Browse through the questions and answers listed below or filter and sort to narrow down your results.
Dask + Fargate tcp connection timing out
Hello, I am trying to deploy Dask cluster on Fargate. I managed to deploy the cluster and also can see the Dask status screen via the public http address, but not able to connect using the tcp channel. I have used this article as reference "https://gist.github.com/jacobtomlinson/ee5ba79228e42bcc9975faf0179c3d1a" and tried several combinations of Inboud/Outbound rules on the security group. I used sage make to create the cluster. Any help will be very much appreciated. Best
IP range of Athena Service?
I am using athena using JDBC from an external system. To set up the firewall for that external system I need to specify an IP range. The IP range of the Athena service seems to be not listed in the standard list https://ip-ranges.amazonaws.com/ip-ranges.json Where do I find the IP Range used for athena?
AWS Internal IP Reputation Lookup
Hello! I have recently been experiencing some Error 403 issues with accessing AWS/CloudFront services, and I believe it may be reputation related. Does AWS have a lookup to tool to check for IP reputation on there internal lists? https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-ip-rep.html Thanks in advance!
EC2 outbound ports for SES, SNS, Cloudwatch
I have an EC2 running Node.js. Using the `aws-sdk` + `winston-cloudwatch` + `nodemailer` dependencies, I am using AWS SES, SNS, and Cloudwatch. In my EC2 security group, my outbound is currently setup for All-traffic; however, I would limit them to a few ports required for the services mentioned above. What outbound ports in my EC2 security group do I need to enable to use the following AWS services: SES SNS Cloudwatch? Thanks!
Lambda to RDS Connectivity
Hi, I'm wanting to establish connectivity to an RDS instance from some Lambda functions. Lambda functions are autodeployed with serverless framework, so ideally my config would be dynamic. I am currently managing infrastructure with CDK, and have the following resources: 1. RDS on Private Isolated subnet in VPC A, managed by CDK 2. EC2 instance on public subnet in VPC A, managed by CDK (For access to the RDS from the wider internet) 3. (Backend) 4 Lambdas without a VPC (Public), behind an API Gateway in default VPC, managed by serverless deploy 4. Frontend hosted on S3 behind Cloudfront, managed by serverless deploy I'm a bit stumped because I don't want to update my CDK script whenever the lambdas change. Help is much appreciated.
Can we set to Password never expires With EC Instance Windows Server 2016 using puppet script
Can we set to Password never expires With EC Instance Windows Server 2016 using puppet script? As per AWS documentation, came to know that With Windows Server 2016 and later, Password never expires is disabled for the local administrator. With Windows Server 2012 R2 and earlier, Password never expires is enabled for the local administrator.
[EC2.21] Security Hub finding issue
Hello, I am working on improving security compliance in my project and recently I've come across security finding related to network ACL: `[EC2.21] Network ACLs should not allow ingress from 0.0.0.0/0 to port 22 or port 3389`. I've updated my ACLs in the following manner: | Rule Number| Type | Protocol | Port Range | Source | Allow/Deny | | --- | --- | --- | --- | --- | --- | |10 | SSH(22) | TCP(6) | 22 | 0.0.0.0/0 | Deny | | 11 | SSH(22) | TCP(6) | 22 | ::/0 | Deny | | 20 | RDP(3389) | TCP(6) | 3389 | 0.0.0.0/0 | Deny | | 21 | RDP(3389) | TCP(6) | 3389 | ::/0 | Deny | | 100 | All traffic | All | All | 0.0.0.0/0 | Allow | | * | All traffic | All | All | 0.0.0.0/0 | Deny | According to ACL evaluation rules ports 22 and 3389 are blocked, but check still fails. I suppose that it looks only for record that allows for all traffic and ignores the order of the rules. In my opinion the current rule validation is wrong. What are your thoughts on this?
AWS Login Page shows "This site can’t be reached". However when using VPN, everthing works fine
I have used my AWS account many times last week and everything worked fine. Today I wanted to login again, but the login page was not available, showing me this URL: https://us-east-1.console.aws.amazon.com/cost-management/home?region=us-east-1#/startupError?code=_CE_Not_Ready_&title=_CE_Not_Ready_Title_ When I start the VPN connection however, AWS just works fine again. I have no idea why login into the AWS console only works via VPN. It's not laptop related, since I cannot login with my old laptop either. Something seems to fishy with my network / ip address. However, all other webpages are working just fine without VPN connection. Thanks in advance for answering my question.
AWS Network Firewall Domain list Port
Hi all. I am trying to configure AWS network firewall using Domain list. I can select the http protocol in the configuration, but http seemed to be inspected regardless of the port because it was inspected even if I used a port other than 80. Is it possible to change/limit the target port?
At random times connection from ec2 machine to api gateway returns Could not create SSL/TLS secure channel
Hi!, I post this question regarding an issue that happens to us at random times. Maybe someone experienced similar situation or can give us a clue. We have three windows ec2 running inside vpc with internet access that make requests to some public api gateways. We have noticed that at random times (the last issue was April 26 and the previous time was on April 4), all the requests made from the three instances within a range of 5 minutes failed with the message "The request was aborted: Could not create SSL/TLS secure channel" These requests happens almost every minute every day during 12 o 14 hours so it didn´t fail before or after those 5-10 minutes lapse. Its like something happening at api gateway at random times. Can it be that updating api definition with swagger file or deploying to stage may cause this issue? One of the dates matches. We use us-east-1 region and use as endpoint https://xxxxxx.execute-api.us-east-1.amazonaws.com/stagexxx The status page doesn´t show any issues on those days for api gateway service. Thanks in advance
Cannot login at aws console
This happen at aws console. Any clues? Thanks in advance. There was a problem connecting to your instance Log in failed. If this instance has just started up, wait a few minutes and try again. Otherwise, ensure the instance is running on an AMI that supports EC2 Instance Connect.