I am trying to use a NAT Instance rather than a NAT Gateway; I am also not using any Community AMIs for the NAT Instance configuration.
I am trying to do a yum update from my private but I am thrown the following error: Cannot find a valid baseurl for repo: amzn-main/latest
My AWS stack is as follows:
VPC: A VPC VPC1 with an Internet Gateway IGW1 attached.
Subnets: Two subnets - public in us-east-1a and private in us-east-1b.
Public subnet: Subnet1.1-1a has Route table [Public-IGW-1 with local and IGW1 - 0.0.0.0/0].
Private subnet: Subnet1.2-1b has Route table [Private-1 with local and NAT instance NAT EC2 1- 0.0.0.0/0].
Route tables:
Private-1 has routes local and NAT EC2 1 instance - 0.0.0.0/0.
Public-IGW-1 has routes local and IGW1 - 0.0.0.0/0.
Security groups: Subnet-1.1-1a-Public from us-east-1a in VPC1 has SSH MyIP and HTTP with anywhere.
Subnet1.1-1a-Private from us-east-1b (have to rename; else deceiving) in VPC1 has inbound 22 - anywhere.
Instances:
NAT EC2 1 lives in Subnet1.1-1a of VPC1 with Security group NAT SG inbound 80 - anywhere 22. Private instance has SG - 22 - anywhere. Public instance has SG - 22 - MyIP and 80 - anywhere.
I copied my keypair into the public instance with scp and ssh-ed into the private instance with ssh -i keypair ec2-user#private-ip-addr. When I do a sudo yum update the error canot find a valid baseurl is shown.
I have made sure that NACL is allowing all traffic.
I figured it. The NAT Instance and the Public Instance have to be in the same security groups.
Related
My Linux EC2 Instance comes up under VPC --> subnet with proper route table having Internet gateway (0.0.0.0/0 as destination).
It comes up with Private IPv4 address assigned to it, no Public IPv4.
Attached the related Security group and NACL screenshot.
Security Group
NACL
Under Security Group, I have opened:
HTTPS (443) to 0.0.0.0/0,
ssh (22) to my machine IP and my VPC CIDR range.
After I ssh into my EC2 instance using the Private IPv4 address and keys, I've been trying to add AWS cli to my instance
My ec2 instance produces this after I enter this:
curl https://awscli.amazonaws.com/awscli-exe-linux-x86_64-2.0.30.zip -o awscliv2.zip
Error:
0curl: (7) Failed connect to awscli.amazonaws.com:443;
Where is the problem?
If your instance is in the private subnet and has no public IP, you can't route through Internet Gateway. You have to route through some NAT device. The simplest is NAT Gateway, although you can also set up an EC2 instance to serve same purpose.
When you set up a new VPC using (recently added) wizard, it offers you an option to create public and private subnets and NAT Gateway automatically. Or you can add it to an existing VPC following these instructions.
Note, that unlike Internet Gateway, NAT Gateway is not free
PS. Sorry again for misunderstanding your question.
Could you check if your instance has any firewall running? You can disable the firewalls (if any) using these commands :
# For Uncomplicated Firewall
sudo ufw disable
# For firewalld
sudo systemctl disable firewalld --now
Also, the official documentation for aws cli installation has double quotes surrounding the https address (https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html)
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
This may or may not be the issue but its worth a try.
I'm trying to configure my corosync cluster with 2 ips:
- 1 public
- 1 private
I do have 3 primitives:
- 2 ipaddr2 to mount ips
- 1 ipsrcaddr to src from the private ip in it's subnet
My problem is that ipsrcaddr replaces the default gateway with my private address as source, like this:
~# ip r s
default via 92.181.55.1 dev ens3 src 192.168.0.11
92.181.55.1 dev ens3 scope link
192.168.0.0/24 dev ens4 scope link via 192.168.0.11
I can no longer send traffic with my public ip after resource starts :/
Anyone experienced the same issue ? Any advice ?
Thanks
I have ansible playbook for for GCE VM creation. This playbook launch GCE VM with public ip address.
How to launch my GCE vm without public ip address.?
I'm new to ansible.
I suppose you are using GCE Ansisble module for VM creation. According to GCE module documentation, the module has a parameter named external_ip. Set it to none if you don't want any public IP address assigned to your VM.
external_ip:
type of external ip, ephemeral by default; alternatively, a fixed gce ip or ip name can be given. Specify 'none' if no external ip is desired.
Example:
- gce:
instance_names: my-test-instance1
zone: us-central1-a
machine_type: n1-standard-1
external_ip: none
image: debian-8
state: present
service_account_email: "your-sa#your-project-name.iam.gserviceaccount.com"
credentials_file: "/path/to/your-key.json"
project_id: "your-project-name"
disk_size: 32
I have the following on my AWS
1 vpc
3 subnets - 1 public , 2 private
1 internet gateway
1 nat instance
1 ec2 instance in public subnet
1 ec2 instance (for DB) in private subnet
With routing tables set and all instance running
I ran my ec2.py to pull my inventory and I saw that I dont have details of my ec2 instance from my private subnet
any idea why ?
I thought its my IAM role I am using. but I did give admin access to that role.
in my Ec2.ini I have the following
destination_variable = public_dns_name
vpc_destination_variable = private_ip_address
I did try private_dns_name and ip_address
Actually it worked
the following combination pulled all the ec2 instances.
destination_variable = public_dns_name
vpc_destination_variable = private_ip_address
I'm trying to get KitchenCI to build test instances inside my Amazon VPC. I have this working, however when Vagrant goes to attempt to connect to the ec2 instance, it uses the instance's external (public) IP vs it's internal (VPC) IP. Is there any way to change this in Vagrant?
.kitchen.yml:
---
provisioner:
name: chef_solo
platforms:
- name: centos-6.5
driver:
name: vagrant
- name: amazon
driver:
name: ec2
image_id: ami-ed8e9284
flavor_id: t2.medium
aws_ssh_key_id: DevOps
ssh_key: /Users/djimenez/.ssh/devops_rsa.pub
availability_zone: us-east-1a
subnet_id: subnet-1903a976
require_chef_omnibus: true
iam_profile_name: atc
ebs_delete_on_termination: true
security_group_ids: sg-7461ae1b
suites:
<snip>
Looks like I needed to add the following to my .kitchen.yml:
driver:
name: ec2
interface: private
The docs say:
interface
The place from which to derive the hostname for communicating with the
instance. May be dns, public or private. If this is unset, the driver
will derive the hostname by failing back in the following order:
DNS Name
Public IP Address
Private IP Address
The default is unset.