Can anyone point me in the right direction for how to update an EFS OnDemand EC2 instance (YAML) to a Windows EC2 instance?
I.e. how to get the user's credentials to login to a launched Windows instance (Remote Desktop)?
Also, has anyone found a way to copy paste from the local machine to the Golden AMI instance?
You go to the EC2 console and click the checkmark for the EC2 instance. Then there's a menu option to show you the password. For copy paste... you should just be able to ctrl+c, ctrl+v just like anywhere else. "Golden AMI" isn't a real thing, it's just a phrase people use to mean "we made this AMI and it's got our special sauce" (could be configs, security scanners, whatever...).
I don't really understand the other question you're asking.
I have the following issue:
a while ago I tried to create a private vpc with a gateway to a
public IP;
exercise closed, deleted everything - except the public
IP. I simply forgot about it. I only remembered about it when the bill came and on details I had EC2-other;
browsed a little bit the cost explorer and it was confirmed;
I went to EC2 dashboard, listed the network interfaces (had only one) pointing to my public IP. Tried to "detach" and I got the message "You are not allowed to manage 'ela-attach' attachments.";
Went to Elastic IPs dashboard and saw only my IP address. Selected and then clicked "Disassociate" and I've got the error: "You do not have permission to access the specified resource.";
I am the owner the account, there are no users. Not sure if it matters, but on the owner of the "Elastic IP" there is my user id (numeric) which is visible on "my account" page.
So, what am I doing wrong? What am I missing?
One possibility of not allowing deletion would be related linking with NAT Gateway. The elastic ips are public ones and attached to a specific region. The reason the system does not allow you to delete the ip would be because it might be associated to some service in a same region but the association might not appear on the EC2 dashboard. Checking NAT gateway configuration would be possible link to the elastic IP.
I am trying my hand at autoscalling and all is well except that I need all of my instances to be assigned an elastic ip (this is for my payment gateway which needs to know all IPs that we are using.)
Im happy to add say 8 elastic ips to my account but what I need is a facility to auto assign one of these to the instance as it boots up and then release it as it switches off.
I guess I need a startup script but this is beyond my knowledge of AWS (so far I do everything through the web console).
Any samples/help appreciated!
If your gateway is deployed in the same Amazon account as your servers, you might want to look at a VPC solution where you can control the instances' private IPs using masks.
If that is not an option, you will need to write a script, which you should add to the Launch Configuration's User Data.
In this script you can use AWS CLI to find which IP Addresses are available using describe-addresses, and use one of them to associate to your newly created instance using associate-address.
I am trying to communicate between two ec2 instances which are having windows server 2008 installed. On one of the server I have installed Active directory and I want to bring another ec2 instance under one active directory.
I'm new to Amazon with active directory.
The problem I am trying to address is Installing dynamics CRM on these two ec2 instances. From my assumption or understanding, CRM requires a CRM web server and SQL server under 1 Active directory.
Any comments with links or suggestions would be very much appreciated.
Active Directory relies on DNS, so it all depends how you setup DNS for your instances.
But in summary if instance A is the domain controller for my.domain.com and instance B wants to join the domain then you have to make sure that instance B can get to instance A by resolving my.domain.com to the right IP address of A.
When you create an Active Directory domain controller, the controller itself automatically becomes a DNS server so the easiest way is just to make the default DNS server for instance B the actual IP address of instance A (you should be able to use the internal Amazon IP address as long as it's pingable)
Hope this helps.
How do we enable HTTPS in Amazon EC2? Our site is working on HTTP.
First, you need to open HTTPS port (443). To do that, you go to https://console.aws.amazon.com/ec2/ and click on the Security Groups link on the left, then create a new security group with also HTTPS available.
Then, just update the security group of a running instance or create a new instance using that group.
After these steps, your EC2 work is finished, and it's all an application problem.
This answer is focused to someone that buy a domain in another site (as GoDaddy) and want to use the Amazon free certificate with Certificate Manager
This answer uses Amazon Classic Load Balancer (paid) see the pricing before using it
Step 1 - Request a certificate with Certificate Manager
Go to Certificate Manager > Request Certificate > Request a public certificate
On Domain name you will add myprojectdomainname.com and *.myprojectdomainname.com and go on Next
Chose Email validation and Confirm and Request
Open the email that you have received (on the email account that you have buyed the domain) and aprove the request
After this, check if the validation status of myprojectdomainname.com and *.myprojectdomainname.com is sucess, if is sucess you can continue to Step 2
Step 2 - Create a Security Group to a Load Balancer
On EC2 go to Security Groups > and Create a Security Group and add the http and https inbound
It will be something like:
Step 3 - Create the Load Balancer
EC2 > Load Balancer > Create Load Balancer > Classic Load Balancer (Third option)
Create LB inside - the vpc of your project
On Load Balancer Protocol add Http and Https
Next > Select exiting security group
Choose the security group that you have create in the previous step
Next > Choose certificate from ACM
Select the certificate of the step 1
Next >
on Health check i've used the ping path / (one slash instead of /index.html)
Step 4 - Associate your instance with the security group of load balancer
EC2 > Instances > click on your project > Actions > Networking > Change Security Groups
Add the Security Group of your Load Balancer
Step 5
EC2 > Load Balancer > Click on the load balancer that you have created > copy the DNS Name (A Record), it will be something like myproject-2021611191.us-east-1.elb.amazonaws.com
Go to Route 53 > Routes Zones > click on the domain name > Go to Records Sets
(If you are don't have your domain here, create a hosted zone with Domain Name: myprojectdomainname.com and Type: Public Hosted Zone)
Check if you have a record type A (probably not), create/edit record set with name empty, type A, alias Yes and Target the dns that you have copied
Create also a new Record Set of type A, name *.myprojectdomainname.com, alias Yes and Target your domain (myprojectdomainname.com). This will make possible access your site with www.myprojectdomainname.com and subsite.myprojectdomainname.com. Note: You will need to configure your reverse proxy (Nginx/Apache) to do so.
On NS copy the 4 Name Servers values to use on the next Step, it will be something like:
ns-362.awsdns-45.com
ns-1558.awsdns-02.co.uk
ns-737.awsdns-28.net
ns-1522.awsdns-62.org
Go to EC2 > Instances > And copy the IPv4 Public IP too
Step 6
On the domain register site that you have buyed the domain (in my case GoDaddy)
Change the routing to http : <Your IPv4 Public IP Number> and select Forward with masking
Change the Name Servers (NS) to the 4 NS that you have copied, this can take 48 hours to make effect
Amazon EC2 instances are just virtual machines so you would setup SSL the same way you would set it up on any server.
You don't mention what platform you are on, so it difficult to give any more information.
An old question but worth mentioning another option in the answers.
In case the DNS system of your domain has been defined in Amazon Route 53, you can use Amazon CloudFront service in front of your EC2 and attach a free Amazon SSL certificate to it. This way you will benefit from both having a CDN for a faster content delivery and also securing you domain with HTTPS protocol.
You can also use Amazon API Gateway. Put your application behind API Gateway. Please check this FAQ
There must be also an answer for people who want a hassle free https on ec2 for mainly demo and testing purposes, one way they can achieve that very fast is:
With my answer here which describes How you can achieve https for testing purposes in minutes with EC2 without the hassle of creating certificates
One of the best resources I found was using let's encrypt, you do not need ELB nor cloudfront for your EC2 instance to have HTTPS, just follow the following simple instructions:
let's encrypt
Login to your server and follow the steps in the link.
It is also important as mentioned by others that you have port 443 opened by editing your security groups
You can view your certificate or any other website's by changing the site name in this link
Please do not forget that it is only valid for 90 days
Use Elastic Load Balacing, it supports SSL termination at the Load Balancer, including offloading SSL decryption from application instances and providing centralized management of SSL certificates.
You need to register a domain(on GoDaddy for example) and put a load balancer in front of your ec2 instance - as DigaoParceiro said in his answer.
The issue is that domains generated by amazon on your ec2 instances are ephemeral. Today the domain is belonging to you, tomorrow it may not.
For that reason, let's encrypt throws an error when you try to register a certificate on amazon generated domain that states:
The ACME server refuses to issue a certificate for this domain name, because it is forbidden by policy
More details about this here:
https://community.letsencrypt.org/t/policy-forbids-issuing-for-name-on-amazon-ec2-domain/12692/4
You need to create a security group for HTTPS and assign it to your webserver:
Open the Amazon EC2 console.
Choose Security Groups in the navigation pane.
Choose Create Security Group.
For Create Security Group, do the following:
For the Security group name, type a name for the security group that you are creating.
(Optional) Type a description of the security group that you are creating.
For VPC, choose the VPC that contains your web server Amazon EC2 instance.
Choose Add Rule. For Type, choose HTTPS.
Choose Create.
In the navigation pane, choose Instances.
Select the check box next to your web server instance. Then choose Actions, Networking, and Change Security Groups.
Select the check box next to the security group that you created for HTTPS. Then choose Assign Security Groups.
To verify SSL/TLS offload with a web browser
Use a web browser to connect to your web server using the public DNS name or IP address of the server.
Ensure that the URL in the address bar begins with https://.
For example, https://ec2-52-14-212-67.us-east-2.compute.amazonaws.com/.