I want to allow a kubernetes cluster, all the pods running in it, to access my ec2 machine.
This means I have to allow a particular IP or a range of IPs in the security group of my ec2 machine.
But what is that one IP or a range of IPs that I'd have to enter in the security group of EC2 machine?
The pods in kubernetes run in worker nodes which are nothing but ec2 instances and have their own security group. If you want your ec2 instance which is outside the cluster to accept connection from pods in kubernetes cluster, you can add an inbound rule in the ec2 instance with source security group value that of the worker nodes security group.
Why is that the pods in the kubernetes cluster wants to access an ec2 instance outside the cluster. You can also bring the ec2 instance within your kubernetes cluster and if need be, you can expose the ec2 instance's process via kubernetes service.
Related
We have 2 separate VPC's and dont need to do any peering. one VPC has an openvpn software running for vpn purposes and a lambda in another vpc that needs access to the resource in the openvpn VPC. so how can this be done if we try to create a tunnel from an EC2 instance running in the Lambda's VPC that is connected to the other VPC via vpnclient? Would this work in this scenario or are there any other alternatives. The Lambda would like to reach the elasticsearch service running in the other VPC via VPN client running in the EC2 instance
Please create VPC peering between these 2 VPCs & configure route tables of both.
In case of need further help, please do let me know
So I have 2 aws accounts,
in one I have the ECS Cluster
in the other one I have a few EC2 instances
How to tell those EC2 instances to connect to that ECS cluster?
I was reading here How to register EC2 Instance to ECS cluster? that you could lunch an instance and edit the /etc/ecs/ecs.config but there is only CS_CLUSTER={cluster_name} to change, not sure how to reference a cluster from the other account/region.
I have an AWS Elastic Beanstalk with LB and auto scaling group.
Also, I have an EC2 machine which should only allow incoming connection from the EB instances. EB and EC2 are in the same VPC.
I have added the EB security group in the EC2 security group inbound. Still, I cannot establish the connection between these machines.
I can successfully make the connection between these machines if I have manually allowed the EB instances IPs to the EC2 SG.
Is there any way to get rid of this manual update?
How can I make the connection between EC2 and EB?
I am planning to have a multi server architecture in amazon EC2 where the servers need to talk to each other. These servers need to be located in different amazon regions (different datacenters). Can I just use the internal network of the amazon ec2? What are the security issues? Should I mandatorily use Amazon VPC in this setup.
Jam ,
If you are planning to create instances on different regions then go for VPC ,because VPC gives you more security .You can restrict these machines for limited external access also .
As security part , VPC is better than classic EC2 instances ,as you can even only allow VPC to VPC connections also .
ec2 = boto.ec2.connect_to_region(regionName)
gets hung in a instance in VPC.
boto ec2 connect to region is not working in a EC2 instance in Amazon VPC but the same thing works outside Amazon VPC.
What are the things I need to check ?
Thank you
The VPC adds egress rules to Security Groups. It also adds a new feature called Network ACLs that adds stateless ingress and egress rules. Check both your Network ACLs and Security Groups to make sure that you aren't blocking anything with egress rules.