I installed Nice-DCV server on Ubuntu 22.04 on my ec2 instance. The ec2 instance is a m6i, and Nice-DCV installation guide mentions that I can do without gpu.
My first question is: is that true? Can I run a remote desktop client (Nice-DCV-viewer in this case) when my instance does not have a gpu?
Secondly, my company uses openvpn3 for us to connect to ec2 instances, i.e. no public ip, but from my computer I can ssh to the instances using only the private ips. Now, when I try to connect to the instance using Nice-DCV-viewer from my computer (with openvpn running), I still get the message that the connection was refused. What could cause this?
I have setup the security group for TCP/UDP on port 8443 and an IAM role for Nice-DCV license.
-Thanks
Related
We were able to ssh to the EC2 instance using the connect details until today; when it stopped working and I get the below error:
root#DKERP:~# ssh -i "gindustries.pem" ubuntu#ec2-15-184-231-34.me-south-1.compute.amazonaws.com
ssh: connect to host ec2-15-184-231-34.me-south-1.compute.amazonaws.com port 22: Connection timed out
Also, the telnet to public IP & port 22 is not working
root#DKERP:~# telnet 15.184.231.34 22
Trying 15.184.231.34...
telnet: Unable to connect to remote host: Connection timed out
The session manager is also failing to connect with the below error:
We weren't able to connect to your instance. Common reasons for this include:
SSM Agent isn't installed on the instance. You can install the agent on both Windows instances and Linux instances.
The required IAM instance profile isn't attached to the instance. You can attach a profile using AWS Systems Manager Quick Setup.
Session Manager setup is incomplete. For more information, see Session Manager Prerequisites.
There are no firewalls in AWS configurations.
Overview:
Security Groups:
Instances:
Network Interface:
VPC:
Network ACLs:
The system logs are updated here: https://pastebin.com/RhAG5DzP
Kindly suggest.
The Connection timed out message normally indicates that there is no network connectivity.
In most cases, this is due to the Security Group.
The steps to check it are:
Select the instance in the Amazon EC2 management console
Go to the Security tab
Check the Inbound rules
To permit an SSH connection, there needs to be a rule that permits port 22 (SSH) and the source set to your IP address or from the whole Internet (0.0.0.0/0) -- preferably only your IP address so that everybody else will be blocked.
When launching an Amazon EC2 instance from the console, it will default to creating a new Security Group called launch-wizard. However, it is generally better to create your own Security Group with a useful name and only the rules you want. You can then re-use that Security Group in future for similar instances.
Launching an AWS EC2 instance seems quite straightforward although when it comes to connecting to the newly launched instance things get sticky. The process for connecting to an instance proposed by such a tech giant is very counter-intuitive.
As a short reminder I should add that an "instance" is technically a virtual machine running on Amazon's Elastic Compute Cloud (EC2), for more info one could have a look at this link.
The ec2 instance referred to in this discussion is Ubuntu Server 20.04 LTS (HVM).
The instruction for working with EC2 Linux instances is given here.
AWS EC2 proposes three different ways of connecting to an instance:
EC2 Instance connect (browser-based SSH connection),
Session Manager
SSH Client
Now with regard to connecting to the above-mentioned instance there are only certain connections that establish correctly and the rest of the proposed methods fail, here is the list of connection successes and failures :
Ubuntu instance, security group source "Custom=0.0.0.0/0", Connection establishes using both EC2 Instance Connect (browser-based SSH connection) and SSH client.
Ubuntu instance, security group source "My IP=$IP", Connection establishes only using SSH client (terminal on Ubuntu and PuTTY on windows) and not using EC2 instance connect.
Both above cases have been tried on Ubuntu 20.04 and Windows 10 as local machine and the problem remains similar on both machines. I went through most of the failure cases discussed in the troubleshooting documents proposed here and verified them on my instance. Yet the problem persists. I should also add that I never tried "session manager" connection method although opening its tab already would give some info about "not installed" agents and features.
Any idea regarding this problem? Somebody out there facing the same issue?
From Docs
(Amazon EC2 console browser-based client) We recommend that your instance allows inbound SSH traffic from the recommended IP block published for the service.
Reason for this -> EC2 Instance Connect works by making an HTTPS connection between your web browser and the backend EC2 Instance Connect service on aws. Then, EC2 Instance Connect establishes a "mostly normal" SSH connection to the target instance in other words the request is going from backend ec2 instance connect and not your browser that is why it needs IP address from accepted ranges of that region .
Browser based EC2 Instance Connect uses specific IP ranges for browser-based SSH connections to your instance. These IP ranges differ between AWS Regions. To find the AWS IP address range for EC2 Instance Connect in a specific Region, use the following( just replace your region with your region) ( for Linux required curl and jq as prerequisite)
curl -s https://ip-ranges.amazonaws.com/ip-ranges.json| jq -r '.prefixes[] | select(.region=="Your region") | select(.service=="EC2_INSTANCE_CONNECT") | .ip_prefix'
whatever the value is returned just add up to your security rule and it will work.
Ubuntu instance, security group source "Custom=0.0.0.0/0", Connection establishes using both EC2 Instance Connect (browser-based SSH connection) and SSH client.
this works because 0.0.0.0/0 allows connection from all the IP ranges( which includes your region IP too).
for more details try reading this troubleshoot
I created a simple EC2 instance (windows 2016), and without security group (all traffic allowed), and got public IP and DNS (created by the VPC).
Then I downloaded the rdp file from the EC2 in order to remote connect to the EC2, and got "lost connection to the RDP server...".
I use my linux (fedora) machine, and use remmina to remote connect.
I'm new with AWS, am I missing something that I need to do before I connect?
P.S. I don't have IAM role, and also I didn't use the .pem file I downloaded - I don't know if it's related.
I am trying to configure the puppet server and agent making my local laptop with ubuntu 18.04 as puppet server and aws ec2 instance as puppet agent. When trying to do so i am facing the issues related to hostname adding in /etc/hosts file and whether to use the public ip or private ip address and how to do the final configuration and make this work.
I have used the public ip and public dns of both the system to specify in the /etc/hosts file but when trying to run the puppet agent --test from the agent getting the error as temporary failure in name resolution and connecting to https://puppet:8140 failed. I am using this for a project and my setup needs to remain like this.
The connection is initiated from the Puppet agent to the PE server, so the agent is going to be looking for your laptop, even if you have the details of your laptop in the hosts file it probably has no route back to your laptop across the internet as the IP of your laptop was probably provided by your router at home.
Why not build your Puppet master on an ec2 instance and keep it all on the same network, edit code on your laptop, push to github/gitlab and then deploy the code from there to your PE server using code-manager.
Alternatively you may be able to use a VPN to get your laptop onto the AWS VPC directly in which case it'll appear as just another node on the network and everything should work.
The problem here is that the puppet server needs a public IP or an IP in the same network as your ec2 instance to which your puppet agent can connect to. However, there's one solution without using a VPN though it can't be permanent. You can tunnel your local port to the ec2 instance
ssh -i <pemfile-location> -R 8140:localhost:8140 username#ec2_ip -> This tunnels port 8140 on your ec2 instance to port 8140 in your localhost.
Then inside your ec2 instance you can modify your /etc/hosts file to add this:
127.0.0.1 puppet
Now run the puppet agent on your ec2 instance and everything should work as expected. Also note that if you close the ssh connection created above then the ssh tunnel will stop working.
If you want to keep the ssh tunnel open a bit more reliably then this answer might be helpful: https://superuser.com/questions/37738/how-to-reliably-keep-an-ssh-tunnel-open
I have an EC2 Windows 2019 Server instance in a VPC in the private subnet. I have a bastion instance in the public subnet, and I know the bastion instance works, because it is being used for internet access for my Lambda API. I have VPC endpoints to:
com.amazonaws.eu-west-2.ssm
com.amazonaws.eu-west-2.ec2messages
com.amazonaws.eu-west-2.ec2
I would like to connect with RDP to the EC2 instance to manage my MySQL RDS instance. I have been trying to get Systems Manager Session Manager Port Forwarding to work, following several guides.
I have tried every guide I could find, and everything seem correctly setup.
Is it required to have specific ports setup inbound / outbound on the bastion instance SG, or on the SG the EC2 I want to RDP to is in? I have not been able to see that anywhere.
I have run AWSSupport-TroubleshootRDP and everything pass with "Success" and from the output everything looks good.
When I run the port forwarding command on my machine it starts the session, but I never get "Connection accepted" and the RDP connection fails when I try that.
Can anyone point me to what else I can do to verify that I have the correct network configurations, and to test why I am not getting "Connection accepted", as I have seen I should be getting from the guides.
Thanks in advance.
To test the ability to run RDP via Session Manager Port Forwarding, I did the following:
Launched an Amazon EC2 instance running Microsoft Windows Server 2019 Base
Associated an IAM Role with AmazonSSMManagedInstanceCore permissions
Set the Security Group to no inbound connections (to confirm that connections were being made via Session Manager)
Confirmed that I could use Session Manager to connect to PowerShell on the instance (using the Session Manager console)
Ran the following command on my Mac:
aws ssm start-session --target i-xxx --document-name AWS-StartPortForwardingSession --parameters '{"portNumber":["3389"],"localPortNumber":["3389"]}'
Used Microsoft Remote Desktop (which connects via RDP) to connect to localhost
It prompted me for a password. I used Get Windows Password to decode and obtain the password.
It connected successfully
So, yes, you can use Session Manager Port Forwarding to establish an RDP connection with a Windows instance even if it is in a private subnet (which I simulated by removing all inbound rules on the security group).
If you are having further problems, it might be due to your VPC Endpoint configurations.