My Linux EC2 Instance comes up under VPC --> subnet with proper route table having Internet gateway (0.0.0.0/0 as destination).
It comes up with Private IPv4 address assigned to it, no Public IPv4.
Attached the related Security group and NACL screenshot.
Security Group
NACL
Under Security Group, I have opened:
HTTPS (443) to 0.0.0.0/0,
ssh (22) to my machine IP and my VPC CIDR range.
After I ssh into my EC2 instance using the Private IPv4 address and keys, I've been trying to add AWS cli to my instance
My ec2 instance produces this after I enter this:
curl https://awscli.amazonaws.com/awscli-exe-linux-x86_64-2.0.30.zip -o awscliv2.zip
Error:
0curl: (7) Failed connect to awscli.amazonaws.com:443;
Where is the problem?
If your instance is in the private subnet and has no public IP, you can't route through Internet Gateway. You have to route through some NAT device. The simplest is NAT Gateway, although you can also set up an EC2 instance to serve same purpose.
When you set up a new VPC using (recently added) wizard, it offers you an option to create public and private subnets and NAT Gateway automatically. Or you can add it to an existing VPC following these instructions.
Note, that unlike Internet Gateway, NAT Gateway is not free
PS. Sorry again for misunderstanding your question.
Could you check if your instance has any firewall running? You can disable the firewalls (if any) using these commands :
# For Uncomplicated Firewall
sudo ufw disable
# For firewalld
sudo systemctl disable firewalld --now
Also, the official documentation for aws cli installation has double quotes surrounding the https address (https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html)
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
This may or may not be the issue but its worth a try.
Related
I've followed the AWS DocumentDB docs for connecting outside VPC:
I created an EC2 instance in the same security group and VPC as the DocDB cluster
In the security group I opened 22 port access for my IP, and also opened port 27017 for communication inside the security so EC2 instance can SSH tunnel to the DocDB
I ran ssh -f -i "ssh-tunneling-access.pem" -L 27017:{doc-db-cluster}:27017 {ec2-instance-user}#{ec2-instance-dns} -N to open the SSH tunnel
In another terminal I tried to connect using Mongo shell with mongosh "mongodb://{credentials}!#localhost:27017/?tls=true&tlsAllowInvalidHostnames=true&tlsCAFile=rds-combined-ca-bundle.pem"
I got an error "MongoServerSelectionError: read ECONNRESET"
I'm running on Windows 11, and my terminal is Powershell Core.
Any ideas what did I miss and/or how to troubleshoot it?
First of all, make sure you can connect to DocumentDB from the EC2 instance. The security group attached to the DocumentDB cluster has to allow port 27017 with source the EC2 instance (or the security group of the EC2).
Second, is not clear from where you're initiating the tunnel. Did you execute step 3. on the Windows 11 machine? Have you installed OpenSSH on Windows?
How about using a GUI client, like Robo 3t, which has SSH tunneling support? Instructions on how to connect can be found here.
I'm new to Amazon Web Service (AWS).
I already created a PostgreSQL from AWS RDS:
Endpoint: database-1.XXX.rds.amazonaws.com
Port: 5432
Public accessibility: Yes
Availablity zone: ap-northeast-1c
After that, I will push my application that using the database to AWS (maybe deploy to EKS).
However, I want to try testing the database server from my local computer first.
I haven't tried testing from my laptop PC at home yet, but I think it will connect OK because my laptop PC is not using the HTTP proxy to connect to the network.
The problem is that I want to try testing from my company PC, which needs setup the HTTP proxy to connect to the internet. The PC spec:
Windows 10
Installed PostgreSQL 10
Firstly, I tried using psql command-line:
psql -h database-1.XXXX.rds.amazonaws.com -U postgre
> Unknown host
set http_proxy=http://user:password#my_company_proxy:3128
set https_proxy=http://user:password#my_company_proxy:3128
psql -h database-1.XXXX.rds.amazonaws.com -U postgre
> Unknown host
set http_proxy=http://my_second_company_proxy:3128
set https_proxy=http://my_second_company_proxy:3128
psql -h database-1.XXXX.rds.amazonaws.com -U postgre
> Unknown host
Then, I tried using the pgAdmin tool.
As from the internet post, it said that we can use "SSH Tunnel" for inputing proxy:
However, the error message will be shown:
So, anyone can help suggest if we can connect to the public PostgreSQL server through HTTP proxy?
I think problem is Postgres uses plain TCP/IP protocol and you are trying to use HTTP proxy. Also you're trying to create SSH tunnel against your HTTP proxy server which won't work.
So I'd suggest following solutions:
Use TCP proxy instead of HTTP proxy
Create an EC2 or any instance that has SSH access from your company network and has access to public internet. So that you can create SSH tunnel through that instance to achieve your goal.
NOTE: Make sure you PostgreSQL is accessible from public internet (although this is usually bad idea, but it's out of scope this question) sometimes security group configs prevent it to connect from public internet.
Just add all ports(5432,3128...) in the Security Group from your RDS and specify your IP. Don't forget "/32"
Let me add that "unknown host" is usually an indication that you're not resolving the DNS hostname. Also, your HTTP proxy should not interfere with connections to databases since they aren't on port 80 or 443. A couple of things you can try (assuming you're on windows) sub in your actual url:
nslookup database-1.XXXX.rds.amazonaws.com
telnet database-1.XXXX.rds.amazonaws.com 5432
You should also check the security group that is attached to your RDS and make sure you've opened up the ip address that you're originating from on port TCP/5432.
Lastly check that your VPC has DNS and Hostnames enabled. https://docs.aws.amazon.com/vpc/latest/userguide/vpc-dns.html#vpc-dns-updating
I tried to run this hello world app on an AWS EC2 instance with docker-compose up --build . It works as expected and is accessible remotely from the EC2 public IP when I use port 80 i.e., "80:80" as shown in the docker-compose file.
However, if I change to another port such as "5106:80", it is not accessible from a remote host using <public IPv4 address>:5106 even though it's available locally if I ssh unto the EC2 instance and try localhost:5106. Please note:
I've ensured the EC2 is in a public subnet and I have configured the security group to make the port (in this case, 5106) accept inbound traffic from my laptop.
I know it's not a problem with the hello-world app because I experience exactly the same problem with another app i.e., only port 80 works with docker-compose port mapping on EC2.
As it works with port 80 and doesn't work with port 5106 it could mean one of two possibilities:
There is an issue with your security groups. You should check you have added port 5106 in your inbound rules of your security group.
There is an issue with a firewall or antivirus that doesn't allow you to connect to web pages in different ports rather than 80 or 443. You may try if this happens with another device or on another network.
In this case, it seemed to be the latter.
Possible that the docker network needs to be deleted?
docker network rm $(docker network ls -q)
Then run docker-compose up again.
I have created a linux node on Amazon (AWS) machine. I can ssh into the node but I cannot do ping into its IPv4 Public IP. What should I do to fix this issue?
Works:
ssh -v -i "my_pem.pem" ubuntu#<AmazonNode's_IP>
Does not work (returns %100 failure):
ping <AmazonNode's_IP>
I have also added following setting from https://stackoverflow.com/a/30544572/2402577 but it did not helped.
Please note that when I did this setting, I can ping from another amazon node to an amazon node. But from a non-amazon node still I cannot do ping to the amazon node.
Thank you for your valuable time and help.
ICMP port is closed by default on AWS instances. You need to enable it in a security group.
Connecting to Ubuntu 14.04 server at AWS gx2.2 instance(Huge GPU one), from an Ubuntu 14.04 system with the following command:
ssh -i ~/.ssh/key.pem ubuntu#12.121.12.321
Normally it would just connect, but now it times out with this error:
ssh: connect to host 54.171.53.164 port 22: Connection timed out
I can Ctrl+C out of the freeze though.
I have tried to restart.
I have tried to sudo apt-get update.
Recheck your AWS parameters...
1) Check Public Ip associated with the Amazon ec2 instance, check whether it is the same as ip address 12.121.12.321 you are using to make connection.
2) Check the inbound rule of the security group associated with the Amazon ec2 instance. Ensure that the inbound rule has ssh access to the ip address of the machine from which you are trying to connect the Amazon ec2 instance.
3) Ensure that the pem file you file you are using is appropriate.
Hope it helps...