Questions tagged with Networking & Content Delivery
Sort by most recent
Browse through the questions and answers listed below or filter and sort to narrow down your results.
Managing Route53 at scale
We have about 30 AWS accounts at this point (application, development, devops, shared services, sandboxes) and we are using AWS Control Towers tied into AWS SSO. We have recently created a designated networking account where we host the STNO solution and have decided this will be our centralized network traffic solution for all of our business needs. We are trying to figure out what the best practices are for managing DNS, private DNS zones in particular at scale. With using a central networking account, we can see the appeal of having all private zones in a single account so that we can get a complete picture of and monitor/manage the entire organization, but is this the current best practice? Will centralizing our private zones create problems for individual teams? For example, we want to give our Devs the ability to manage their private zone (dev.company.com) without allowing them to edit other zones. Is this possible with cross-account, centralized, private zones? Should we even allow our dev teams to manage their own private zone? If not, what is the current best practice for managing private zones within an org? Just hoping to get an idea of how other companies are managing this, what worked for previous clients, what didn't.
How to make HTTPS ALB that targets other TCP port of a fargate service?
I would like to make a HTTPS fargate service that is in a docker container with port 4000. I set up as follows. ``` Task definition/Port mapping of the container -Host port: 4000 -Container port: 4000 Target group -Target type: IP -Protocol: HTTPS (port 443) -IPv4 address: None Application load balancer -Listener protocol: HTTPS (port 443) -Default action: the TG above ECS service -Task definition: the definition above -Load balancer: the ALB above -Container to load balance: the container above -Production listener port: HTTPS (443) -Target group name: the TG above Route 53 A record -alias: the ALB above ``` However, when I access to the url of the A record, I got "503 Service Temporarily Unavailable" or "504 Gateway Time-out". I can access to the service if I do not use ALB and connect to the IP:4000 directly. What is the correct way to set up ALB and TG that connect to the container port 4000 via HTTPS?
"error on line 1 at column 1: Document is empty" when looking at VPN setup options.
Hi Community, I am attempting to create my first Site to Site VPN connection. I am getting a "error on line 1 at column 1: Document is empty" on all VPC and VPN screen options. I have been getting this error before creating any VPN, VPG, or Client Gateway. I refreshed the screen several times and the error went away. I created my site to site connection and was able to establish a connection however some times the results are Mixed. I was previously seeing that one tunnel 1 was up and tunnel 2 was down. Now tunnel 1 and 2 are down. During troubleshooting, when looking at the VPC dashboard all connections will read error and get the error "error on line 1 at column 1: Document is empty". After refreshing the screen several times the issue will go away. I am wondering if this is causing issues with my setup. I have been following the following article to help setup my Site to Site connections. https://c86.medium.com/setup-site-to-site-vpn-to-aws-with-pfsense-1cac16623bd6#:~:text=From%20the%20VPC%20Dashboard%2C%20click,Virtual%20Private%20Network%20(VPN).&text=Give%20your%20VPN%20Connection%20a,subnet%20behind%20the%20pfSense%20appliance. Thanks for your assistance. Aaron
Unable to release Elastic IP - but there's no rDNS involved
I am trying to release an Elastic IP address. Under the Actions button, the Release, Associate, and Disassociate options are all grayed out. How can I release this orphaned Elastic IP? I tried the option to clear the Reverse DNS, but received the message 'Update is not required for Public IP Address 184.108.40.206', so apparently a Reverse DNS isn't involved. Any suggestions?
EC2 outbound bandwidth dropped on July 21st and stays very low (eu-west-1)
Hello, In our organization, we run our CICD using gitlab. We spawn runners on demand and each runner is a EC2 instance. Since July 21st, the uploads performed by these runners got their duration multiplied by ~10. From our tests, we see that: - outbound bandwidth from any instance type and any AMI we can spawn in eu-west-1 is now <2,5Mb/s (~300KB/s), - we tested t3.medium and m6a.large, - we tested various AMIs (ubuntu, amazon linux), - this seems far from any quota/limit/advertised bandwidth, - before July 21st, it was around 25Mb/s (~3MB/s) for t3.medium runners, - download speed is 500Mb/s, - upload/download target is the gitlab server host itself, - located in Paris, - can be reached through 2 different physical connections and we get very good speed from other places, - all speed tests mentioned here are performed using iperf3, - runners are in a VPC, routed through an Internet Gateway, - if we spawn a runner in eu-west-3, outbound speed is 24Mb/s (and download is 1Gb/s), - that's not great, but at least it’s 10 times what we get in eu-west-1 (and close to what we had before “the incident”). - we haven’t changed a thing regarding our configuration, runners, gitlab version, code. The problem happened suddenly for pipelines run after July 21st, 4pm cest, We may consider spawning our runners in eu-west-3, or even move our gitlab server on EC2, but since 1) the problem happened suddenly without any action on our side and 2) this would require moving other resources as well, time, effort and cost, we’d rather prefer a logic explanation of what’s happening here before taking actions. We are looking for clues to understand: - how to monitor this in order to identify if we actually reach a limit/quota, - why this changed suddenly, - why outbound bandwidth is that low (is that to be expected, or not). Any help investigating would be greatly appreciated! Best,
CloudFront and Google Analytics
I have deployed Google Analytics Script on my Lightsail-based WordPress (bitnami) website and using CloudFront for content delivery. Besides I am using Wordfence Firewall on my website and accordingly enabled X-Forwarded-For HTTP header as well as whitelisted all IP Blocks of Cloudfront to get users ip. The issue I am facing is that Google Analytics is displaying all visitors as originating from the desktop devices instead of mobile devices. How I can fix it? The link to the website is [https://pricetoday.com.pk](https://pricetoday.com.pk)
using of NLB for HA
Hi Team, In my architecture I will use NLB : API GW => VPCLink => NLB => ECs fargate, for high availability in the prod environment do I need to spin up 2 NLBs, on each AZ, so my NLB is not a single point of failure? or is AWS NLB highly available by default? so I need only one NLB in my architecture for the whole region Thank you.
API Gateway - Outbound static IP
Hi, I've configured a public REST API Gateway to serve as a reverse proxy for a couple of our internal services, the primary purpose of this is for https. Browsers seem to not like mixed http/https traffic. I now have the need to be able to access a vendors internal system, while giving my users access to some of the data I'd be pulling from them. However, they don't want to expose their service publicly. So I'm hoping that there is a way to assign a static IP to the API gateway when it makes outbound calls and to the vendors system. I know I can put a Lambda behind the API gateway and put that into a VPC with NAT and what not, but we don't need the traffic to be routed this way. Any ideas how to make the API Gateway have an outbound static IP that I can then give to my vendor?