Questions tagged with Amazon EC2
Content language: English
Sort by most recent
a4-25.smtp-out.eu-west-1.amazonses.com / Client host blocked using cbl.abuseat.org
Some of my customers on either EC2 or Lightsail with their own (validated and secure) email servers are experiencing this problem, which started yesterday:- ``` An error occurred while trying to deliver the mail to the following recipients: email@example.com Reporting-MTA: dns; a4-25.smtp-out.eu-west-1.amazonses.com Action: failed Final-Recipient: rfc822; firstname.lastname@example.org Diagnostic-Code: smtp; 554 5.7.1 Service unavailable; Client host [220.127.116.11] blocked using cbl.abuseat.org Status: 5.7.1 ``` The email servers have SPF, DKIM, DMARC and MTA-STS set up and have been fine for many years. The IP address 18.104.22.168 is ofcourse one of AWS' SES servers. I have sent a tweet to AWS and they redirected me here. Can anyone help? Regards, Paul Littlefield
EC2 instance created with public IP, but unable to access over HTTP
Created an EC2 instance, having a VPC with attached Internet gateway, Security groups with inbound rule to allow any traffic fro HTTP, HTTPS and having all traffic allowed for outbound rule. internet gateway created, attached to VPC using, and add it to the route table too. But even after successful launch, instance is unreachable when hitting the assigned public ip from browser. Also when used to connect the instance from "CONNECT" button , getting console opened but later errors out with message: `EC2 Instance Connect is unable to connect to your instance. Ensure your instance network settings are configured correctly for EC2 Instance Connect. For more information, see Set up EC2 Instance Connect at https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-connect-set-up.html.` Any pointers are highly appreciated.
Notification when ANY status check fails
I've seen articles about getting a notification for the StatusCheckFailed metric, but when creating an alarm it appears I HAVE TO specify an instance ID. But we are creating and destroying instances automatically and I want a notification when ANY status check fails. Is there a way to set that up?
What is the FQDN of an EC2 instance?
I am doing a lift and shift on a backend server that requires its FQDN to run. This is so other auxiliary servers and find and connect to one another which are in the same network. Would it be the private DNS ip address (`ip-172-11-36-99.us-east-2.compute.internal`) or the result of typing `hostname` into a shell (`EC2AMAZ-HMCB6JD`)
How to open traffic between 2-Ec2 instances via internal private IPs
I have 2 ec2 instances that are needed to communicate as backend servers. They are both attached to the same security group which has a inbound rule allowing for all ports on the VPC's CIDR range. So the CIDR range is 172.31.0.0/32 for all ports. The program is that when I ping instance 1 from instance 2 using the internal IP address, the ping fails. I'm not sure why that fails. Any help would be great.
Deny access of read for i am user for instance attribute user data
i have an requirement that i want to hide instance user data from any user, like I don't want to allow any iam user/role to read what my instance user data has, I did tried to deny DescribeInstanceAttribute with condition for attribute "UserData"but that didn't worked. i just want to know is it possible to hide this specific instance attribute "userData" from user?
EFS mount on ec2 not tolerant of zone failure
Hi, I use a efs mount on my ec2s that are part of a auto scaling group. Whilst doing some house keeping I spotted that the efs was spread across three subnets that I didn't intend. I used the manage network option within the EFS console and removed a zone and then added it back with the correct subnet. This caused the mount on my ec2's to become unresponsive. I simple reboot resolved the issue. This got me thinking about what would happen with a zone failure so I did some tests. It appears that if you remove a zone from an EFS, if the ec2 mount isn't using that zone then everything is ok, however, if that zone is currently being used, then the ec2 mount doesn't failover to another zone and the mount becomes un-responsive. Is there any way to mitigate a zone failure on a efs mount or is this a single point of failure in a system using efs mounts? My fstab entry options are; nfs4 nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport,_netdev 0 0 Thanks for any advice.
RE : AWS Inspector Shows Critical Updates Pending But Instance Says Otherwise
Hi Team, Instance ID - i-0e5934adddc2d8372 I've updated all the packages (See Libcurl-2.png). But the Inspector still shows critical updates are pending on my instance (See Libcurl-1.png) Requesting help in investigating this.![![Enter image description here](/media/postImages/original/IMgUGzjYUXQAOinPmO1hAqZg) Enter image description here](/media/postImages/original/IMjXCbaW5ZTuaGmhzz6Nw26g) ![Enter image description here](/media/postImages/original/IMQf0BnF4-RvGK_YroaAC43Q) Eg : >>> This is what Inspector Shows For The Instance : Affected packages Name libcurl Installed version / Fixed Version 0:7.79.1-4.amzn2.0.1.X86_64 / 0:7.79.1-6.amzn2.0.1 Package manager OS Name curl Installed version / Fixed Version 0:7.79.1-4.amzn2.0.1.X86_64 / 0:7.79.1-6.amzn2.0.1 Package manager OS >>> This is what the Instance shows when trying to remediate (i.e update the package -> It says its already updated) sh-4.2$ sudo yum update libcurl Loaded plugins: extras_suggestions, langpacks, priorities, update-motd amzn2-core | 3.7 kB 00:00:00 No packages marked for update sh-4.2$
One user unable to sudo on specific EC2 instances (g4/g5.*). PAM account management error is thrown while trying to sudo
We have multiple EC2 machines in our account, all AL2. One user is unable to sudo on specific instance types (g4/g5), while others can. The user is a part of sudoers and other users able to sudo on the same instance types. This becomes weirder when this user is able to sudo on other instance types (c5, m5, etc.). Error thrown is PAM account management error: Authentication service cannot retrieve authentication info ; TTY=pts/2 ; PWD=/home/<userid>; USER=root ; COMMAND=/usr/bin/su The users on these servers are authenticated using sssd hitting the enterprise LDAP server, so they are not created locally. We upgraded/downgraded the sudo version but it did not help. Any advise would be appreciated. [root@ip-100-x-x-x log]# cat /etc/os-release NAME="Amazon Linux" VERSION="2" ID="amzn" ID_LIKE="centos rhel fedora" VERSION_ID="2" PRETTY_NAME="Amazon Linux 2" ANSI_COLOR="0;33" CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2" HOME_URL="https://amazonlinux.com/"
Mismatch between nginx and nginx-mod-http-geoip in @amzn2extra-nginx1 repos
We rely on **@amzn2extra-nginx1** to keep nginx up to date on our amzn2 EC2 instance. A week ago, most nginx packages, including core, have been updated to the **1.22** version, as shown from `yum list` ``` nginx.x86_64 1:1.22.0-1.amzn2.0.1 amzn2extra-nginx1 ``` However, the GEOIP module is stuck at the previous version **1.20**, as shown from `yum list` ``` nginx-mod-http-geoip.x86_64 1:1.20.0-2.amzn2.0.5 amzn2extra-nginx1 ``` Is this the correct place to flag this, or are there dedicated resources to flag repo-related issues? Tried googling but couldn't find a better place than this one.
Are All EC2 Instance Level Storage Lost Upon Rebooting the Instance?
Apologies for the noob question. Some readings led me to believe that an instance level EC2 storage will be lost if I reboot. So the questions I have are * If the storage is totally lost, how does a computer even remember anything? Should not it remember at least the username, password, sudo group etc. across reboots? * How to store my codes, configurations in an EC2 instance to be retained across reboots? Is it possible at all, or does it have to be something like an EBS that is decoupled from the instance and must be mounted on every start up? I am intending to use Ubuntu 22.04 as the OS, if that is important.