Questions tagged with Amazon VPC
Content language: English
Sort by most recent
Securing access to AppStream
Hi All, I am currently working on an AppStream POC with the intention of streaming a web based application. I have the fleet sat in a private subnet with the intention of only allowing connections from our SIG (Zscaler). I was just looking for some advice for the best way to only allow access to the fleet from a specific IP. I have tried applying security group rules which only allow connections from the relevent IPs but I find I can still connect to the streaming instances from external networks. Any advice / pointers would be appreciated!
Access RDS via GUI with Linux Machines.
Hi All, Currently, I have a RDS instance that is sitting inside a private subnet and they are connected to EC2 [Linux Instances] that are in a public subnet. Is there any way for the developers to access the RDS using mysql workbench? Accessing the RDS via CLI is a challenge,
App Oauth2 Login in Private Subnet without NAT Gateway
I run My App in Private Subnet and add Oauth2 Login without NAT Gateway. To do Oauth login, I consider setting proxy server like nginx or squid in Public Subnet. Here, I would like to ask a question because I am confused about the concept of Proxy. 1. Is Oauth2 Login possible with Forward Proxy? Or should I use Reverse Proxy? 2. Can nginx and squid be run as Forward Proxy and Reverse Proxy at the same time? 3. Is there a way to do Oauth2 Login without NAT Gateway instead of Proxy?
VPC Peering between govcloud and commercial account
Asking on behalf of a customer: Do you have any documentation that clearly explains if it's possible or not to use VPC peering between a govcloud account and a commercial account? My guess is it's not possible but having a reference would be super helpful.
Limit access to MWAA Public Environment UI
I set up a public mwaa environment but i want to limit UI access to only specific IP range I tried to remove everything from the inbound security group that mwaa public environment is using but it is still accessible from the public internet, removing it also caused scheduler to crash but i added 5432 port and it is fixed, that is the only inbound rule that the environment has I am probably missing sth but not sure what Is it possible to limit access to UI ? Thanks
Private MWAA - Snowflake Connection Issue - Amazon Managed Workflows for Apache Airflow
I set up a private Airflow environment in AWS -v2.2.2-. Environment and plugins are up and running, I want to connect to Snowflake but I am getting the error below . -whl files in plugins.zip using requirements.txt- ``` snowflake.connector.vendored.urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='......snowflakecomputing.com', port=443): Max retries exceeded with url: /session/v1/login-request?request_id=....... (Caused by ConnectTimeoutError(<snowflake.connector.vendored.urllib3.connection.HTTPSConnection object at >, 'Connection to ........snowflakecomputing.com timed out. (connect timeout=60)')) ``` Same connection works in public mwaa. I am adding connection informations into admin-connections tab from the UI. I know private env does not have connection to internet If i want to connect to any api also i get a timeout since subnets not connected to internet Also private mwaa environment is running on an existing vpc that has igw attachment, but the subnets that mwaa is running doesn't have any igw or nat attachment -as documentation suggests- I checked all the documentations but there are no information for connectivity via private environment, how can i solve my issue ?
Client VPN doesn't work suddently
I have a client VPN endpoint in ap-southeast-1 region. I was able to connect to the VPN using OpenVPN Connect on 29 Nov 2022. But now I cannot connect any more. No configuration changes to the VPN endpoint. The ssl cert is still valid. OpenVPN only shows timeout. What could go wrong? Any hint is appreciated.
PostgreSQL Connection to RDS from external server - Connection errors but works from other sources
I have a Lambda Python function connecting via psycopg2 to a PostgreSQL db instance running RDS. The Lambda connects absolutely fine (Lambda and RDS both in EU-West-2 region) I can also connect to the PostgreSQL via PgAdmin4 from a local development system and other developers can also access from other locations/IPs via PGAdmin with no problem. I can also connect a simple psycopg2 connect and query script from my local desktop here. Therefore I know RDS is accepting and responding to externally-sourced psycopg2 connections and queries. HOWEVER, when I upload the same simple connect script to my web server (OVH - based in France if of any relevance), running equivalent Python and psycopg2 etc., the connection fails with the standard psycopg2 error response from the Python: `Error raised: connection to server at "xxxxxxxx.yyyyyyyyyy.eu-west-2.rds.amazonaws.com" (ppp.qqq.rrr.ssss), port 5432 failed: Connection refused Is the server running on that host and accepting TCP/IP connections?` I've tweaked the Security Group settings to permit anything from anywhere etc and still no joy. PostgreSQL in the RDS seems to have listening on * which seems necessary to permit connections under certain circumstances. What is the subtlety in the differing sources that means such a connection from the OVH web server won't work; I can't find anything in the docs that seems to link to this issue and there's nothing obvious mis-configured on the server-side.. Any responses gratefully received.
Access denied with lambda function and puppeteer
I'm using a lambda function to visit a web site with puppeteer. From local pc I'm able to visit the site but when I launch the code in lambda function I receive this error: "Access denied. You don't have the permission to access '*sitedomain*' on this server. Reference #18". Because I'm able to performe the action from local I guess it is because some connection setting/parameter that is different when I use lambda. I have the default connection setting with my lambda function, I didn't change anything about connection configuration. Can someone help me please? What I can do?
Subnet's elastic IP address not working in us-east-1
When creating the Transfer Family server for us-east-1, the elastic IP address can't be assigned to the subnet created when access is set to "Internet Facing". It's completely greyed out. However, when creating the VPC, the subnet and its components were created together automatically. The AZs were set and it is connected to a public network gateway. The elastic IP address has the type "Public IP". What's weirder is that I've used the same method to create a server in both us-east-2 and us-west-1 successfully. What else should I be checking?
Is It Possible to Make an EC2 Instance Part of a VPN Protected by Global Protect
What am I running? * EC2 instance Ubuntu 22.04 with a static elastic ip address * The instance has only one network interface, whose details say it is an Elastic network interface. (I believed every instance has a primary network interface, but I do not see any PNI). What I want to do? My company has an on-prem virtual machine running MSSQL server at 192.168.181.75:1433, but that is behind the globalprotect VPN from Palo Alto Networks. Even when I make a call to that database, I have to connect to global protect manually from my laptop. So my question is, is there any special step I need to take to make the EC2 part of the globalprotect network? I talked to my company network administrator, who want the public IP address of the EC2 instance (which I use for SSH) and the mac address. I got the mac address by entering ``` $ ip addr ``` in the terminal, under the *ens3* interface. But can I assume these two will remain fixed across stopping and restarting the instance? Also, the inbound/outbound rules have to be altered? Some readings led me to believe I have to create an ENI, as the primary network interfaces do not support it. But when I checked the instance details, it seems the only interface present is an ENI.