As Apple starts rejecting applications which are not able to communicate in ipv6 only network, it is required to also have a public ipv6 address for my web service which uses TCP and UDP.
The web service is hosted in Amazon EC2 VPC, I have followed instructions on Amazon docs to enable ipv6 routing in VPC. But I don't have any public domain or static-ipv6 to connect to EC2 instance.
After searching I came to know about route53 service which can register a domain and point it to some ipv6 / ipv4.
Is the correct solution? Can a single domain map to both ipv4 & ipv6?
for example, mywebservice.amazon-ec2.com points to same ec2 instance having ipv4 and ipv6.
Will requesting the mywebservice.amazon-ec2.com from ipv6 only network work?
If I misunderstood something please help.
You are correct.
You can create a two Record Sets in Amazon Route 53:
One A record pointing to the IPv4 address
One AAAA record pointing to the IPv6 address
For the IPv4 address, first allocate an Elastic IP Address to the instance because it is a static address that will not change when the instance is stopped/started. Then, point the A record to the Elastic IP Address.
There is no Elastic IP Address available for IPv6. Instead, just point to the instance's normal IPv6 address, which will always stay the same for that instance.
You don't actually need to use Amazon Route 53 -- any DNS service will provide the same functionality.
See Amazon Route 53 documentation: Values for Basic Resource Record Sets
Related
My API accesses a service that wants to know what the possible IP address range is for the API so they can whitelist us. How do I know what IP addresses AWS may assign when the load balancer creates new instances?
Direct answer: AWS publishes its IP address ranges in a publicly accessible JSON file. IP ranges are associated with a region and a service, and as you can imagine, there are a lot of them. At the current moment there are 71 CIDR blocks associated with EC2 in us-west-2, for example. That's as specific as you can get, though. So you'd have to supply your partner with all of the EC2 IP address ranges for your region in order to guarantee that they would permit any IP address assigned to an instance your autoscale group might start up. Oh, and they do change periodically, so your partner would have to maintain that list.
Suggestion: Sounds like you have your EC2 instances in public subnets and are assigning public IPs to them. Instead, you can create your EC2 instances in private subnets and use a NAT Gateway to allow them to access the Internet. If you do this, the source IP for outbound traffic will the be the elastic IP address you assign to the NAT gateway. So you can give your partner a definite IP address they can permit to access their service.
Using a private subnet for your EC2 instances also reduces your attack surface area, since the EC2 instances won't have individual public IP addresses.
I have a domain name mydomain.com registered on amazon route 53.
I have an EC2 instance in which I installed a docker portainer image under 9000 port.
My docker image run perfectly under ec2 public ip address:
http://xxx.xxx.xxx.xxx:9000
What I want now is to create a subdomain: portainer.mydomain.com and pointed it to my EC2 portainer instance.
When I try to create a new record set portainer.mydomaon.com and point it to my docker image instance I can't specify the port value.
I know I miss something, I'm on my beginning on DNS domains.
Route 53 is a DNS resolver. Its job is to resolve domain to ip address. It has nothing to do with port.
But there are some alternatives:
Add a secondary ip to the instance to host multiple websites and bind them to port 80. You add an additional ip by attaching elastic network interface (ENI).
Add Application Load Balancer with host based routing (you will get much more control, you can even do path based routing as well). See: Listeners for Your Application Load Balancers - Elastic Load Balancing
S3 redirection (Route 53 Record Set on Different Port)
Why doesn't AWS allocate elastic IP's to all the servers being spawned? They allocate public IP by default to all the servers, which gets lost after a reboot of EC2 instances.
What's the logic behind not allowing elastic IPs automatically?
TL;DR Because Elastic IP (EIP) addresses are not needed for all/most use cases.
There is a limited supply of routable IP addresses. If every server on a public subnet received one, those IP addresses would remain allocated even when the servers were off. If the server was terminated it would be unclear if the use of that IP was concluded or is still necessary for other use. Which brings up the real reason for Elastic IP's.
An Elastic IP address is a static IPv4 address designed for dynamic cloud computing. An Elastic IP address is associated with your AWS account. With an Elastic IP address, you can mask the failure of an instance or software by rapidly remapping the address to another instance in your account. [1]
The take away from this is if you're not using EIP's for dynamic cloud computing you're probably using them incorrectly. This is a good example of a correct use case.
If you require a persistent public IP address that can be associated to and from instances as you require, use an Elastic IP address instead. For example, if you use dynamic DNS to map an existing DNS name to a new instance's public IP address, it might take up to 24 hours for the IP address to propagate through the Internet. As a result, new instances might not receive traffic while terminated instances continue to receive requests.[2]
How can I specify a dynamic IP address for the origin server when configuring Cloudflare?
For instance, when using EC2, the IP address may change whenever the instance is restarted?
How do you update CloudFlare to automatically forward traffic to the new IP address when the origin server IP address has changed?
You have a few options:
Assign an Elastic IP to the EC2 instance so that the IP address will never change.
Place an Elastic Load Balancer in front of the instance and create a CNAME record in CloudFlare that points to the ELB's dns name.
Add a script to your EC2 instance that runs on bootup, that makes a call to the CloudFlare API to update the DNS entry with its new IP address.
How can I make ec2 instance communicate with rds instance on aws by internal ip address or dns?
I only see public dns like xxx.cehmrvc73g1g.eu-west-1.rds.amazonaws.com:3306
Will internal ipaddress will be faster than public dns?
Thanks
A note for posterity, ensure that you enable DNS on the VPC Peering link!
Enabling DNS Resolution Support for a VPC Peering Connection
To enable a VPC to resolve public IPv4 DNS hostnames to private IPv4
addresses when queried from instances in the peer VPC, you must modify
the peering connection.
Both VPCs must be enabled for DNS hostnames and DNS resolution.
To enable DNS resolution support for the peering connection
Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
In the navigation pane, choose Peering Connections.
Select the VPC peering connection, and choose Actions, Edit DNS
Settings.
To ensure that queries from the peer VPC resolve to private IP
addresses in your local VPC, choose the option to enable DNS
resolution for queries from the peer VPC.
If the peer VPC is in the same AWS account, you can choose the option
to enable DNS resolution for queries from the local VPC. This ensures
that queries from the local VPC resolve to private IP addresses in the
peer VPC. This option is not available if the peer VPC is in a
different AWS account.
Choose Save.
If the peer VPC is in a different AWS account, the owner of the peer
VPC must sign into the VPC console, perform steps 2 through 4, and
choose Save.
You can use the "Endpoint" DNS name. It will resolve to the internal IP when used within the VPC and resolves to a public ip when used outside of your AWS network. You should never use the actual IP address because the way the RDS works it could possibly change in the future.
If you ping it from your EC2 (on the same VPC) server you can verify this.
It is amazing to see the amount of down votes I've got given that my answer is the only correct answer, here is 2 other sources:
https://forums.aws.amazon.com/thread.jspa?threadID=70112
You can use the "Endpoint" DNS name. It will resolve to the internal IP when used within EC2.
https://serverfault.com/questions/601548/cant-find-the-private-ip-address-for-my-amazon-rds-instance2
The DNS endpoint provided in the AWS console will resolve to the internal IPs from within Amazon's network.
Check out the AWS EC2 docs: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-instance-addressing.html#concepts-private-addresses.
It doesn't appear that this necessarily applies to RDS, however.
When resolving your RDS instance from within the same VPC the internal IP is returned by the Amazon DNS service.
If the RDS instance is externally accessible you will see the external IP from outside the VPC. However, if the EC2 instance NOT available publiclly the internal IP address is returned to external and internal lookups.
Will internal ip address will be faster than the external address supplied by public dns?
Most likely as the packets will need to be routed when using the external addresses, increasing latency.
It also requires that your EC2 instances have a public IP or NAT gateway along with appropriate security groups and routes, increasing cost, increasing complexity and reducing security.
its pretty easy, telnet your RDS endpoint using command prompt on windows or through unix terminal
for example: telnet "you RDS endpoint" "Port"
trying to connect "You get your RDS internal IP here"