Questions tagged with Amazon EC2

Hello, I would like to ask for an advice about network latency inside an AWS region. I have an EC2 instance that communicates with a Server that is hosted in the same AWS region. The Server is not owned by me, so I have only basic public information about it like domain name and IP address. My goal is to achieve the lowest possible network latency between my EC2 instance and the Server. Simply placing the EC2 instance in the same region results in a latency of GET request around 20ms, but I believe this can be still improved somehow. Are you able to give some insight please?lg...

Hi all, I am trying to connect to ec2 machine (default linux) while on Windows 11 as my work machine. I am receiving the following on my CLI: C:\>ssh -i C:\AWS\pizza-key.pem ec2-user@44.208.4.50 Load key "C:\\AWS\\pizza-key.pem": Permission denied ec2-user@44.208.4.50: Permission denied (publickey,gssapi-keyex,gssapi-with-mic). Please suggest. Thankslg...

hi - I am trying to migrate EC2 classic to VPC (as per AWS) however getting the following error 'Step fails when it is Execute/Cancelling action. Property value 'paravirtual' from the API output is not in the desired values. Desired values; 'hvm'. Also the AWS advice states that the migration should be able to be done with minimal downtime but I am not finding that the case? Any resources to assist in these areas please?lg...

I'm trying to launch a new ec2 instance that automatically mounts an existing EFS file system. I'm using the following settings: ``` Amazon Linux 2 Kernel 5.10 AMI 2.0.20220719.0 x86_64 HVM gp2 64-bit (x86) ami-0c956e207f9d113d5 c5a.16xlarge VPC (default) Subnet: The subnet of the default VPC in eu-central-1a zone. Create security group File systems: EFS An existing file system in eu-central-1a zone ``` I have done the same operation before, but now i get an error. ``` Instance launch failed The maximum number of security groups per interface has been reached. Launch log Initializing requests Succeeded Creating security groups Succeeded Creating security group rules Succeeded Creating EFS security groups Succeeded Adding ingress rules to EFS security groups Succeeded Adding egress rules to EFS security groups Succeeded Adding EFS security group to mount targets Failed ``` What should I do to fix this?lg...

I have a working EC2 instance in free tier, with a responding grpc server in a docker container inside the instance.\ I'd like to send the logs of the container into the CloudWatch.\ I created the suggested policy, the EC2 role, and the role is attached to the instance.\ The container is started from the bash of the linux instance with this command:\ `docker run -d -p 9092:9092 -t <<my-container-name>> --log-driver=awslogs --log-opt awslogs-region=us-east-1 --log-opt awslogs-group="gRPC-POC" --log-opt awslogs-stream="gRPC-POC-log" --log-opt awslogs-create-group=true --log-opt awslogs-create-stream=true` \ I tried to run the container with different users, with different options of the log-driver, omitting parts and almost everything.\ The policy I created to use the CloudWatch looks like this:\ ``` { "Version": "2012-10-17", "Statement": [ { "Action": [ "logs:CreateLogStream", "logs:CreateLogGroup", "logs:PutLogEvents", "logs:DescribeLogStreams" ], "Effect": "Allow", "Resource": "arn:aws:logs:us-east-1:<<my-account-number>>:log-group:*:*" } ] } ``` So far,no sign of the gathered logs in CloudWatch even if I create a log-group and/or log-stream or I don't.\ Maybe I'm missing a step or a vital information somewhere?\ Do You have any suggestions, please?lg...

Hello, I'm user 9003412 (account ID XXXXXXXXXXX): my question is the following. I don't understand why I'm still charged every month whereas I don't have any instance (EC2, RDS) or service running any longer. Could you check this out ? And tell me what I gotta do to be not charged anymore going forward. Thanks. Best, Frederic *edited removed account number — Ria B.lg...

Hi Team, I have created two Elastic IPs one for Zabbix Server and another one for Zabbix Agent, I have attached both for EC2 instanses, however when I ping from server IP to Agent IP, I am unable to ping, I am not sure anything needs to be configure between these two IPs..? Please let me know if you find right solution for that. Server EIP = 15.206.21.176 Agent EIP = 43.205.188.248lg...

I can see the sample-app. But when I delete that and clone my own app, I get the following Permission denied error: su: ignoring --preserve-environment, it's mutually exclusive with --login -bash: line 1: cd: /srv/shiny-server/test-app: Permission denied How do I trouble shoot this? I don't know where to start.lg...

I have a bunch of resources that get stood up as part of a regular deployment, i.e. worker EC2's. I need their IP's and to populate them into a config (But this is a post-deployment process) and it can become long/monotonous as its trivial work. Is there any api calls or any features in AWS I can use to automate this? I'm fine with shell/bash/python. Something in my head is to create a pipeline job that runs after the deployment pipeline, it queries or "scans" for the scope-named EC2's and then retrieves the IP's. Stores them for reference and then appends this to a config file I store in code commit. Possible?lg...

I have a wordpress site that is on the route 53 dns and on an Ec2 instance that are all working normally. but despite this the site is not working for some timelg...

I am using EC2 Ubuntu 20.04 Linux instance (t2.micro). After 3/4 days, My instance status showed "1/2 checks passed". I have some small websites running in this instance. When this message appears, I cannot able to access those websites. Currently, each time I reboot my instance, and after some time, the status checked showed 2/2 checks passed. Then, I can able to access my website. Rebooting after 3/4 days at regular intervals is very painful. Please help me to solve my issue.lg...

Hi, My question is - how can we see what CVEs are patched? Where is it recorded if Amazon Linux has patched a particular CVE? There is the security centre here: https://alas.aws.amazon.com/alas2.html, however, that only lists the advisories as far as I can tell - it doesn't say what's patched and what isn't. Is it the case that if an item there shows that there are new packages, we can just assume it's patched in AL? Thanks in advance for any help. **Context** We've had a pen test conducted in our Elastic Beanstalk / Amazon Linux 2 environment. It flagged some potential common vulnerability & exposures (CVEs) - a number of which turned out to be false positives as Amazon Linux maintains its own release of packages. We found that Nginx running in our environment was not version 1.20.0 - vulnerable to CVE-2021-23017, but was version 1.20.0, release 2.amzn.2.0.4 - which according to https://github.com/aws/elastic-beanstalk-roadmap/issues/221 , has been patched against this vulnerability. Having the same version number for each seems like a recipee for disaster. It certainly cost me a few days time trying to look into the issue. ``` [ec2-user@ip-x ~]$ yum info nginx Loaded plugins: extras_suggestions, langpacks, priorities, update-motd 207 packages excluded due to repository priority protections Installed Packages Name : nginx Arch : aarch64 Epoch : 1 Version : 1.20.0 Release : 2.amzn2.0.4 Size : 1.7 M Repo : installed From repo : amzn2extra-nginx1 ``` I've a number of other CVE's that I need to determine if our elastic beanstalk environment is potentially compromised by: If I can just look them up, it would be helpful. ``` OpenSSH <= 8.6 Command Injection Vulnerability CVE-2021-23017 Diffie-Hellman Ephemeral Key Exchange DoS Vulnerability (SSH, D(HE)ater) CVE-2002-20001 nginx <= 1.21.1 Information Disclosure Vulnerability CVE-2013-0337 OpenSSH 6.2 <= 8.7 Privilege Escalation Vulnerability CVE-2021-41617 OpenBSD OpenSSH <= 7.9 Multiple Vulnerabilities CVE-2018-20685, CVE-2019-6109, CVE-2019-6110, CVE-2019-6111 OpenBSD OpenSSH Information Disclosure Vulnerability (CVE-2020-14145) CVE-2020-14145 SSL/TLS: BREACH attack against HTTP compression CVE-2013-3587 OpenSSH 'auth2-gss.c' User Enumeration Vulnerability - Linux CVE-2018-15919 OpenSSH 'sftp-server' Security Bypass Vulnerability (Linux) CVE-2017-15906 OpenSSH < 7.8 User Enumeration Vulnerability - Linux CVE-2018-15473 OpenSSH Information Disclosure Vulnerability (CVE-2016-20012) CVE-2016-20012 ```lg...