We are running Terraform v12.20 to provision infrastructure in AWS. We have installed Terraform on an EC2 instance and we need to have our corporate proxy configured in order to communicate with services outside our network. We have sts.amazonaws.com configured in our no_proxy. Terraform is not respecting the proxy configured in the environment variables because of which it's timing out trying to connect to sts.amazonaws.com. Here is the proxy that's configured on the instance.
http_proxy=XXX:YYY
https_proxy=XXX:YYY
HTTPS_PROXY=XXX:YYY
no_proxy=sts.amazonaws.com
NO_PROXY=sts.amazonaws.com
HTTP_PROXY=XXX:YYY
This is the error I'm getting when trying to run terraform init.
error validating provider credentials: error calling sts:GetCallerIdentity: RequestError: send request failed. caused by: Post https://sts.amazonaws.com/: dial tcp 54.239.21.217:443: i/o timeout
Can someone help me configure proxy with terraform?
Thank you.
It looks like it's doing exactly what you told it to. You say your environment requires an HTTP proxy to access the internet but you've put sts.amazonaws.com into no_proxy, which is the environment variable for sites you explicitly do not wish to proxy - hence terraform is not using your proxy to go to sts.amazonaws.com and it is failing. Simply put, remove sts.amazonaws.com from your no_proxy variable.
Related
I have a Laravel app which needs to connect to a secure external API with very strict access requirements. There is a handler hosted on AWS which has a bunch of signed certificates etc. The only way to connect to that API is via that specific server due to those requirements.
Now, to test things on my local machine, I do the following:
SSH to the server using the -D flag to set up a SOCKS proxy.
Use this socks to http package to convert the proxy.
Set up Postman's proxy settings to use that http proxy.
That all works fine and I can complete the requests as expected.
However, I'd like to be able to use the proxy in my local Laravel environment too, for which I use Sail.
The problem is that I'm unsure of how to get the container to interact with the proxy. Using the method above in my local machine, I can cURL the required endpoint just fine, but if I try to do it via the container itself, it refuses to connect.
Any help would be appreciated!
I have trouble getting cfn-init to work on Windows.
I do this:
cfn-init.exe -v -c config
-s arn:aws:cloudformation:eu-north-1:894422057177:stack/Providence-Core-A47K89HAVG6V/20f830c0-05cd-12ea-9527-06c34fc32621
-r MyHost
--region eu-north-1
(line breaks added for clarity)
and get as a result:
('Connection aborted.', error(10060, 'A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond'))
What causes this error? What is it that cannot be reached? (it is not the most verbose error message I've seen :-))
Is cfn-init.exe actually trying to access something on the network? If so, what target address?
My outbound rules are fairly restrictive both when it comes to Network ACL and SecurityGroup. They don't have general outbound access for http/https. Is that the reason?
Bottom line: yes, the cfn-init command indeed does an outbound https request. Your SecurityGroup, Subnet ACLs, etc, must allow this.
The cfn-init command attempts to download the relevant CloudFormation stack from the AWS CloudFormation endpoint which is on Public Internet. Therefore, if the cfn-init feature is used, the EC2 instance must have outbound access to such endpoint.
If you don't want to grant generic outbound access for your EC2 instance then Amazon offers a VPC Endpoint for the AWS CloudFormation service.
I'm trying to install oracle on AWS redhat instance. Follow the steps given on this url: http://www.davidghedini.com/pg/entry/install_oracle_11g_xe_on And when I run config command as follows
/etc/init.d/oracle-xe configure
It gives following error.
Database Configuration failed. Look into
/u01/app/oracle/product/11.2.0/xe/config/log for details
When I check the log files it shows following errors.
ORA-01034: ORACLE not available Process ID: 0 Session ID: 0 Serial
number: 0
It seems specific issue on AWS cloud instance.
Is it because of swap memory?
Or is it because of port issue?
I'm using micro instance on it.
How can I get through?
this might be an EC2 security group issue and outbound access to the network on some port being used by the installer (license check, maybe?).
if your EC2 instance is very tightly locked down, you could test if it's a security group issue by adding a new Outbound security group rule to allow all TCP traffic out to anywhere on the internet (0.0.0.0/0)
for example, the install might be trying to hit a remote licensing server endpoint via HTTP or HTTPS but your security group doesn't allow that traffic out.
perhaps there's a 'verbose' flag that you can run the installer with that can give you more info about what it's failing on? HTH
We can do a cf login in an environment that requires an (HTTP) proxy. But cf ic login fails. Is there something else we have to do? We were able to use cf ic login when switching to another network that doesn't use a proxy but that is no long term solution.
If you have an HTTP proxy server on your network between a host running the cf CLI and your Cloud Foundry API endpoint, you must set HTTP_PROXY with the hostname or IP address of the proxy server.
The HTTP_PROXY environment variable holds the hostname or IP address of your proxy server.
HTTP_Proxy is a standard environment variable. Like any environment variable, the specific steps you use to set it depends on your operating system.
For setting your http proxy, you should follow the instructions described at
http://docs.cloudfoundry.org/devguide/installcf/http-proxy.html
I need to access a site from behind a proxy server. I can do it from within a EC2 instance, but it would be really nice if I could use my own EC2 server and when using nokogiri or mechanize to be able to set the instance as my proxy. I have tried enabling HTTP requests and SSH requesting from any source. When I try to connect to the server through ruby running this code.
open('http://example.com/', :proxy => 'http://ec2-54-242-232-173.compute-1.amazonaws.com:80')
I get back either... A connection error(2)
Or an error saying that the end of the file has been reached.
I have tried basic authentification with valid credentials as well.
Can someone try and walk me through the process of setting up an ec2 server and using it as a proxy server through mechanize?
For your case you need to do a few things:
Make sure your EC2 instance is running some sort of proxy server (Squid is good)
Make sure your instance and Squid (or whatever) are set to accept external connections
Configure your Ruby script appropriately
To setup the EC2 instance, use this guide: http://hackingonstuff.net/post/23929749838/setting-up-a-squid-proxy-on-aws
To setup the script just make sure it uses the instance's public DNS name and the port your proxy service is listening on. The public DNS name/ip changes each time you launch the instance so just be sure not to over look that small but important detail. :)