Questions tagged with Security Group
Content language: English
Sort by most recent
how to delete Security Groups referenced by other security groups, or are associated with instances or network interfaces?
I connected the security group to the EC2 instance. And deleted the instance. I cannot delete the security group because it is connected to the deleted e2c instance. How can I delete it?![Enter image description here](/media/postImages/original/IManBeBfEOTPaWot30JDfQeQ)
CanNot connect EC2 instance using internet
Hello I have EC2 Instance and I had apply all the configurations and internet gateway, elistic ip etc I can use instance connect option to SSH into my instance but I am not able to access my EC2 instance using public IP address from the internet. I have checked security groups many times.. I have allowed HTTP, HTTPS , SSH port in security group settings.
Getting connection timed out exception
I am trying to connect my Ec2 hosted java application with AWS rabbitMQ,But i am getting following error ``` 2022-08-25 18:01:29.976 i.l.s.r.RabbitMQConsumer Thread-27-Notification-Events-AMQP-V2-Spout-executor[81, 81] [ERROR] could not open listener on queue Notification-event-topology-v2-q 2022-08-25 18:01:29.976 o.a.s.e.e.ReportError Thread-27-Notification-Events-AMQP-V2-Spout-executor[81, 81] [ERROR] Error java.net.SocketTimeoutException: connect timed out at java.net.PlainSocketImpl.socketConnect(Native Method) ~[?:1.8.0_342] at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350) ~[?:1.8.0_342] at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206) ~[?:1.8.0_342] at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188) ~[?:1.8.0_342] at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) ~[?:1.8.0_342] at java.net.Socket.connect(Socket.java:607) ~[?:1.8.0_342] at com.rabbitmq.client.impl.SocketFrameHandlerFactory.create(SocketFrameHandlerFactory.java:57) ~[stormjar.jar:?] at com.rabbitmq.client.impl.recovery.RecoveryAwareAMQConnectionFactory.newConnection(RecoveryAwareAMQConnectionFactory.java:61) ~[stormjar.jar:?] at com.rabbitmq.client.impl.recovery.AutorecoveringConnection.init(AutorecoveringConnection.java:177) ~[stormjar.jar:?] at com.rabbitmq.client.ConnectionFactory.newConnection(ConnectionFactory.java:1150) ~[stormjar.jar:?] at com.rabbitmq.client.ConnectionFactory.newConnection(ConnectionFactory.java:1109) ~[stormjar.jar:?] at com.rabbitmq.client.ConnectionFactory.newConnection(ConnectionFactory.java:931) ~[stormjar.jar:?] at io.latent.storm.rabbitmq.RabbitMQConsumer.createConnection(RabbitMQConsumer.java:190) ~[stormjar.jar:?] at io.latent.storm.rabbitmq.RabbitMQConsumer.open(RabbitMQConsumer.java:133) [stormjar.jar:?] at io.latent.storm.rabbitmq.RabbitMQConsumer.reinitIfNecessary(RabbitMQConsumer.java:183) [stormjar.jar:?] at io.latent.storm.rabbitmq.RabbitMQConsumer.nextMessage(RabbitMQConsumer.java:60) [stormjar.jar:?] at io.latent.storm.rabbitmq.RabbitMQSpout.nextTuple(RabbitMQSpout.java:104) [stormjar.jar:?] at com.pearson.notifications.events.spouts.v2.EventsAMQPV2.nextTuple(EventsAMQPV2.java:47) [stormjar.jar:?] at org.apache.storm.executor.spout.SpoutExecutor$2.call(SpoutExecutor.java:187) [storm-client-2.4.0.jar:2.4.0] at org.apache.storm.executor.spout.SpoutExecutor$2.call(SpoutExecutor.java:153) [storm-client-2.4.0.jar:2.4.0] at org.apache.storm.utils.Utils$1.run(Utils.java:396) [storm-client-2.4.0.jar:2.4.0] at java.lang.Thread.run(Thread.java:750) [?:1.8.0_342] ``` What would be the issue ? your idea is most welcome. Thanks
Best way to filter to find a Lambda function's Network interface IP address via Boto3?
I have a custom resource and I want the output to be the private ipv4 address of a specific lambda's elastic network interface of my choosing. I've figured out how to get this working and fetching an EC2's private ipv4 address. Unfortunately the resources I do not have total control over so I cannot just add tags, and they get spun up and spun down a lot. I know through the console, I can select the function and then examine a security group attached to it, and then search that security group in the EC2 Console screen under Network Interface, to find the Network interface that would attach to the lambda. But as far as I know, there's no direct filters or boto3 API calls to do this. I tried filtering on owner being Amazon but the owner of all the lambdas come under the AWS account in which they're housed in. I need that ENI IP address for a config file that deals with security/etc otherwise the lambda won't be able to communicate.
EC2 mysteriously loses connectivity - telnet google.com 80 not working - AMI on another EC2 works without problems
I have an ec2 instance on a public subnet with Ubuntu running for months without problems. Today, when connecting to it via ssh I have seen the following error: ``` Failed to connect to https://changelogs.ubuntu.com/meta-release-lts. Check your Internet connection or proxy settings ``` Investigating a little more in depth I see that a simple ``` telnet google.com 80 Trying 184.108.40.206... ``` does not work, it does not establish a connection. I have also tried ``` nslookup google.com Server: 127.0.0.53 Address: 127.0.0.53#53 Non-authoritative answer: Name: google.com Address: 220.127.116.11 Name: google.com Address: 2a00:1450:4007:80d::200e ``` and it works fine. A telnet to another instance of the same vpc and subnet works ok. The systemd-resolved.service is up and without errors: ``` systemctl status systemd-resolved.service ● systemd-resolved.service - Network Name Resolution Loaded: loaded (/lib/systemd/system/systemd-resolved.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2022-08-23 10:37:22 UTC; 46min ago Docs: man:systemd-resolved.service(8) https://www.freedesktop.org/wiki/Software/systemd/resolved https://www.freedesktop.org/wiki/Software/systemd/writing-network-configuration-managers https://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients Main PID: 1586 (systemd-resolve) Status: "Processing requests..." Tasks: 1 (limit: 4637) Memory: 4.3M CGroup: /system.slice/systemd-resolved.service └─1586 /lib/systemd/systemd-resolved Aug 23 10:37:22 ip-172-31-34-169 systemd: Starting Network Name Resolution... Aug 23 10:37:22 ip-172-31-34-169 systemd-resolved: Positive Trust Anchors: Aug 23 10:37:22 ip-172-31-34-169 systemd-resolved: . IN DS 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237> Aug 23 10:37:22 ip-172-31-34-169 systemd-resolved: Negative trust anchors: 10.in-addr.arpa 16.172.in-addr.arpa 17.172.in-addr> Aug 23 10:37:22 ip-172-31-34-169 systemd-resolved: Using system hostname 'ip-172-31-34-169'. Aug 23 10:37:22 ip-172-31-34-169 systemd: Started Network Name Resolution. ``` I have created an AMI of this instance and I have raised another ec2 with this AMI, and everything works correctly, the new ec2 is in the same vpc and subnet and has the same security group, so I rule out connectivity problems in the vpc, route table , ACL, internet gateway etc... Could it be due to some problem in the network interface? Any idea what could be happening?
Connect to the database in an EC2 instance from the ECS cluster
I have Superset deployed on AWS using the guide https://aws.amazon.com/quickstart/architecture/apache-superset/ where I chose to deploy it in an existing VPC. The Superset deployment worked out alright and I can access Superset at the provided link. When I try to connect to a database which is hosted in an EC2 instance, within the same VPC, I get the error, port 5432 is closed message on my Superset. The DB is up and running in the EC2 instance, which has been verified locally and remotely through my laptop. I was previously able to connect to a database on RDS by adding the security group of the ECS Superset to the security group of the RDS instance. The same technique did not work for the ECS (Superset) -> EC2 (DB) connection. I also tried adding the IPv4 subnet range like 172.**.**.0/20 to the EC2 security group without success. These subnet ranges were obtained from the ECS deployment. Any help to debug this issue would be greatly appreciated.
To allow access from the server behind alb, which address should I enter, alb or server?
I created a server behind alb. You are trying to connect from that server to another server that is not connected to alb. I am not sure whether to put the alb ip or the server ip to set the security group of the server not connected to alb, so I put both. In the case of alb, I know that all server communication is done through alb, so I think alb alone is fine, but I think I need to write the destination, so I think I need to put the server ip as well. I wonder if it is enough to set the security group with only one alb address or both.
Is it possible to connect aws fargate with task ip instead of load balancer DNS?
I implemented a web server in fargate. The web server connection through the application load balancer DNS went well. However, when I connected to the task public ip, I couldn't connect. I checked that the ip and port are set properly in the service security group. In my opinion, fargate doesn't directly connect to public ip like ssh can't access. Am I right?
Instance launch failed. Adding EFS security group to mount targets failed. The maximum number of security groups per interface has been reached.
I'm trying to launch a new ec2 instance that automatically mounts an existing EFS file system. I'm using the following settings: ``` Amazon Linux 2 Kernel 5.10 AMI 2.0.20220719.0 x86_64 HVM gp2 64-bit (x86) ami-0c956e207f9d113d5 c5a.16xlarge VPC (default) Subnet: The subnet of the default VPC in eu-central-1a zone. Create security group File systems: EFS An existing file system in eu-central-1a zone ``` I have done the same operation before, but now i get an error. ``` Instance launch failed The maximum number of security groups per interface has been reached. Launch log Initializing requests Succeeded Creating security groups Succeeded Creating security group rules Succeeded Creating EFS security groups Succeeded Adding ingress rules to EFS security groups Succeeded Adding egress rules to EFS security groups Succeeded Adding EFS security group to mount targets Failed ``` What should I do to fix this?
With a Security group I can't connect to EC2 instance
Hello, I have a security group which allows inbound traffic to port 22 from the world 0.0.0.0, then I created an EC2 instance with that security group attached but I can't connect to the instance, the instance of course has an external public IP (AWS assigned one inside 3.24x.x.x range) but I cant' connect, this instance is in eu-west-1 (Ireland), I don't even get a response using telnet on port 22 while trying to connect to it, however, if I create an EC2 instance with the same SG rules (different SG because it's different region but the same rules) in eu-west-3 (Paris) I can connect. I tried this many times with the same result, thank you for any help
EKS Cluster was create Security Group and don't cleanup this SG after destroy
About two weeks ago we found that CFN manifest after delete can not removed VPC. I've checked that and it turned out that the EKS cluster don't removed Security Group which self created. Security group has naming "eks-cluster-sg-EKS-*" with description "EKS created security group applied to ENI that is attached to EKS Control Plane master nodes, as well as any managed workloads." How I can fix that? For reproduce that you need to deploy VPC with EKS by CFN or using AWS QSS solution. Thanks