Questions tagged with Amazon EC2
Content language: English
Sort by most recent
SAS in AWS: How to maintain same IP and hostname in autoscaling instance
HI Team I am installing SAS in EC2 instance. SAS software installation is tied to private IP address and port. I am using autoscaling=1. So when an EC2 instance goes down, I am expecting a new instance should come up. But the hostname and IP address will be different in new EC2 instance. So SAS doesn't work in new instance. 1) How can I block/reserve private IP address and Hostname in AWS? 2) How to use the blocked private IP address and Hostname (above) to be used in the new instance that comes through Auto scaling?
EC2 in region us-east-2c network issue
We have noticed network connectivity issues at our EC2 server in region us-east-2c , specifically we are unable to connect to it for SSH and Web services while still being able to access the server from SSM manager , cloudwatch recorded a drop in network traffic during 8:30 AM UTC , we are not using aws support package , anyone have this problem ?![Enter image description here](/media/postImages/original/IMr3415QEkSfO0d47rHZhxpw)
Can I Use NVMe Reservation on a Multi-Attach Enabled Volume?
Hi, I want to use Amazon EBS Multi-Attach to share data between multiple EC2 instances. In the [UserGuide](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-volumes-multi.html), it says > Multi-Attach enabled volumes do not support I/O fencing. I/O fencing protocols control write access in a shared storage environment to maintain data consistency. Your applications must provide write ordering for the attached instances to maintain data consistency. I've googled *"I/O fencing"* and found that NVMe Reservation is a good way (compared to "power fencing", which means powering off the error node) to implement I/O fencing. However, I failed to use NVMe Reservation on a Multi-Attach Enabled Volume. The details are as follows. - EC2: r5b.large, ubuntu-22.04 - EBS: io2, 100GiB, 6000 IOPS, enabled Multi-Attach I run following command in ec2 instance: ``` > sudo nvme list ``` and get ``` Node SN Model Namespace Usage Format FW Rev --------------------- -------------------- ---------------------------------------- --------- -------------------------- ---------------- -------- /dev/nvme0n1 volxxxxxxxxxxxxxxxx Amazon Elastic Block Store 1 8.59 GB / 8.59 GB 512 B + 0 B 2.0 /dev/nvme1n1 volxxxxxxxxxxxxxxxx Amazon Elastic Block Store 1 107.37 GB / 107.37 GB 512 B + 0 B 2.0 ``` then run ``` > sudo nvme resv-register -n 1 --crkey=0x0 --nrkey=0xa1 --rrega=0 /dev/nvme1n1 ``` and get ``` NVMe status: INVALID_OPCODE: The associated command opcode field is not valid(0x2001) ``` I googled this error message and find that it may be caused by the driver not supporting. To confirm that, I run ``` > sudo nvme amzn id-ctrl /dev/nvme1n1 -H ``` and get ``` ... oncs : 0 [8:8] : 0 Copy Not Supported [7:7] : 0 Verify Not Supported [6:6] : 0 Timestamp Not Supported [5:5] : 0 Reservations Not Supported [4:4] : 0 Save and Select Not Supported [3:3] : 0 Write Zeroes Not Supported [2:2] : 0 Data Set Management Not Supported [1:1] : 0 Write Uncorrectable Not Supported [0:0] : 0 Compare Not Supported ... ``` The fifth bit indicates that "not supporting reservation". So does **NOT** AWS Multi-Attach Enabled Volume support NVMe Reservation? Or there are other ways to solve this problem？
Cross account role for multiple accounts
We have a BI product which we provisioned on EC2 instances. The only way we can connect to AWS data sources from this EC2 instances is by giving cross account role trust policy. Ec2 is sitting in one vpc and data sources in different vpc's. We have use case to connect to multiple accounts(vpc) data sources, in which case if ec2 role is compromised, it will be able to connect to all the data sources which has the trust. How do we add more access control layers to this?
AWS instance randomly becomes unresponsive
My AWS instance randomly becomes unresponsive everyday. I won't be able to ``ping`` it and all ports on the public IP are inaccessible but it shows the instance is running from the AWS dashboard. The only way to fix it is by rebooting but I don't want to have to do this every day. The instance reachability check fails but the system status check doesn't ![status check](/media/postImages/original/IMrJ6TIc7pSVKt1XkZhJ6iRQ) The CPU utilization is not even high so I know it isn't crashing or something. ![cpu utilization](/media/postImages/original/IMG3l0VCteQKypIPRy7h_w1w) The system log doesn't show anything wrong either (pastebin: https://pastebin.com/Ri1ui8sp). My machine type doesn't have EC2 serial console so I can't access that either.
ECS: Autoscaling scale down the wrong instance
Hello We have a web application which start on demand algorithms. When a user start an algorithm, it starts a task in an ECS Cluster, which has a capacity provider configured to provide an EC2 to run the algorithm. Here I have 2 issues : - When ECS detect that it needs to provide an EC2, 2 servers are scaled while only 1 task is started![CapacityProviderReservation](/media/postImages/original/IMLTVVltxvRYC4NiBn5ljiDA) - As we can see in the screenshot, after 15 min the capacity provider detects that it needs only 1 EC2, so it scale down one EC2, but sometimes, it kills the server on which the algorithm is running. Logs from amazon-ecs-agent on tail -f during the execution of the task : ``` level=info time=2022-11-17T13:20:40Z msg="Managed task at steady state" task="e4874c5693044ed08acbeb311c4919a5" knownStatus="RUNNING" level=info time=2022-11-17T13:20:40Z msg="Managed task at steady state" task="e4874c5693044ed08acbeb311c4919a5" knownStatus="RUNNING" Connection to 35.180.71.XXX closed by remote host. ``` Is there a way to provide only 1 EC2 when we start a task ? Is ECS the right way to do these actions ? Thank you, Valentin
Not able to connect ssh which i have created vm from the existing AMI
I am not able to connect ssh to the newly created vm using existing AMI backup and also tried creating vm by taking AMI backup from the running vm too. Either way i am unable to connect. Network and security group is all fine. I am pretty badly needed to run another instance of running vm by referring existing AMI or creating anything new AMI. Please help me to fix this : Instance-ID:i-0dea1177b03bc9c5d AMI: ami-0e69a19245c9c3248 ami-0c95fb1ecf1c439f1 Thanks,
AWS EC2 Instance Stop and Start IP Address Changed
One of my EC2 Instance Stop and Start but after start instance ip address changed by which all urls of website stopped. My Data loggers using old ip address. Is there any solutions for getting old ip address again or any way to change this ip address to old one.
In a EC2 host, where are the files of the website ?
Hello, My client has a website hosted with EC2 , I have been in the terminal (Cloudshell) and looked for a folder like /var/www , but I could not find anything related to his website. I also did not find a trace of a webserver (apache, nginx), so now I am wondering if I am even looking in the right place. So, how can I be sure that the Cloudshell I am looking into corresponds to the website of my client ? (about his website, I only have his URL) More generally, where are the files of his website ? :) Thanks a lot
AWS Inspector V2 and AWS Inspector Classic findings are different
I am using Ubuntu 20.04 EC2 Instances and was investigating the difference between AWS Inspector Classic and AWS Inspector V2. There seemed to be many differences but the main one was the actual findings. With Inspector Classic a number of CVE would be found while with Inspector V2 the same instance once scanned would say `No Findings`. ### Inspector Classic finds 53 CVE's ![Enter image description here](/media/postImages/original/IM7H1iE2k8S2iL21F4CODGEQ) ### Same instance with InspectorV2 Just show `No findings` ![Enter image description here](/media/postImages/original/IMLgoOIjGzSqm7eZcT5bGH4Q) ------- With Inspector Classic I did attach a rule called `Common Vulnerabilities and Exposures-1.1`. I'm not sure what Inspector V2 actually checks against either. During my search to make this work did find that I needed the following Systems Managers manager Association needed to work `InspectorInventoryCollection-do-not-delete`. It's working now and show success for all ec2 instances. I am unsure if the `InvokeInspectorSsmPlugin-do-not-delete` Association needs to work as well. Not quite sure what this is used for but it shows skipped for all instances and when I look at the detailed status output on a specific instances is just says `InvalidPlatform`. Not sure if this is related. Can InspectorV2 actually be used to check Ubuntu 20.04 CVE's. If so how. Is there some special IAM or SSM config/setup that needs to be applied?