your ECS. You probably will need to a the route to your VPC > Route Tables. I haven't tried connecting cloud server via SSL VPN myself, but I've used IPSec for two-way site-to-site connection, which is more suitable for this situation.
I'm not clear if this is possible, but here is what I'd like to do:
Goal:
Set up a VPN between my home network and my AWS VPC. A use case I'd like to have working:
Have a Lambda function write to a database, e.g. Postgres running on my home network behind my router. Think of some machine with 192.168.. address on my home network running Postgres
I have read the documentation and I wanted to confirm what it would require to make this happen. Assume I have a VPC with a Lambda deployed to it.
Create a Virtual Private Gateway for the VPC
Create a Customer Gateway for my home network.
Configure the Customer Gateway machine in my home network (e.g. Raspberry PI) after downloading the vpn connection file from AWS.
I'm looking at this article for reference:
setup raspberry PI3 as AWS VPN Customer Gateway
Is this all that I would need to do? Do I need to use some 3rd party software in addition to this? Or is this not even possible?
Thanks
You can setup an OpenVPN server on an EC2 instance and change your SG inside your VPC resources to only allow access from your VPC CIDR block.
AWS provide an AMI for OpenVPN server : https://aws.amazon.com/marketplace/pp/B00MI40CAE/ref=mkt_wir_openvpn_byol
I launched one RDS instance,s3 and EC2 in AWS and its is triggered properly using lambda. Now I wish to change the change the RDS and EC2 from AWS to local machine. My lambda is triggered from s3.
How do I connect the local database through lambda in AWS?
It appears that your requirement is:
You wish to run an AWS Lambda function
Within the function, you wish to connect to a database running on your own computer (outside of AWS)
Firstly, I would not recommend this strategy. To maintain good performance, you should always have an application as close as possible to the database. This means on the same network, in the same location and not going across remote network connections or the Internet.
However, if you wish to do this, then here's some things you would need to do:
Your database will need to be accessible on the Internet, so that you can connect to it remotely. To test this, try accessing it from an Amazon EC2 instance.
The AWS Lambda function should either be configured without VPC connectivity (which means that it is connected to the Internet) or, if you have configured it for VPC connectivity, it needs to be in a Private Subnet with a NAT Gateway enabling Internet access.
(Optional) For added security, you could lock-down your database to only accept connections from a known IP address. To achieve this, you would need to use the VPC + NAT Gateway so that all traffic is coming from the Elastic IP address assigned to the NAT Gateway.
I agree with John Rotenstein that connecting your local machine to a Lambda running on AWS is probably a bad idea.
If your intention is to develop or test locally, I recommend the serverless framework, and the serverless-offline plugin. It will allow you to simulate Lambda locally, and you can pass database config values through as environment variables.
See: Running AWS Lambda and API Gateway locally: serverless-offline
I have installed rundeck in docker using ec2 instance.
When I run the image and start rundeck. It's fine.
Lynx http:localhost:4440
Us able to show rundeck dashboard.
But, how can I access this rundeck from Windows browser?
I tried using address but connection refused.
In order to access this from outside for your setup, you might have to ensure the following things:
Ensure that host server (ec2) is forwarding ports to the docker container. You should have used -p or -ports when launching the container for this.
Test: From your EC2 instance, you should be able to access: http://localhost:4440
Ensure you have a public IP assigned to your EC2. You should be able to see that from your aws ec2 console: http://console.aws.amazon.com/ec2
Ensure that your security group(s) for that instance has InBound connections to accept 4440 from your IP or rest of the world.
After this, your http://:4440 should work.
I hope I got your question correct.
Let me know how it goes,
Thanks,
Anoop