I need to integrate with a service, that needs to know my IP's in advance to whitelist them, my app is hosted on EBS amazon with autoscaling.
Is this possible?
Here is what my current config file looks like.
Resources:
# LB SG
AWSEBLoadBalancerSecurityGroup:
Type: "AWS::EC2::SecurityGroup"
Properties:
GroupDescription: "Generated by app"
SecurityGroupIngress:
- {CidrIp: "0.0.0.0/0", IpProtocol: "tcp", FromPort: "80", ToPort: "80"}
- {CidrIp: "0.0.0.0/0", IpProtocol: "tcp", FromPort: "443", ToPort: "443"}
# CONFIGURE LB Health Check different port
# EB SG
AWSEBSecurityGroup:
Type: "AWS::EC2::SecurityGroup"
Properties:
GroupDescription: "Generated by app"
SecurityGroupIngress:
- {SourceSecurityGroupId: {Ref: "AWSEBLoadBalancerSecurityGroup"}, IpProtocol: "tcp", FromPort: "80", ToPort: "80"}
- {SourceSecurityGroupId: {Ref: "AWSEBLoadBalancerSecurityGroup"}, IpProtocol: "tcp", FromPort: "443", ToPort: "443"}
- {CidrIp: "0.0.0.0/0", IpProtocol: "tcp", FromPort: "22", ToPort: "22"}
option_settings:
aws:elb:listener:80:
ListenerProtocol: HTTP
InstancePort: 80
InstanceProtocol: HTTP
aws:elb:listener:443:
ListenerProtocol: TCP
InstancePort: 443
InstanceProtocol: TCP
To make this easy, can i somehow reserve a range of IP's and make EBS prefer them when launching a new instance ?
Since your instances are subject to being created or destroyed dynamically, you can't depend on their IPs remaining the same, whether you use Elastic IPs or not.
The right solution is to route your outgoing traffic through a NAT. You can find more information about how to design and implement a NAT at http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-nat.html.
If I understood your question right, I think you are looking for elastic IP.
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html
Related
I though I correctly followed this YAML tutorial (for formatting a YAML file) and this ansible example from official ansible document to create an Azure Network Security Group using following ansible playbook. But when I run the playbook in Azure Cloud Shell, I get the error shown below:
Create_network_security_group.yaml:
---
- hosts: localhost
tasks:
- azure_rm_securitygroup:
resource_group: rg-cs-ansible
name: nsg-cs-web
rules:
- name: 'allow_rdp'
protocol: TCP
destination_port_range: 3389
access: Allow
priority: 1001
direction: Inbound
- name: 'allow_web_traffic'
protocol: TCP
destination_port_range:
- 80
- 443
access: Allow
priority: 1002
direction: Inbound
- name: 'allow_powershell_remoting'
protocol: TCP
destination_port_range:
- 5985
- 5986
Error:
[localhost]: FAILED! => {"changed": false, "msg": "value of protocol must be one of: Udp, Tcp, *, got: TCP found in rules"}
Based on official and "latest" documentation at this URL. Notice the example, the case of the protocol is "Tcp", not "TCP"
Also, the error message you shared is also suggesting to use Tcp, Udp, * as the possible inputs and it got TCP.
[localhost]: FAILED! => {"changed": false, "msg": "value of protocol must be one of: Udp, Tcp, *, got: TCP found in rules"}
I'm using Thorntail 2.3.0.Final, in documentation "5.4.2. Sockets" there is an example of configuring some kind of something:
thorntail:
network:
socket-binding-groups:
standard-sockets:
http:
port: 8081
I thought it starts listening on port 8081, but it persistently continues start listening port 8080
so how to configure port binding properly?
The shortcut way is to use:
thorntail:
http:
port: 8081
I'm trying to connect my RDS postgres SQL databade to my pgAdmin III to see the BBDD and add data but the connection launches the following one error:
pgAdmin message
My pg_hba.config have the following one configuration:
# TYPE DATABASE USER ADDRESS METHOD
# IPv4 local connections: host all all 127.0.0.1/32 md5
host all all 0.0.0.0/0 md5
# IPv6 local connections:
host all all ::1/128 md5
#host replication postgres 127.0.0.1/32 md5
#host replication postgres ::1/128 md5
and my postgresql.conf:
listen_addresses = '*'
port = 5432
max_connections = 100
I have configured the firewall rules in my windows desktop, for the pgadmin be able to communicate through TCP for the 5432 port.
I also Attach the variables of the connection:pgadmin connection
Thanks, If you can help me, I'll it grateful.
Check if your security group has an entry for port 5432 on TCP.
I leave my configuration of security group:
Group name:
awseb-e-ds3pmf8tx8-stack-AWSEBRDSDBSecurityGroup-G0BCKWC2QTGH
Group description:
Enable database access to Beanstalk application
Group ID:
sg-39ce5252
VPC ID:
vpc-ead84082
INBOUND:
Type:
All TCP
Protocol:
TCP
Port range:
0 - 65535
Source:
sg-d2fa6ab9 (awseb-e-ds3pmf8tx8-stack
OUTBOUND
Type:
All trafic
Protocol:
All
Port Range:
All
Destination:
0.0.0.0/0
I have a structure like this:
I want to enable B to accept connection from A.
How can i configure it? I have this configuration in mongodb:
systemLog:
destination: file
path: C:\Program Files\MongoDB\Server\3.2\logs\mongod.log
storage:
dbPath: D:\db
net:
bindIp: 127.0.0.1,192.168.1.100, <can i mydomain1.com here??>
security:
authorization: enabled
keyFile: C:\Program Files\MongoDB\Server\3.2\keyfile-rs0.key
replication:
replSetName: rs0
My firewalls are enabled in both of servers and router.
I think that's a bind name problem!
Somebody have a solution?
I've solved this issue adding a rule in router mydomain1.com to get access from out side the net in a public port!
Settings of my security group on EC2
TCP
Port(Service) Source Action
22 (SSH) 0.0.0.0/0 Delete
80 (HTTP) 0.0.0.0/0 Delete
443 (HTTPS) 0.0.0.0/0 Delete
Output: When I run the telnet
JP$ telnet passionate4.net
Trying 50.18.159.124...
telnet: connect to address 50.18.159.124: Operation timed out
telnet: Unable to connect to remote host
on ubuntu ec2 server
ubuntu#ip-10-166-185-18:~$ sudo netstat -nup -l
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
udp 0 0 0.0.0.0:68 0.0.0.0:* 400/dhclient3
Telnet uses port 23, you don't have it in your security group.
type this:
JP$ telnet passionat4.net 80
80, 443, 3389, or whatever port you're testing for.
Windows example:
C:/> telnet www.google.com 80