Questions tagged with Amazon EC2

Content language: English

Sort by most recent

Browse through the questions and answers listed below or filter and sort to narrow down your results.

Create EC2 instance with NitroTPM Enabled

Hi, want to create an ec2 instance with nitroTPM 2.0 enabled. I followed the instructions from this site: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/enable-nitrotpm-support-on-ami.html ``` { "Images": [ { "Architecture": "x86_64", "CreationDate": "2022-11-21T20:07:43.000Z", "ImageId": "ami-05683f60db56ff1b5", "ImageLocation": "293786889684/DebianImage", "ImageType": "machine", "Public": false, "OwnerId": "293786889684", "PlatformDetails": "Linux/UNIX", "UsageOperation": "RunInstances", "State": "available", "BlockDeviceMappings": [ { "DeviceName": "/dev/xvda", "Ebs": { "DeleteOnTermination": true, "SnapshotId": "snap-0c493ccaccd018881", "VolumeSize": 8, "VolumeType": "gp2", "Encrypted": false } }, { "DeviceName": "/dev/xvdf", "Ebs": { "DeleteOnTermination": true, "VolumeSize": 10, "VolumeType": "gp2", "Encrypted": false } } ], "EnaSupport": true, "Hypervisor": "xen", "Name": "DebianImage", "RootDeviceName": "/dev/xvda", "RootDeviceType": "ebs", "SriovNetSupport": "simple", "VirtualizationType": "hvm", "BootMode": "uefi", "TpmSupport": "v2.0" } ] } ``` So far it looks good, but if I try to launch an instance of this AMI, I cannot connect to the machine. If I create an instance from the management console without nitroTPM support I can connect to the machine via my Key. Also, I would like to get some measurements from the TPM, but I don't see any of the hashes in the response. I appreciate any help you can offer. Heres my ec2 description ``` { "Reservations": [ { "Groups": [], "Instances": [ { "AmiLaunchIndex": 0, "ImageId": "ami-05683f60db56ff1b5", "InstanceId": "i-03435c99e5a3a83b5", "InstanceType": "m6a.xlarge", "KeyName": "OPTI_PLEX_KEY_PAIR", "LaunchTime": "2022-11-21T20:53:29.000Z", "Monitoring": { "State": "disabled" }, "Placement": { "AvailabilityZone": "eu-central-1a", "GroupName": "", "Tenancy": "default" }, "PrivateDnsName": "ip-172-31-16-168.eu-central-1.compute.internal", "PrivateIpAddress": "172.31.16.168", "ProductCodes": [], "PublicDnsName": "ec2-18-159-62-7.eu-central-1.compute.amazonaws.com", "PublicIpAddress": "18.159.62.7", "State": { "Code": 16, "Name": "running" }, "StateTransitionReason": "", "SubnetId": "subnet-12bdf778", "VpcId": "vpc-d90e6cb3", "Architecture": "x86_64", "BlockDeviceMappings": [ { "DeviceName": "/dev/xvda", "Ebs": { "AttachTime": "2022-11-21T20:53:30.000Z", "DeleteOnTermination": true, "Status": "attached", "VolumeId": "vol-05814aff540510c1f" } }, { "DeviceName": "/dev/xvdf", "Ebs": { "AttachTime": "2022-11-21T20:53:30.000Z", "DeleteOnTermination": true, "Status": "attached", "VolumeId": "vol-03027ae670649544f" } } ], "ClientToken": "45856522-8833-4e31-985f-f5209b014fa1", "EbsOptimized": true, "EnaSupport": true, "Hypervisor": "xen", "ElasticGpuAssociations": [], "ElasticInferenceAcceleratorAssociations": [], "NetworkInterfaces": [ { "Association": { "IpOwnerId": "amazon", "PublicDnsName": "ec2-18-159-62-7.eu-central-1.compute.amazonaws.com", "PublicIp": "18.159.62.7" }, "Attachment": { "AttachTime": "2022-11-21T20:53:29.000Z", "AttachmentId": "eni-attach-01e82b7e623e8e9da", "DeleteOnTermination": true, "DeviceIndex": 0, "Status": "attached", "NetworkCardIndex": 0 }, "Description": "", "Groups": [ { "GroupName": "launch-wizard-10", "GroupId": "sg-05676ad26b7f6ed13" } ], "Ipv6Addresses": [], "MacAddress": "02:b8:28:63:4f:fc", "NetworkInterfaceId": "eni-095492d80db0313b8", "OwnerId": "293786889684", "PrivateDnsName": "ip-172-31-16-168.eu-central-1.compute.internal", "PrivateIpAddress": "172.31.16.168", "PrivateIpAddresses": [ { "Association": { "IpOwnerId": "amazon", "PublicDnsName": "ec2-18-159-62-7.eu-central-1.compute.amazonaws.com", "PublicIp": "18.159.62.7" }, "Primary": true, "PrivateDnsName": "ip-172-31-16-168.eu-central-1.compute.internal", "PrivateIpAddress": "172.31.16.168" } ], "SourceDestCheck": true, "Status": "in-use", "SubnetId": "subnet-12bdf778", "VpcId": "vpc-d90e6cb3", "InterfaceType": "interface", "Ipv4Prefixes": [], "Ipv6Prefixes": [] } ], "RootDeviceName": "/dev/xvda", "RootDeviceType": "ebs", "SecurityGroups": [ { "GroupName": "launch-wizard-10", "GroupId": "sg-05676ad26b7f6ed13" } ], "SourceDestCheck": true, "Tags": [ { "Key": "Name", "Value": "Ubuntu bla" } ], "VirtualizationType": "hvm", "CpuOptions": { "CoreCount": 2, "ThreadsPerCore": 2 }, "CapacityReservationSpecification": { "CapacityReservationPreference": "open" }, "HibernationOptions": { "Configured": false }, "Licenses": [], "MetadataOptions": { "State": "applied", "HttpTokens": "optional", "HttpPutResponseHopLimit": 1, "HttpEndpoint": "enabled", "HttpProtocolIpv6": "disabled", "InstanceMetadataTags": "enabled" }, "EnclaveOptions": { "Enabled": true }, "BootMode": "uefi", "PlatformDetails": "Linux/UNIX", "UsageOperation": "RunInstances", "UsageOperationUpdateTime": "2022-11-21T20:53:29.000Z", "PrivateDnsNameOptions": { "HostnameType": "ip-name", "EnableResourceNameDnsARecord": true, "EnableResourceNameDnsAAAARecord": false }, "TpmSupport": "v2.0", "MaintenanceOptions": { "AutoRecovery": "default" } } ], "OwnerId": "293786889684", "ReservationId": "r-0089af1cf650fc657" } ] } ```
1
answers
0
votes
34
views
asked 16 days ago

ASP.NET Core Application not Running in AWS Linux EC2 instance instead showing Apache Test Page

I have have an AWS CodePipeline process that gets the CodeCommit repository builds the application and publish the application to the Linux EC2 instances. The entire process executes successfully and I can see the final asp.net core application gets published to the /var/www/html/ folder. But when I get loads the URL of the load balancer (EC2 instances are behind a load balancer), I see the Apache test page, not the asp.net core application. The asp.net core application I created is just the default asp.net core web application that gets created by default. Below is the buildspec.yaml file. (This publishes a self-contained application) ``` version: 0.2 env: variables: DOTNET_CORE_RUNTIME: 6.0 phases: install: on-failure: ABORT runtime-versions: dotnet: ${DOTNET_CORE_RUNTIME} commands: - echo install stage - started `date` pre_build: commands: - echo pre build stage - stared `date` - echo restore dependencies started `date` - dotnet restore ./WebApplication1/WebApplication1.csproj build: commands: - echo build stage - started `date` - dotnet publish --configuration Release --runtime linux-x64 ./WebApplication1/WebApplication1.csproj --self-contained - cp ./WebApplication1/appspec.yml ./WebApplication1/bin/Release/net6.0/linux-x64/publish/ artifacts: files: - '**/*' - appspec.yml name: artifact-test-cham discard-paths: no base-directory: ./WebApplication1/bin/Release/net6.0/linux-x64/publish/ ``` And below is the appspec.yaml file that copies the content from the S3 artifact location to the /var/www/html/ folder ``` version: 0.0 os: linux files: - source: / destination: /var/www/html/ ``` Following image shows that the web application gets successfully published to the /var/www/html folder in the Linux EC2 instance with other asp.net core framework dependent files. But even though all the web application files along with other framework files are available, as I said, when I navigate through the load balancer, I can see the Apache test page only. ![Enter image description here](/media/postImages/original/IMrj2EksFtRkigsg3lcuTJBA) Below is the "Configure" method in the application. ``` // This method gets called by the runtime. Use this method to configure the HTTP request pipeline. public void Configure(IApplicationBuilder app, IWebHostEnvironment env) { app.UseStatusCodePages(); if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); } else { app.UseExceptionHandler("/Error"); // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts. app.UseHsts(); } app.UseHttpsRedirection(); app.UseStaticFiles(); app.UseRouting(); app.UseAuthorization(); app.UseEndpoints(endpoints => { endpoints.MapRazorPages(); }); } ``` What am I doing wrong in here? Do I have to do something from the application side? Please let me know. UPDATE: Below is the instance UserData used to in each EC2 instance. ``` #!/bin/bash -xe sudo su sudo yum -y update yum install -y ruby yum install -y aws-cli sudo amazon-linux-extras install -y php7.2 sudo yum install httpd -y sudo systemctl start httpd sudo systemctl enable httpd sudo yum install -y https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm cd /home/ec2-user # downloading & installing CodeDeploy Agent as per https://docs.aws.amazon.com/codepipeline/latest/userguide/tutorials-simple-s3.html#S3-create-instances aws s3 cp s3://aws-codedeploy-${AWS::Region}/latest/install . --region ${AWS::Region} chmod +x ./install ./install auto ```
2
answers
0
votes
68
views
champer
asked 18 days ago

CloudFront - API Gateway as Reverse HTTP Proxy to CloudFront - ALB - EC2

I'm trying to set up an API Gateway as a simple proxy, using the Proxy option. The back-end is a endpoint hosted by an Cloudfront as reverse proxy for ALB + application running on EC2. User -> Cloudfront -> API Gateway Proxy Integration -> CLoudFront -> ALB -> Internal APIs hosted by EC2s. Cloudfront and API gw proxy located is in AWS account A and CloudFront + ALB + EC2 is located in account B. When I use API gateway console to test method, request hits the targeted internal api without any problem. Test execution log: ``` Execution log for request 849015fb-12c9-4619-bc96-363ecb6e9e94 Fri Nov 18 17:33:08 UTC 2022 : Starting execution for request: 849015fb-12c9-4619-bc96-363ecb6e9e94 Fri Nov 18 17:33:08 UTC 2022 : HTTP Method: POST, Resource Path: /api/v2/test/apply Fri Nov 18 17:33:08 UTC 2022 : Method request path: {} Fri Nov 18 17:33:08 UTC 2022 : Method request query string: {} Fri Nov 18 17:33:08 UTC 2022 : Method request headers: {} Fri Nov 18 17:33:08 UTC 2022 : Method request body before transformations: Fri Nov 18 17:33:08 UTC 2022 : Endpoint request URI: https://example.com/ext/v2/test/apply Fri Nov 18 17:33:08 UTC 2022 : Endpoint request headers: {x-amzn-apigateway-api-id=u041f78dig, User-Agent=AmazonAPIGateway_u041f78dig, X-Custom-Header=xxx} Fri Nov 18 17:33:08 UTC 2022 : Endpoint request body after transformations: Fri Nov 18 17:33:08 UTC 2022 : Sending request to https://example.com/ext/v2/test/apply Fri Nov 18 17:33:08 UTC 2022 : Received response. Status: 400, Integration latency: 55 ms Fri Nov 18 17:33:08 UTC 2022 : Endpoint response headers: {Content-Length=0, Connection=keep-alive, Date=Fri, 18 Nov 2022 17:33:08 GMT, Server=nginx, X-Custom-Header=4100adeb, X-Cache=Error from cloudfront, Via=1.1 c022ca80d7b946eb138dfd2e55c98980.cloudfront.net (CloudFront), X-Amz-Cf-Pop=IAD12-P4, X-Amz-Cf-Id=xxx} Fri Nov 18 17:33:08 UTC 2022 : Endpoint response body before transformations: Fri Nov 18 17:33:08 UTC 2022 : Method response body after transformations: Fri Nov 18 17:33:08 UTC 2022 : Method response headers: {Content-Length=0, Connection=keep-alive, Date=Fri, 18 Nov 2022 17:33:08 GMT, Server=nginx, X-Custom-Header=4100adeb, X-Cache=Error from cloudfront, Via=1.1 c022ca80d7b946eb138dfd2e55c98980.cloudfront.net (CloudFront), X-Amz-Cf-Pop=IAD12-P4, X-Amz-Cf-Id=xxx} Fri Nov 18 17:33:08 UTC 2022 : Successfully completed execution Fri Nov 18 17:33:08 UTC 2022 : Method completed with status: 400 ``` You can count 400 as success, because it returned from internal api running on EC2. When I'm trying to invoke cloudfront-account-a.com/api/v2/test/apply I'm getting 403 error from CF with the following headers: ``` access-control-allow-origin: * access-control-expose-headers: * content-length: 915 content-type: text/html date: Fri, 18 Nov 2022 17:11:43 GMT referrer-policy: strict-origin-when-cross-origin strict-transport-security: max-age=31536000 via: 1.1 a27022837959b6f70545c8d6d0de9d04.cloudfront.net (CloudFront), 1.1 f0f1092b2ad1f0e573a4fcbefe4fb620.cloudfront.net (CloudFront), 1.1 6bc1c280aeef9bbdeb102c7f4e4f773e.cloudfront.net (CloudFront) x-amz-apigw-id: xxx x-amz-cf-id: xxx x-amz-cf-pop: IAD12-P4 x-amz-cf-pop: IAD79-C1 x-amz-cf-pop: IAD89-C1 x-amzn-remapped-connection: keep-alive x-amzn-remapped-content-length: 915 x-amzn-remapped-date: Fri, 18 Nov 2022 17:11:43 GMT x-amzn-remapped-server: CloudFront x-amzn-requestid: 4d928828-e650-492f-b165-0654c97acab5 x-cache: Error from cloudfront x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block ``` What I'm doing wrong? Is it even possible to proxy request in the way I'm trying to do?
1
answers
0
votes
45
views
IP
asked 20 days ago