Browse through the questions and answers listed below or filter and sort to narrow down your results.
How to filter routers on a TG for Private IP VPN
I am implementing a new feature from AWS called Private IP VPN using Direct connect, My question is that how do i filter routes entering my P2P IPSec tunnel from the transit gateway towards onprem as i would like to receive all the routes that exist in the TG.
How to get a fixed IP (pingable) for Streamlit app hosted on AWS Lightsail?
Hi, I have my streamlit app hosted and running on AWS Lightsail. My app displays information by accessing data from internal organization database (MariaDB). The IT team has requested for a fixed IP address for it which needs to be ping-able. I have attached a static IP address to my instance, but it is not that. Can anyone please help?
I have a microservice. What would be the most appropriate and economical infrastructure. The idea is to always keep the same public ip to associate it to the DNS. And that it does not change when we make new deployments. - Use Fargate with Balancer. - Use Api Gateway. - Use Beanstalk with Elastic Ip in an EC2 and without Balancer.
Unable to run kubectl & eks commands in a fully private cluster
I have created a VPC fully private (no direct internet access), let's call it VPC-A. This vpc is peer connected to another VPC, let's call it VPC-B. This VPC-B has internet connection and is being used as a gateway for VPC-A. I have deployed a fully private cluster noly (not any node) in the private subnet of the VPC-A using the [guide](https://eksctl.io/usage/eks-private-cluster/). The problem is I am not able to run any kubectl and eks command just like mentioned in the [guide](https://eksctl.io/usage/eks-private-cluster/). After digging a lot on the internet and I found few things to access the cluster. One thing is that I must create a machine in that private VPC and try to access the cluster from there. I also created many issues on github but did not get proper answer. Below are some experts' answers > You can communicate with the K8s API by deploying EC2 instance inside that VPC and defining the EKS K8s API to your kubectl. Well, I have deployed an instance within the vpc of my cluster but whenever I run the kubectl command from the instance inside the private vpc, I get the following error message `Unable to connect to the server: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)` Also in the [EKS fully private cluster guide](https://eksctl.io/usage/eks-private-cluster/) it is mentioned that > If your setup can reach the EKS API server endpoint via its private address, and has outbound internet access (for EKS:DescribeCluster), all eksctl commands should work. Can please someone guide me properly that how can I create such setup? I ran a number of commands to check if anything is wrong with accessing the server address. ``` nmap -p 443 1E9057EC8C316E£D"@JY$J&G%1C94A.gr7.eu-west-*.eks.amazonaws.com Starting Nmap 7.80 ( https://nmap.org ) at 2022-09-09 11:11 UTC Nmap scan report for 1E9057EC8C316E£D"@JY$J&G%1C94A.gr7.eu-west-*.eks.amazonaws.com (192.168.*.*) Host is up (0.00031s latency). Other addresses for 1E9057EC8C316E£D"@JY$J&G%1C94A.gr7.eu-west-*.eks.amazonaws.com (not scanned): 192.168.*.* rDNS record for 192.168.*.*: ip-192-168-*-*.eu-west-*.compute.internal PORT STATE SERVICE 443/tcp open https Nmap done: 1 IP address (1 host up) scanned in 0.04 seconds ``` Another command is ``` nslookup 1E9057EC8C316E£D"@JY$J&G%1C94A.gr7.eu-west-*.eks.amazonaws.com Server: 127.0.0.53 Address: 127.0.0.53#53 Non-authoritative answer: Name: 1E9057EC8C316E£D"@JY$J&G%1C94A.gr7.eu-west-*.eks.amazonaws.com Address: 192.168.*.* Name: 1E9057EC8C316E£D"@JY$J&G%1C94A.gr7.eu-west-*.eks.amazonaws.com Address: 192.168.*.* ``` And another is ``` telnet 1E9057EC8C316E£D"@JY$J&G%1C94A.gr7.eu-west-*.eks.amazonaws.com 443 Trying 192.168.*.*... Connected to 1E9057EC8C316E£D"@JY$J&G%1C94A.gr7.eu-west-*.eks.amazonaws.com Escape character is '^]'. ^CConnection closed by foreign hos ``` It is clear that I can access the api server endpoints from my machine which is in the same vpc as the api server. But still when I run the kubectl command I am getting this output `Unable to connect to the server: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)` When I ran the below command `kubectl cluster-info dump` I got the following error message `Unable to connect to the server: proxyconnect tcp: dial tcp: lookup socks5h on 127.0.0.53:53: server misbehaving` Thanks
AWS us-west-2 server connecting to db have become slow
We got a mail from AWS that they will change the underlying hardware for one of our server and that did happen. However after that we are seeing a latency to connect to db from the server. Even for command line sql client we can see a difference between when the sql prompt comes back. The other server returns quickly but this server which has been migrated to new server shows a visible lag. In fact the server that is showing issue is in same availability zone as the rds. This is in west 2. Anyone else is seeing that? Also what are the ways to debug and find the root cause. Nothing has changed from our side for at least 2 months and the only new event is the change of underlying hardware.
WAF Geo Restriction - False Positive IP Block
Hello, My organization recently obtained our own block of public IP addresses from ARIN. We are currently using one of these IPs as our outbound IP for all internet traffic. We are seeing an increase in "403 Forbidden" errors for certain websites hosted on AWS. The responding server header for these errors is "awselb/2.0" One software vendor we worked with said they had to manually add an exception for our IP address. That specific vendor said their AWS WAF was configured to only allow connections from certain countries (one of the countries being the US, where we are located). I have verified that our geoIP information is accurate in Maxmind as well as other major providers. Also, our IP block is not listed in any major spam lists. So my question is, why is AWS not seeing our IP as being in the US? Do they use a separate geoIP database, or are they just slow to refresh their database with other geoIP providers? Unfortunately, my organization is not currently an AWS customer, so we have no access to AWS support. This forum is our only resort. Any help you can provide would be very much appreciated. Thanks
Domain Transfer from closing account.
Closing account do to malicious IP assigned for service after purchasing a domain and before the 60 probation waiting period for domain transfer. Can't I just have the zone file then at 60 days, push the zone file to my register? Should I be billed for the two months my domain is in limbo? The Route-53 console denies me access to the Zone file and errors when unlock transfer option is clicked. Any solutions? Been given a malicious IP by AWS is unacceptable, and is reason for the abrupt cancellation of services and has been verified by AWS as a malicious IP.
ALB as reverse proxy with home server as target
I am trying to use a ALB as a reverse proxy to send traffic to my home server, I got an API Gateway to do this but then realised API Gateway only supports HTTP/HTTPS whereas I am also using socket.io which makes use of web sockets and extra packet data. I can't seem to find a proxy option in the API Gateway web sockets flavour. So I thought that an ALB as a proxy would resolve this issue, but I can't seem to set the target IP in a target group as anything outside of a VPC and I want to set it as my home address.
Having trouble deciding the optimal architecture
So I am working on a product which is B2B. The landing page of our product is eg. example.com. And once someone purchases the subscription(let's say org1 purchases it) it we ought to provide them a custom web dashboard which can be accessed through the URL (org1.example.com) . Now i have some questions about this- Can we make this subdomain available only to the org1 members and not make it publicly available? I am a novice but can we use concepts like Route 53 Hosted zone using Client vpn endpoint or something like that? If it is possible, is it also possible to attach one SSL certificate to this domain? Anything would be helpful.