I have an AWS Elastic Beanstalk with LB and auto scaling group.
Also, I have an EC2 machine which should only allow incoming connection from the EB instances. EB and EC2 are in the same VPC.
I have added the EB security group in the EC2 security group inbound. Still, I cannot establish the connection between these machines.
I can successfully make the connection between these machines if I have manually allowed the EB instances IPs to the EC2 SG.
Is there any way to get rid of this manual update?
How can I make the connection between EC2 and EB?
Related
My aws ec instance is not able to connect to my redis cluster,
the ping is also timedout as well.
both my aws ec instance and redis cluster are in the same VPC and same sub network id.
redis cluster has the security group which allows all the inbound traffic
and the ec instance has the security group which allows all the outbound traffic
please help me check if I missed anything,
thanks very much.
Using the latest Robo 3T and the command line provided by AWS
mongodb://<dbname>:<insertYourPassword>#example-db.cluster-c2e1234stuff0e.eu-west-2.docdb.amazonaws.com:27017
I get this Error:
Reason:
SSL tunnel failure: Network is unreachable or SSL connection rejected by server.
Reason: Connect failed
I have also tried following THIS walkthrough but had no joy.
I have read that it is possible to SSH to a EC2 instance on the same VPC and access documentdb this way but ideally I would like to access it directly and not pay for an extra EC2 instance. If I have that right?
I have tried via Mongo shell too and get the following response:
Error: couldn't connect to server example-db.cluster-c2eblahblaho0e.eu-west-2.docdb.amazonaws.com:27017, connection attempt failed: NetworkTimeout: Error connecting to example-db.cluster-c2eblahblaho0e.eu-west-2.docdb.amazonaws.com:27017 (<IP address>) :: caused by :: Socket operation timed out :
connect#src/mongo/shell/mongo.js:344:17
#(connect):2:6
exception: connect failed
What I suspect is happening is that either you do not have an EC2 instance in the same VPC as your DocumentDB cluster or that EC2 instance is not reachable from your laptop. I'd first connect to the EC2 instance with SSH to establish connectivity and then use that EC2 instance to SSH proxy from Robo3T.
For context, Amazon DocumentDB clusters deployed within a VPC can be accessed directly by EC2 instances or other AWS services that are deployed in the same VPC. Additionally, Amazon DocumentDB can be accessed by EC2 instances or other AWS services in different VPCs in the same region or other regions via VPC peering.
The advantage of deploying clusters within a VPC is that VPCs provide a strong network boundary to the Internet. A common way to connect to DocumentDB from your laptop is to create an EC2 instance within the same VPC as your DocumentDB cluster and SSH tunnel through that EC2 instance to your cluster: https://docs.aws.amazon.com/documentdb/latest/developerguide/connect-from-outside-a-vpc.html
To minimize costs for local development, start with the smallest EC2 instance size and utilize the start/stop functionality when not using the cluster.
The same can be done with DocumentDB. When you are developing, you can save on instance costs by stopping the cluster when it is no longer needed: https://docs.aws.amazon.com/documentdb/latest/developerguide/db-cluster-stop-start.html
An alternative is to utilize AWS Cloud9: https://docs.aws.amazon.com/documentdb/latest/developerguide/connect-with-cloud9.html. This solution still requires an EC2 instance in the same VPC as your Amazon Document. What is useful about this solution is that Cloud9 provides a mechanisms to automatically shutdown the EC2 instance if it has been idle for 30-minutes, for example, to help save costs.
I want to allow a kubernetes cluster, all the pods running in it, to access my ec2 machine.
This means I have to allow a particular IP or a range of IPs in the security group of my ec2 machine.
But what is that one IP or a range of IPs that I'd have to enter in the security group of EC2 machine?
The pods in kubernetes run in worker nodes which are nothing but ec2 instances and have their own security group. If you want your ec2 instance which is outside the cluster to accept connection from pods in kubernetes cluster, you can add an inbound rule in the ec2 instance with source security group value that of the worker nodes security group.
Why is that the pods in the kubernetes cluster wants to access an ec2 instance outside the cluster. You can also bring the ec2 instance within your kubernetes cluster and if need be, you can expose the ec2 instance's process via kubernetes service.
I have couple of ec2 Instances on amazon. I want to connect these ec2 instances to my company VPN. I want to do this, so that I can connect to Oracle which is on-premise from an application which is running on ec2
you can ssh to the ec2 instance from your company vpn
If you have correctly configured your VPN between your office and your AWS VPC (https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_VPN.html), then you should check your VPC NACLs, Security Groups and Route Tables to be able to ssh between the different servers and the EC2 Instances.
ec2 = boto.ec2.connect_to_region(regionName)
gets hung in a instance in VPC.
boto ec2 connect to region is not working in a EC2 instance in Amazon VPC but the same thing works outside Amazon VPC.
What are the things I need to check ?
Thank you
The VPC adds egress rules to Security Groups. It also adds a new feature called Network ACLs that adds stateless ingress and egress rules. Check both your Network ACLs and Security Groups to make sure that you aren't blocking anything with egress rules.