By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Accessing go-live application - AWS Blu Age L3 certification workshop

0

I have the AppStream set up for the AWS Blu Age L3 Certification Workshop in Frankfurt region (eu-central-1) (consider VPC1). Whereas the rest of the setup for go live is in Mumbai region (ap-south-1) (consider VPC2), such as AWS Mainframe Modernization, EC2 instance, AWS RDS, etc. Now even after successful deployment and application getting started successfully (verified from BluageConsoleLog), I am not able to access the application from either within the AppStream or my local desktop. Can someone please suggest me a way to access the same? Few things that come to my mind is:

  1. Create an exception for the IP of AppStream or my local desktop in Security Group of VPC2 (where the go-live application is deployed)
  2. Adding a SG Rule to allow traffic from any IP (Internet)
  3. Create a VPC peering from VPC2 to VPC1.

Not sure if any of these are plausible option.

======================================================================================

Updating my Question post trying out the option of creating another EC2 instance.

Created another EC2 instance in the same VPC as Mainframe Modernization application is deployed.

The EC2 instance is an Ubuntu instance with GUI.

At this stage, with the SG Rule added to allow any traffic from Internet - It is working fine.

Then, I removed the SG Rule to allow all traffic from Internet. I observed a weird issue. I was able to view the home/landing page of the application, from within the newly created Ubuntu EC2 instance. But the Logon screen is not loading. Upon inspection, I found that the backend is not responding to the UI requests.

Refer to the below screenshots.

Screenshot from Ubuntu EC2 - with allow all traffic from Internet - added with Internet traffic added

Screenshot from Ubuntu EC2 - with allow all traffic from Internet - removed without internet traffic

I could not find any logic behind this. I repeated the scenario quite a few times to confirm my observation too.

  • Indranil Bose
    a month ago

    Just a note: Peering would fail since both the VPC have an overlapping CIDR range.

Topics
Networking & Content DeliveryEnd User ComputingMigration & Modernization
Tags
Amazon VPCAmazon AppStreamSecurity GroupAWS Mainframe ModernizationAWS Blu Age
Language
English
Indranil Bose
asked a month ago444 views
1 Answer
1

The best way is to create an EC2 instance in VPC1 and access to the application deployed in Mainframe Modernization service from the EC2 instance so that you stay isolated.

Another option is to check the option Allow application deployed to this environment to be publicly accessible when creating the Mainframe Modernization environment.

Allow applications deployed to this environment to be publicly accessible. 
Mainframe Modernization service assigns a public IP address to the environment. 
Amazon EC2 instances and other resources outside of the VPC can connect to your environment. Resources inside the VPC can also connect to the environment. 
Choose one or more security groups that specify which resources can connect to the environment.

This is not the recommended way to do in the L3 workshop: https://catalog.workshops.aws/aws-blu-age-l3-certification-workshop/en-US/go-live/deploy/create-env

AWS
ArnO
answered a month ago
profile picture
EXPERT
Giovanni Lauria
reviewed a month ago
  • Indranil Bose
    a month ago

    Even with this option it did not work for me. Allow application deployed to this environment to be publicly accessible

  • ArnO
    a month ago

    Did you try creating an EC2 instance in VPC1 as well ?

  • Indranil Bose
    a month ago

    I have updated my question with the observation. It'll very helpful if you can have a look.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content