Questions tagged with Amazon VPC
Sort by most recent
Browse through the questions and answers listed below or filter and sort to narrow down your results.
Linux aws ec2 and Ubuntu t2.micro instances failed to update and install any software
I have launched today two Linux ec2 t2.micro instances and one Ubuntu t2.micro instances in us-west-2 region. All there did not either update the software or install java-11-openjdk. I have sent the complain to aws and they just gave me a like to the aws re:Post site. It was not my problem. I launched dozen of ec2 instances before and everything was OK. My home network was working fine. I was connected to the instances. The inbound and outbound security rules were set to accept HTTP traffic (TCP port 80 was open). ![I have attached a screenshot of the Ubuntu aws ec2, that failed to connect to archive.ubunty.com:80 and can not connet to security.ubuntu.com:80](/media/postImages/original/IMl_EasOC6QJa2I-sy1-bO5w)
Connect to the database in an EC2 instance from the ECS cluster
I have Superset deployed on AWS using the guide https://aws.amazon.com/quickstart/architecture/apache-superset/ where I chose to deploy it in an existing VPC. The Superset deployment worked out alright and I can access Superset at the provided link. When I try to connect to a database which is hosted in an EC2 instance, within the same VPC, I get the error, port 5432 is closed message on my Superset. The DB is up and running in the EC2 instance, which has been verified locally and remotely through my laptop. I was previously able to connect to a database on RDS by adding the security group of the ECS Superset to the security group of the RDS instance. The same technique did not work for the ECS (Superset) -> EC2 (DB) connection. I also tried adding the IPv4 subnet range like 172.**.**.0/20 to the EC2 security group without success. These subnet ranges were obtained from the ECS deployment. Any help to debug this issue would be greatly appreciated.
VPC is not working; Received 'No Proposal Chosen' error message
Scope: Created a static site-to-site VPC Customer: Watchguard Firewall with up-to-date software Problem: Used AWS instructions for watchguard and setup VPN Tunnel. 1. Checked and re-checked Phase 1 and Phase 2 settings 2. Checked that device can ping the AWS Public IP Address of the Tunnel 3. Checked that UDP Port 500 allows traffic through it The problem is that my remote site is not able to establish connection through the tunnel, in watchguard firewall logs i get the following error: ERROR 0x02030014 Received 'No Proposal Chosen' message. Check VPN IKE diagnostic log messages on the remote gateway endpoint for more information. Has anyone come across this?
What is these IPs related to 13.212.3.X
In my nat VPC flow logs, I am able to see a huge transfer to 13.212.3.X serious IPs. When I checked about these IPs those are from AWS ISP itself. How do I know much more detail about this transaction is it genuine? Which service is involved in that time of the transaction?
Migration of EC2, EBS-Backed instances to VPC - Issues
Hi - I followed advice from AWS on how to migrate EC2 Classic Instances (Linux) to VPC. Steps taken: * Create Linux AMI from EC2 Instance (worked) * Using EC2 Launch Instance wizard, I chose the new AMI and launched into newly created VPC (says it worked). *Associate Elastic IP with running image Issue is that I cannot see any instances, running or otherwise, in VPC - they all appear in EC2 Classic! Also, EC2 Classic is still running fine after Aug 15 cutoff date? Help!
EKS pod sometimes success connect to RDS cluster, but sometimes failed. How can I fix it?
Hi, I register an issue to https://github.com/aws/amazon-vpc-cni-k8s/issues/2046 . So I wrote this support case. (the issue text: What happened: eks cluster and rds (mysql) cluster are in same vpc. I added my eks security group(eks-cluster-sg-MYCLUSTERNAME-*) to rds security group's inbound rule (port 3306) I found rds connection sometimes succeed but sometimes failed. (it is timeout error) I set timeout seconds to 300s, so I think it's not matter. It has some weird pattern. When connection success, it tooks < 1 sec or it tooks more than 2 minutes. (very fast or long) I tested in local, there is no problem (connection tooks < 1sec). but same code in pod shows above things. I don't know why connection sometimes success, sometimes failed. how to fix it? any ideas? thank you. Environment: Kubernetes version (use kubectl version): 1.22.0 CNI Version ) My problem happens when my EKS pods trying connect to RDS cluster. I think it is EKS network problem. because it happens only in EKS pod. Local connection test (my pc to RDS DB) always success. And our service using RDS didn't have any issue. Can I solve this? thank you. (I tried create VPC flow logs, but cloudwatch log group store nothing :( )
connect to mysqlRDS instance from local workstation
Hi team, I'm trying to connect to my RDS MySQL aurora instance via DBeaver from my local machine via SSM following this article : https://aws.amazon.com/blogs/database/securely-connect-to-an-amazon-rds-or-amazon-ec2-database-instance-remotely-with-your-preferred-gui/?fbclid=IwAR0AYyKOfbWGixDBgyZlsJ8ikAnOgbcHPlB4XcGrov0vh63JkAQGcNslLHc when I run the command `aws ssm start-session --target ...` I have this message : ``` Starting session with SessionId: user.user@dom0d4ede5d4d251sd37c Port 3306 opened for sessionId user.user@dom-0w4cde734x221e91c. Waiting for connections... ``` in DBeaver I put the cluster endpoint, the port number, the username and the password I have this message from DBeaver : ``` The last packet sent successfully to the server was 0 milliseconds ago. The driver has not received any packets from the server. connect timed out ``` I'm not sure if it's due to ssm endpoint, I tried to create SSM endpoint following this article : https://docs.aws.amazon.com/systems-manager/latest/userguide/setup-create-vpc.html ``` To create VPC endpoints for Systems Manager In the first step of this procedure, you create three required and one optional interface endpoints for Systems Manager. Follow the steps in Create an interface endpoint to create the following interface endpoints: 1 - com.amazonaws.region.ssm – The endpoint for the Systems Manager service. 2 - com.amazonaws.region.ec2messages – Systems Manager uses this endpoint to make calls from SSM Agent to the Systems Manager service. 3 - com.amazonaws.region.ec2 – ``` the endpoint failed to create : ``` status = Failed Status message = private-dns-enabled cannot be set because there is already a conflicting DNS domain for ec2messages.region.amazonaws.com in the VPC vpc-wee1287dvhdvvsj Status message = private-dns-enabled cannot be set because there is already a conflicting DNS domain for ssm.region.amazonaws.com in the VPC vpc-wee1287dvhdvvsj ``` >only this endpoint : com.amazonaws.ca-central-1.ec2 was created successfully I'm not sure if the timeout I get is due to the SSM endpoints. any idea would help, thank you!
After RDS OS patched in an offline operation RDS Database is not accepting connection from outside the VPC
After a offline operation RDS OS patch Info: * Status is available * Connection attempts from outside the VPC is always receive timeout * Connection Inside our VPC working * Last time worked at Saturday 20:40 (outside attempts) * RDS instance - 8.0.23 * Publicly accessible - yes Note: Creating identical RDS instances in prior version to v8.0.23 Test RDS instances with same VPC configurations: * v8.0.21 - working * v8.0.23 - not working * v8.0.28 - not working
How to stop billing for "Route 53 Resolver Network Interface"?
Hi, I have been running EC2 instances with web servers on them for months now. I have never been billed anything by Route53 other than for the domain name (and requests, within free tier). Recently, I was following an AWS docs tutorial on Route53 Resolvers. I have created some Resolver rules and endpoints. However, now I have deleted all Resolver endpoints and rules (except the default rule, which I cannot possibly delete, via console or CLI), and in my billing, I am getting billed $0.125/hour for: > $0.125 per hour per Resolver Network Interface My question: how do I stop this billing from happening? I was purely trying out the Route53 Resolvers, and now I am getting billed quite a lot of money for something I am not using and do not know how to turn off. **Things I have tried / found out:** * I am aware that the billing corresponds to the amount of ENIs (also $0.125/hour), are these the same thing? I have an ENI running in my EC2 console, but I wouldn't understand why this all the sudden would be a problem, because (as I stated before): I have never paid for Resolver Network Interfaces before. * _This list will be updated as I try more things_
How can i be sure i'm using EC2-VPC and not EC2-Classic?
I'm using an old account but i'm a beginner at AWS so i need some help to make sure im using VPC and not Classic so i don't lose my instances when they retire classic. I've read other topics that say that if an instance has VPC-ID defined it means that it's on a VPC, but i just want to make sure. I have 5 instances, 4 of them have VPC-ID: VPC name, but there's an old instance that's like this:VPC-ID: - Does this VPC-ID thing work for RDS too? Meaning if it's defined, it's in a VPC? But apart from that, is there any other way to make sure they're already in a VPC and won't be deleted? I created the instances and rds's last year (I tried using the script but it's too complicated to do with my current knowledge) Thank you for your help and patience
Unable to release Elastic IP - but there's no rDNS involved
I am trying to release an Elastic IP address. Under the Actions button, the Release, Associate, and Disassociate options are all grayed out. How can I release this orphaned Elastic IP? I tried the option to clear the Reverse DNS, but received the message 'Update is not required for Public IP Address 126.96.36.199', so apparently a Reverse DNS isn't involved. Any suggestions?
EKS Cluster was create Security Group and don't cleanup this SG after destroy
About two weeks ago we found that CFN manifest after delete can not removed VPC. I've checked that and it turned out that the EKS cluster don't removed Security Group which self created. Security group has naming "eks-cluster-sg-EKS-*" with description "EKS created security group applied to ENI that is attached to EKS Control Plane master nodes, as well as any managed workloads." How I can fix that? For reproduce that you need to deploy VPC with EKS by CFN or using AWS QSS solution. Thanks