I have couple of ec2 Instances on amazon. I want to connect these ec2 instances to my company VPN. I want to do this, so that I can connect to Oracle which is on-premise from an application which is running on ec2
you can ssh to the ec2 instance from your company vpn
If you have correctly configured your VPN between your office and your AWS VPC (https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_VPN.html), then you should check your VPC NACLs, Security Groups and Route Tables to be able to ssh between the different servers and the EC2 Instances.
Related
Using the latest Robo 3T and the command line provided by AWS
mongodb://<dbname>:<insertYourPassword>#example-db.cluster-c2e1234stuff0e.eu-west-2.docdb.amazonaws.com:27017
I get this Error:
Reason:
SSL tunnel failure: Network is unreachable or SSL connection rejected by server.
Reason: Connect failed
I have also tried following THIS walkthrough but had no joy.
I have read that it is possible to SSH to a EC2 instance on the same VPC and access documentdb this way but ideally I would like to access it directly and not pay for an extra EC2 instance. If I have that right?
I have tried via Mongo shell too and get the following response:
Error: couldn't connect to server example-db.cluster-c2eblahblaho0e.eu-west-2.docdb.amazonaws.com:27017, connection attempt failed: NetworkTimeout: Error connecting to example-db.cluster-c2eblahblaho0e.eu-west-2.docdb.amazonaws.com:27017 (<IP address>) :: caused by :: Socket operation timed out :
connect#src/mongo/shell/mongo.js:344:17
#(connect):2:6
exception: connect failed
What I suspect is happening is that either you do not have an EC2 instance in the same VPC as your DocumentDB cluster or that EC2 instance is not reachable from your laptop. I'd first connect to the EC2 instance with SSH to establish connectivity and then use that EC2 instance to SSH proxy from Robo3T.
For context, Amazon DocumentDB clusters deployed within a VPC can be accessed directly by EC2 instances or other AWS services that are deployed in the same VPC. Additionally, Amazon DocumentDB can be accessed by EC2 instances or other AWS services in different VPCs in the same region or other regions via VPC peering.
The advantage of deploying clusters within a VPC is that VPCs provide a strong network boundary to the Internet. A common way to connect to DocumentDB from your laptop is to create an EC2 instance within the same VPC as your DocumentDB cluster and SSH tunnel through that EC2 instance to your cluster: https://docs.aws.amazon.com/documentdb/latest/developerguide/connect-from-outside-a-vpc.html
To minimize costs for local development, start with the smallest EC2 instance size and utilize the start/stop functionality when not using the cluster.
The same can be done with DocumentDB. When you are developing, you can save on instance costs by stopping the cluster when it is no longer needed: https://docs.aws.amazon.com/documentdb/latest/developerguide/db-cluster-stop-start.html
An alternative is to utilize AWS Cloud9: https://docs.aws.amazon.com/documentdb/latest/developerguide/connect-with-cloud9.html. This solution still requires an EC2 instance in the same VPC as your Amazon Document. What is useful about this solution is that Cloud9 provides a mechanisms to automatically shutdown the EC2 instance if it has been idle for 30-minutes, for example, to help save costs.
We have 2 separate VPC's and dont need to do any peering. one VPC has an openvpn software running for vpn purposes and a lambda in another vpc that needs access to the resource in the openvpn VPC. so how can this be done if we try to create a tunnel from an EC2 instance running in the Lambda's VPC that is connected to the other VPC via vpnclient? Would this work in this scenario or are there any other alternatives. The Lambda would like to reach the elasticsearch service running in the other VPC via VPN client running in the EC2 instance
Please create VPC peering between these 2 VPCs & configure route tables of both.
In case of need further help, please do let me know
I have an instance of AWS RDS running in a private subnet of a VPC.
I would like my EC2 machine, which is running on a public subnet to have access to it via SSL (and not SSH like I saw people suggest. I want to access it directly from the code via SSL).
Is there a way to do so?
The EC2 instance should have direct access to the RDS instance as long as they are in the same VPC. You just need to open up the security group assigned to the RDS instance to allow ingress from the EC2 instance.
I think you have SSH tunneling (which isn't needed when both servers are in the same VPC) and SSL database connections confused. SSH and SSL would be completely unrelated in this case.
SSL connection support would be a function of the specific database engine you are using. If your database is configured to support SSL connections, then you should be able to configure your database client software running on your EC2 instance to use SSL when creating connections to the database.
I'm not able to connect to my Redshift cluster through ODBC from an EC2 instance. However, I'm able to connect to it from an outside computer (for eg My Macbook) using the ODBC connector. I have been trying and trying but in vain. How can I make my EC2 instance connect to Redshift? The Error I get is:
Is the Server running on host .................and accepting TCP/IP connections on port 5439?
I'm really confused as I can connect form outside but not from an EC2.
Thanks for the help.
Add the security group of your EC2 machine to the list of Ingress rules of the security group in your Redshift VPC.
Basically, you need to allow your EC2 machine to connect to the Redshift cluster.
If you have the instance in the same VPC, public hostname of redshift might not work.
I am trying to launch node in EC2 VPC using chef knife ec2 server create to launch ec2 instance into VPC, But I looking a flag to specify vpc info.
Anyone know how to spin up ec2 instance into vpc using knife ec2 server create ?
Thanks
There is a --subnet SUBNET_ID flag for knife ec2 command. You can specify which subnet of VPC you want the instance be created using this flag.
Refer: https://docs.chef.io/plugin_knife_ec2.html
You cannot provide VPC identity. However, you can provide subnet identity which eventually will create the instance in your VPC of choice.