Browse through the questions and answers listed below or filter and sort to narrow down your results.
Can't access Instance using custom network acl * security group rules
Hi, I have just moved from GCP to AWS to test out CodePipeline / CodeDeploy / and S3. I was following this documentation: "Tutorial: Create a simple pipeline (S3 bucket)" and I have encountered some issues with this step . Apparently de pipeline I have created failed because it coudn't access my EC2 instance. Taking the above information into consideration, I deleted the pipeline to start fresh and I explored the EC2 service more. To sum up, I have observed that when I configure the securitygroup to use my IP instead of allow all, or if I try to use any custom rule, any attempt to access that instance will fail, SSH, ping. anything. I tried to add the same rules to Network ACLs and also I have created a Internet Gateway but nothing changed. ***Key Information:*** * **EC2 instance:** second VM test * **Zone:** eu-west-3c * **Security Group Name:** launch-wizard-2 ---------- : Step where issue was encountered https://docs.aws.amazon.com/codepipeline/latest/userguide/tutorials-simple-s3.html#:~:text=Under%20Network%20settings%2C%20do%20the%20following.
Sending emails from EC2 Ubuntu 22.04 server
I am running an Ubuntu 22.04 Server on an EC2 instance which is within the Free Tier. I want to be able to use the PHP mail() function which sends emails but uses the underlying OS mail functionality to do so. The mail() function is returning false which I think may be due to firewall / security group issues. However I also thought it may be that Amazon does not allow sending of emails from Free Tier accounts. It did work fine on my old Debian server which was not with Amazon although that was running an older version of PHP so that could be an issue. I can not see any log files relating to the attempts I have made to send emails (I looked under /var/log) which makes me think maybe I need to install an email program such as postfix or something. I do not want to send a lot of emails as in marketing etc. At the moment it would only be a few a week. I would like help troubleshooting this. Am I allowed to send emails? What port would they be sent on (and which therefore needs to be enabled)? Where are the logs? Do I need to install an email program? Any other ideas I have not thought of?
how to delete Security Groups referenced by other security groups, or are associated with instances or network interfaces?
I connected the security group to the EC2 instance. And deleted the instance. I cannot delete the security group because it is connected to the deleted e2c instance. How can I delete it?![Enter image description here](/media/postImages/original/IManBeBfEOTPaWot30JDfQeQ)
CanNot connect EC2 instance using internet
Hello I have EC2 Instance and I had apply all the configurations and internet gateway, elistic ip etc I can use instance connect option to SSH into my instance but I am not able to access my EC2 instance using public IP address from the internet. I have checked security groups many times.. I have allowed HTTP, HTTPS , SSH port in security group settings.
Getting connection timed out exception
I am trying to connect my Ec2 hosted java application with AWS rabbitMQ,But i am getting following error ``` 2022-08-25 18:01:29.976 i.l.s.r.RabbitMQConsumer Thread-27-Notification-Events-AMQP-V2-Spout-executor[81, 81] [ERROR] could not open listener on queue Notification-event-topology-v2-q 2022-08-25 18:01:29.976 o.a.s.e.e.ReportError Thread-27-Notification-Events-AMQP-V2-Spout-executor[81, 81] [ERROR] Error java.net.SocketTimeoutException: connect timed out at java.net.PlainSocketImpl.socketConnect(Native Method) ~[?:1.8.0_342] at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350) ~[?:1.8.0_342] at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206) ~[?:1.8.0_342] at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188) ~[?:1.8.0_342] at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) ~[?:1.8.0_342] at java.net.Socket.connect(Socket.java:607) ~[?:1.8.0_342] at com.rabbitmq.client.impl.SocketFrameHandlerFactory.create(SocketFrameHandlerFactory.java:57) ~[stormjar.jar:?] at com.rabbitmq.client.impl.recovery.RecoveryAwareAMQConnectionFactory.newConnection(RecoveryAwareAMQConnectionFactory.java:61) ~[stormjar.jar:?] at com.rabbitmq.client.impl.recovery.AutorecoveringConnection.init(AutorecoveringConnection.java:177) ~[stormjar.jar:?] at com.rabbitmq.client.ConnectionFactory.newConnection(ConnectionFactory.java:1150) ~[stormjar.jar:?] at com.rabbitmq.client.ConnectionFactory.newConnection(ConnectionFactory.java:1109) ~[stormjar.jar:?] at com.rabbitmq.client.ConnectionFactory.newConnection(ConnectionFactory.java:931) ~[stormjar.jar:?] at io.latent.storm.rabbitmq.RabbitMQConsumer.createConnection(RabbitMQConsumer.java:190) ~[stormjar.jar:?] at io.latent.storm.rabbitmq.RabbitMQConsumer.open(RabbitMQConsumer.java:133) [stormjar.jar:?] at io.latent.storm.rabbitmq.RabbitMQConsumer.reinitIfNecessary(RabbitMQConsumer.java:183) [stormjar.jar:?] at io.latent.storm.rabbitmq.RabbitMQConsumer.nextMessage(RabbitMQConsumer.java:60) [stormjar.jar:?] at io.latent.storm.rabbitmq.RabbitMQSpout.nextTuple(RabbitMQSpout.java:104) [stormjar.jar:?] at com.pearson.notifications.events.spouts.v2.EventsAMQPV2.nextTuple(EventsAMQPV2.java:47) [stormjar.jar:?] at org.apache.storm.executor.spout.SpoutExecutor$2.call(SpoutExecutor.java:187) [storm-client-2.4.0.jar:2.4.0] at org.apache.storm.executor.spout.SpoutExecutor$2.call(SpoutExecutor.java:153) [storm-client-2.4.0.jar:2.4.0] at org.apache.storm.utils.Utils$1.run(Utils.java:396) [storm-client-2.4.0.jar:2.4.0] at java.lang.Thread.run(Thread.java:750) [?:1.8.0_342] ``` What would be the issue ? your idea is most welcome. Thanks
Best way to filter to find a Lambda function's Network interface IP address via Boto3?
I have a custom resource and I want the output to be the private ipv4 address of a specific lambda's elastic network interface of my choosing. I've figured out how to get this working and fetching an EC2's private ipv4 address. Unfortunately the resources I do not have total control over so I cannot just add tags, and they get spun up and spun down a lot. I know through the console, I can select the function and then examine a security group attached to it, and then search that security group in the EC2 Console screen under Network Interface, to find the Network interface that would attach to the lambda. But as far as I know, there's no direct filters or boto3 API calls to do this. I tried filtering on owner being Amazon but the owner of all the lambdas come under the AWS account in which they're housed in. I need that ENI IP address for a config file that deals with security/etc otherwise the lambda won't be able to communicate.
EC2 mysteriously loses connectivity - telnet google.com 80 not working - AMI on another EC2 works without problems
I have an ec2 instance on a public subnet with Ubuntu running for months without problems. Today, when connecting to it via ssh I have seen the following error: ``` Failed to connect to https://changelogs.ubuntu.com/meta-release-lts. Check your Internet connection or proxy settings ``` Investigating a little more in depth I see that a simple ``` telnet google.com 80 Trying 220.127.116.11... ``` does not work, it does not establish a connection. I have also tried ``` nslookup google.com Server: 127.0.0.53 Address: 127.0.0.53#53 Non-authoritative answer: Name: google.com Address: 18.104.22.168 Name: google.com Address: 2a00:1450:4007:80d::200e ``` and it works fine. A telnet to another instance of the same vpc and subnet works ok. The systemd-resolved.service is up and without errors: ``` systemctl status systemd-resolved.service ● systemd-resolved.service - Network Name Resolution Loaded: loaded (/lib/systemd/system/systemd-resolved.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2022-08-23 10:37:22 UTC; 46min ago Docs: man:systemd-resolved.service(8) https://www.freedesktop.org/wiki/Software/systemd/resolved https://www.freedesktop.org/wiki/Software/systemd/writing-network-configuration-managers https://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients Main PID: 1586 (systemd-resolve) Status: "Processing requests..." Tasks: 1 (limit: 4637) Memory: 4.3M CGroup: /system.slice/systemd-resolved.service └─1586 /lib/systemd/systemd-resolved Aug 23 10:37:22 ip-172-31-34-169 systemd: Starting Network Name Resolution... Aug 23 10:37:22 ip-172-31-34-169 systemd-resolved: Positive Trust Anchors: Aug 23 10:37:22 ip-172-31-34-169 systemd-resolved: . IN DS 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237> Aug 23 10:37:22 ip-172-31-34-169 systemd-resolved: Negative trust anchors: 10.in-addr.arpa 16.172.in-addr.arpa 17.172.in-addr> Aug 23 10:37:22 ip-172-31-34-169 systemd-resolved: Using system hostname 'ip-172-31-34-169'. Aug 23 10:37:22 ip-172-31-34-169 systemd: Started Network Name Resolution. ``` I have created an AMI of this instance and I have raised another ec2 with this AMI, and everything works correctly, the new ec2 is in the same vpc and subnet and has the same security group, so I rule out connectivity problems in the vpc, route table , ACL, internet gateway etc... Could it be due to some problem in the network interface? Any idea what could be happening?
Connect to the database in an EC2 instance from the ECS cluster
I have Superset deployed on AWS using the guide https://aws.amazon.com/quickstart/architecture/apache-superset/ where I chose to deploy it in an existing VPC. The Superset deployment worked out alright and I can access Superset at the provided link. When I try to connect to a database which is hosted in an EC2 instance, within the same VPC, I get the error, port 5432 is closed message on my Superset. The DB is up and running in the EC2 instance, which has been verified locally and remotely through my laptop. I was previously able to connect to a database on RDS by adding the security group of the ECS Superset to the security group of the RDS instance. The same technique did not work for the ECS (Superset) -> EC2 (DB) connection. I also tried adding the IPv4 subnet range like 172.**.**.0/20 to the EC2 security group without success. These subnet ranges were obtained from the ECS deployment. Any help to debug this issue would be greatly appreciated.
To allow access from the server behind alb, which address should I enter, alb or server?
I created a server behind alb. You are trying to connect from that server to another server that is not connected to alb. I am not sure whether to put the alb ip or the server ip to set the security group of the server not connected to alb, so I put both. In the case of alb, I know that all server communication is done through alb, so I think alb alone is fine, but I think I need to write the destination, so I think I need to put the server ip as well. I wonder if it is enough to set the security group with only one alb address or both.
Is it possible to connect aws fargate with task ip instead of load balancer DNS?
I implemented a web server in fargate. The web server connection through the application load balancer DNS went well. However, when I connected to the task public ip, I couldn't connect. I checked that the ip and port are set properly in the service security group. In my opinion, fargate doesn't directly connect to public ip like ssh can't access. Am I right?
Instance launch failed. Adding EFS security group to mount targets failed. The maximum number of security groups per interface has been reached.
I'm trying to launch a new ec2 instance that automatically mounts an existing EFS file system. I'm using the following settings: ``` Amazon Linux 2 Kernel 5.10 AMI 2.0.20220719.0 x86_64 HVM gp2 64-bit (x86) ami-0c956e207f9d113d5 c5a.16xlarge VPC (default) Subnet: The subnet of the default VPC in eu-central-1a zone. Create security group File systems: EFS An existing file system in eu-central-1a zone ``` I have done the same operation before, but now i get an error. ``` Instance launch failed The maximum number of security groups per interface has been reached. Launch log Initializing requests Succeeded Creating security groups Succeeded Creating security group rules Succeeded Creating EFS security groups Succeeded Adding ingress rules to EFS security groups Succeeded Adding egress rules to EFS security groups Succeeded Adding EFS security group to mount targets Failed ``` What should I do to fix this?