By using AWS re:Post, you agree to the Terms of Use
AWS re:Postre:Post

Endpoint timing out with curl

0

Hi

I'm having real problems with a VPC endpoint I'm trying to configure in connection with a Managed Blockchain network. Please note, I'm new to AWS.

I have reached the stage where I am trying to connect from my client instance to the network via curl or telnet (as per step 3.2 in the link below), and any method I try times out. I have verified that my instances, vpcs etc meet the requirements given in the documentation, and I have attempted restarting the process from the ground up to no avail. I'm confident I haven't missed anything out that's in the documentation, but given my newbie-ness when it comes to AWS generally (and networking too), it's possible I missed something simpler that more knowledgable folks take for granted.

I'd appreciate any suggestions for ways to proceed, diagnosis help, or any pages people can point me at with relevant information. Commands which are timing out include (both as per the documentation for step 3.2):

curl https://CAEndpointURL:30002/cainfo -k
curl https://CAEndpointURL:30002

Thanks

Mark

https://docs.aws.amazon.com/managed-blockchain/latest/managementguide/get-started-create-client.html

Topics
Networking & Content Delivery
Tags
Amazon VPC
Language
English
MarkInSpace
asked 4 years ago266 views
2 Answers
0
Accepted Answer

Check below things.

a--Fabric client (EC2 instance is in same VPC used in creating VPC Service endpoint).
b--Fabric client (EC2 instance is using same Security Group used in creating VPC Service endpoint).
c--Port 30001 to 30004 are allowed in inbound rules in the security group.

2ndly there is a mistake in AWS documentation, the 2nd url should be used with telnet, instead of Curl. it should be:
telnet CAEndpointURL 30002

I have already pointed out this mistake to AWS Support and they confirmed that they will update the documentation.

One thing more is that the port is not guaranteed to be 30002, but the exact value will be returned in the get-member API.

Edited by: Ikram on Feb 3, 2019 5:59 PM

Ikram
answered 4 years ago
0

Thanks, it was the security group TCP port not being open that was the issue. In retrospect, it seems clear, but a combination of my own lack of network experience and the documentation not mentioning it meant I missed it. Thank you for the help. I suggest that this be added this to the prerequisites section of the documentation too.

MarkInSpace
answered 4 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content