I have a load balancer in GCP and an Instance in AWS and a VPN connectivity is there between the AWS and GCP vpc but the load balancer is not able to connect to the AWS instance and failing health check for that instance.
I tried creating a hybrid connectivity load balancer in gcp and gave AWS instance Private IP to it but it is not able to connect to the Instance
Related
We want to move our AWS RDS database to GCP CloudSQL. We want to do this without downtime. So our approach was to set up a HA VPN tunnel and use Data Migration Service to sync everything to CloudSQL.
The RDS database is in a private subnet on the AWS side. I've successfully set up a HA VPN tunnel between this AWS private subnet and a private subnet in our GCP project.
I'm able to verify that this works because I can do the following things:
ping from an instance in GCP in the private subnet to an instance in AWS in that private subnet
ping from an instance in AWS in the private subnet to the instance in GCP
After installing MySQL on the GCP instance, I'm able to connect and query the RDS database
I'm struggling with setting up the Data Migration Service in GCP to sync the data from the RDS instance. I've chosen the CloudSQL instance to have a Private IP, not a public one. As connectivity method, I select VPC peering and select the VPC in which the GCP instance from which I'm able to contact the RDS instance resides.
I understand that CloudSQL is created in a project peered to my GCP project, and the CloudSQL instance resides in a subnet in this new project. So there is no route from this subnet to my private subnet. However, I see that it is peered automatically. In this peering connection, I checked the option to import and export custom routes, but still, I cannot reach the RDS from the CloudSQL instance.
I've got routes in GCP for the private subnet IP range of AWS, with the next hop the VPN tunnels.
I'm not sure what I need to do to connect CloudSQL to RDS on this point.
I am having a use case where I need to deploy the EKS cluster in private subnets and access it through API Gateway.
Currently, if I deploy the EKS cluster in public subnet and try to access it is working fine. However, it is not working when the EKS cluster is deployed into the private subnet.
Currently API gateway is configured with VPC link to access EKS cluster securely.
Network load balancer is configured to connect to the EKS cluster nodes.
Please let me know if there is anything that I am missing here.
Thanks,
Avinash
I have two VPC's in the same account. VPC-A(has RDS installed), VPC-B has services installed through ECS EC2 deployment.
VPC-B has multiple subnets. Services deployed through ECS EC2 service couldn't integrate with RDS. It keeps getting the following error message("Is the server running on host "....")
Where as telnet on RDS database port from Ec2instance(E1) inc VPC-B subnet can connect to the database.
But, it couldn't start the server if the same services are installed through ECS. When manually trying to start the container it works(able to connect to the database).
I also set up a Peering connection between two VPC's but the connection problem exists only when the container is started through ECS EC2 deployment.
The dropdown for public IP has "Disabled" and no other options. Subnet's are public subnets.
Any help/thoughts will be highly helpful.
As per aws docs "awsvpc" launches in a private IP and to interact with external services nat gateway needs to be attached to subnet.
https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking.html#task-networking-considerations
The awsvpc network mode does not provide task ENIs with public IP addresses for tasks that use the EC2 launch type. To access the internet, tasks that use the EC2 launch type should be launched in a private subnet that is configured to use a NAT gateway.
"Auto assign public IP" mode is "Enabled" with "bridge" netowrking mode on on ECS EC2 launch.
I have a VPC with public (With NAT gateway ) and private subnet.
As part of designing microservices on aws platform, my goal is
1. Ec2 in private subnet
2. load balancer pointing to ec2 in private subnet
3. Api gateway pointing to load balancer,
my problem is I can only use application load balancer when the instance is in public subnet but the load balancer is accessible publicly. however, I want my services to be accessed only using api gateway,
I have read using NLB + VPCLink, however, the ec2 instances should still be on public subnet. no luck trying on private subnet.
allow the traffic only from Network Loadbalancer to the instances in public subnet.
(or)
https://aws.amazon.com/premiumsupport/knowledge-center/public-load-balancer-private-ec2/
You can now provide access to HTTP(S) resources within your Amazon Virtual Private Cloud (VPC) without exposing them directly to the public Internet. You can use API Gateway to create an API endpoint that is integrated with your VPC. You create an endpoint to your VPC by setting up a VPC link between your VPC and a Network Load Balancer (NLB), which is provided by Elastic Load Balancing. The NLB send requests to multiple destinations in your VPC such as Amazon EC2 instances, Auto Scaling groups, or Amazon ECS services. NLBs also support private connectivity over AWS Direct Connect, so that applications in your own data centers will be able to connect to your VPC via the Amazon private network.
https://aws.amazon.com/about-aws/whats-new/2017/11/amazon-api-gateway-supports-endpoint-integrations-with-private-vpcs/
I've spent the majority of today reading google results and documentation on how to connect AWS API Gateway to EC2 instances (created by Elastic Beanstalk) in a private subnet. I know that API Gateway requires targets to be publicly addressable, so...
I manually created an Application Elastic Load Balancer that listens for (and terminates) HTTPS at a public IP address;
I created a VPC with two subnets: one public (holds load balancer) and one private (holds EC2 instances); and,
I believe I have to create security groups that allow everyone/everywhere to connect to the load balancer, but only entities in my public subnet to connect to my EC2 instances.
Unfortunately I'm unable to view the sample Beanstalk application via the load balancer's DNS name. The connection just times-out.
Can someone please confirm I've identified all the steps? Is there any way I can trace my requests to see where they're failing? Or (even better) why they're failing? Thanks!
Check your security groups to make sure that HTTPS traffic is allowed
Make sure your Network ACLs are allowing traffic from your load balance to your EC2 instances
Check your VPC routes to ensure there is a route from your load balancer to your EC2 instance