Unable to access redshift from local machine using VPN - amazon-web-services

I created a redshift cluster in EU region. I also created a VPC and other artifacts including route tables with igw (using GUI with VPC and More option). Then attached this VPC to redshift cluster while creation.
However, I’’m unable to connect with this redshift from CD or local machine. I'm using postgres CLI.
Ideally it should have worked. Any ideas?
I'm able to connect from query editor from AWS Redshift console
Edit Troubleshooting done so far
This postgress command times out psql -h redshift-cluster-1.xxxxx.eu-west-1.redshift.amazonaws.com -U awsuser -d dev -p 5497. postgres installation is correct. As I'm able to connect with one of other redshift installations
psql: could not connect to server: Connection timed out
Is the server running on host "redshift-cluster-1.xxxx.eu-west-1.redshift.amazonaws.com" (xx.xx.xx.xx) and accepting
TCP/IP connections on port 5497?
dig works but telnet fails
Adding describes.
VPC
{
"Vpcs": [
{
"CidrBlock": "10.0.0.0/16",
"DhcpOptionsId": "dopt-0f7cfde8258b431f5",
"State": "available",
"VpcId": "vpc-0a673f3e2399e0904",
"OwnerId": "xx",
"InstanceTenancy": "default",
"CidrBlockAssociationSet": [
{
"AssociationId": "vpc-cidr-assoc-0f738813e1a319934",
"CidrBlock": "10.0.0.0/16",
"CidrBlockState": {
"State": "associated"
}
}
],
"IsDefault": false,
"Tags": [
{
"Key": "Name",
"Value": "test-vpc"
}
]
}
]
}
Security Groups
{
"SecurityGroups": [
{
"Description": "default VPC security group",
"GroupName": "default",
"IpPermissions": [
{
"IpProtocol": "-1",
"IpRanges": [],
"Ipv6Ranges": [],
"PrefixListIds": [],
"UserIdGroupPairs": [
{
"GroupId": "sg-07c16a51da213b9a8",
"UserId": "xx"
}
]
}
],
"OwnerId": "xx",
"GroupId": "sg-07c16a51da213b9a8",
"IpPermissionsEgress": [
{
"IpProtocol": "-1",
"IpRanges": [
{
"CidrIp": "0.0.0.0/0"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"UserIdGroupPairs": []
}
],
"VpcId": "vpc-0a673f3e2399e0904"
},
{
"Description": "SG1",
"GroupName": "SG1",
"IpPermissions": [
{
"FromPort": 5497,
"IpProtocol": "tcp",
"IpRanges": [
"IpRanges": [
{
"CidrIp": "52.27.190.0/23"
},
{
"CidrIp": "64.39.96.0/20"
},
{
"CidrIp": "10.189.32.85/32"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [
{
"PrefixListId": "pl-6fa54006"
}
],
"ToPort": 6000,
"UserIdGroupPairs": []
}
],
"OwnerId": "xxxxx",
"GroupId": "sg-0fccd6f7706900e54",
"IpPermissionsEgress": [
{
"IpProtocol": "-1",
"IpRanges": [
{
"CidrIp": "0.0.0.0/0"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"UserIdGroupPairs": []
}
],
"VpcId": "vpc-0a673f3e2399e0904"
}
]
}
Redshift cluster
{
"Clusters": [
{
"ClusterIdentifier": "redshift-cluster-1",
"NodeType": "dc2.large",
"ClusterStatus": "available",
"ClusterAvailabilityStatus": "Available",
"MasterUsername": "awsuser",
"DBName": "dev",
"Endpoint": {
"Address": "redshift-cluster-1.xxx.eu-west-1.redshift.amazonaws.com",
"Port": 5497
},
"ClusterCreateTime": "2022-08-09T14:51:58.527000+00:00",
"AutomatedSnapshotRetentionPeriod": 1,
"ManualSnapshotRetentionPeriod": -1,
"ClusterSecurityGroups": [],
"VpcSecurityGroups": [
{
"VpcSecurityGroupId": "sg-07c16a51da213b9a8",
"Status": "active"
},
{
"VpcSecurityGroupId": "sg-0fccd6f7706900e54",
"Status": "active"
}
],
"ClusterParameterGroups": [
{
"ParameterGroupName": "default.redshift-1.0",
"ParameterApplyStatus": "in-sync"
}
],
"ClusterSubnetGroupName": "cluster-subnet-group-1",
"VpcId": "vpc-0a673f3e2399e0904",
"AvailabilityZone": "eu-west-1a",
"PreferredMaintenanceWindow": "mon:03:30-mon:04:00",
"PendingModifiedValues": {},
"ClusterVersion": "1.0",
"AllowVersionUpgrade": true,
"NumberOfNodes": 2,
"PubliclyAccessible": true,
"Encrypted": false,
"ClusterPublicKey": "<>",
"ClusterNodes": [
{
"NodeRole": "LEADER",
"PrivateIPAddress": "10.0.2.114",
"PublicIPAddress": "52.208.40.55"
},
{
"NodeRole": "COMPUTE-0",
"PrivateIPAddress": "10.0.6.171",
"PublicIPAddress": "46.51.199.140"
},
{
"NodeRole": "COMPUTE-1",
"PrivateIPAddress": "10.0.8.205",
"PublicIPAddress": "18.200.92.114"
}
],
"ClusterRevisionNumber": "40496",
"Tags": [],
"EnhancedVpcRouting": false,
"IamRoles": [],
"MaintenanceTrackName": "current",
"ElasticResizeNumberOfNodeOptions": "[4]",
"DeferredMaintenanceWindows": [],
"NextMaintenanceWindowStartTime": "2022-08-15T03:30:00+00:00",
"AvailabilityZoneRelocationStatus": "disabled",
"ClusterNamespaceArn": "<>",
"TotalStorageCapacityInMegaBytes": 800000,
"AquaConfiguration": {
"AquaStatus": "disabled",
"AquaConfigurationStatus": "auto"
}
}
]
}

Related

How to upgrade AWS EC2 from t2.2xlarge to t3.2xlarge?

I have an t2.2xlarge AWS EC2 instance that i need to change it's type to t3.2xlarge.
But when i try to start it i get an
"Error starting instances The requested configuration is currently not
supported. Please check the documentation for supported
configurations."
When i run the check script everything is fine
https://github.com/awslabs/aws-support-tools/tree/master/EC2/NitroInstanceChecks
OK NVMe Module is installed and available on your instance
OK ENA Module with version is installed and available on your instance
OK fstab file looks fine and does not contain any device names.
And i also did all the checks described here
https://aws.amazon.com/premiumsupport/knowledge-center/boot-error-linux-nitro-instance/
aws ec2 describe-instances --instance-ids my-instance-id --query "Reservations[].Instances[].EnaSupport"
[
true
]
Is there anything else i should change to be able to start it as t3.2xlarge?
To reproduce:
Create an t2.2xlarge instance with default settings
Stop it and change type to t3.2xlarge
Try to start it
More detailed info about instance
aws ec2 describe-instances
{
"Reservations": [
{
"Groups": [],
"Instances": [
{
"AmiLaunchIndex": 0,
"ImageId": "ami-***********",
"InstanceId": "i-***********",
"InstanceType": "t2.2xlarge",
"KeyName": "***********",
"LaunchTime": "2020-11-24T06:11:41+00:00",
"Monitoring": {
"State": "disabled"
},
"Placement": {
"AvailabilityZone": "us-east-1e",
"GroupName": "",
"Tenancy": "default"
},
"PrivateDnsName": "ip-***********.ec2.internal",
"PrivateIpAddress": "***********",
"ProductCodes": [],
"PublicDnsName": "ec2-***********.compute-1.amazonaws.com",
"PublicIpAddress": "***********",
"State": {
"Code": 16,
"Name": "running"
},
"StateTransitionReason": "",
"SubnetId": "subnet-***********",
"VpcId": "vpc-***********",
"Architecture": "x86_64",
"BlockDeviceMappings": [
{
"DeviceName": "/dev/sda1",
"Ebs": {
"AttachTime": "2020-10-06T05:07:35+00:00",
"DeleteOnTermination": true,
"Status": "attached",
"VolumeId": "vol-***********"
}
}
],
"ClientToken": "",
"EbsOptimized": false,
"EnaSupport": true,
"Hypervisor": "xen",
"NetworkInterfaces": [
{
"Association": {
"IpOwnerId": "amazon",
"PublicDnsName": "***********.compute-1.amazonaws.com",
"PublicIp": "***********"
},
"Attachment": {
"AttachTime": "2020-10-06T05:07:34+00:00",
"AttachmentId": "eni-attach-***********",
"DeleteOnTermination": true,
"DeviceIndex": 0,
"Status": "attached",
"NetworkCardIndex": 0
},
"Description": "",
"Groups": [
{
"GroupName": "launch-wizard-1",
"GroupId": "sg-***********"
}
],
"Ipv6Addresses": [],
"MacAddress": "***********",
"NetworkInterfaceId": "eni-***********",
"OwnerId": "***********",
"PrivateDnsName": "ip-***********.ec2.internal",
"PrivateIpAddress": "***********",
"PrivateIpAddresses": [
{
"Association": {
"IpOwnerId": "amazon",
"PublicDnsName": "ec2-***********.compute-1.amazonaws.com",
"PublicIp": "***********"
},
"Primary": true,
"PrivateDnsName": "ip-***********.ec2.internal",
"PrivateIpAddress": "***********"
}
],
"SourceDestCheck": true,
"Status": "in-use",
"SubnetId": "subnet-***********",
"VpcId": "vpc-***********",
"InterfaceType": "interface"
}
],
"RootDeviceName": "/dev/sda1",
"RootDeviceType": "ebs",
"SecurityGroups": [
{
"GroupName": "launch-wizard-1",
"GroupId": "sg-***********"
}
],
"SourceDestCheck": true,
"Tags": [
{
"Key": "Name",
"Value": ""
}
],
"VirtualizationType": "hvm",
"CpuOptions": {
"CoreCount": 8,
"ThreadsPerCore": 1
},
"CapacityReservationSpecification": {
"CapacityReservationPreference": "open"
},
"HibernationOptions": {
"Configured": false
},
"MetadataOptions": {
"State": "applied",
"HttpTokens": "optional",
"HttpPutResponseHopLimit": 1,
"HttpEndpoint": "enabled"
},
"EnclaveOptions": {
"Enabled": false
}
}
],
"OwnerId": "***********",
"ReservationId": "r-***********"
}
]
}
I tried to launch a t3.2xlarge in us-east-1e and got the following error:
Your requested instance type (t3.2xlarge) is not supported in your requested Availability Zone (us-east-1e). Please retry your request by not specifying an Availability Zone or choosing us-east-1a, us-east-1b, us-east-1c, us-east-1d, us-east-1f.
AWS probably doesn't have t3.2xlarge instances available in this AZ.

Looking for command to extract list of AWS security group & their inbound/outbound rules using AWS CLI

Looking for command to extract list of AWS security group & their inbound/outbound rules using AWS CLI
So far been able to extract the SGs but not with their associated rules. have tried using Powershell for AWS but it returns incomplete results ie not showing all SGs.
You will need to call describe-security-groups to obtain a list of Security Groups.
Here is a sample output of one of my security groups:
{
"SecurityGroups": [
{
"Description": "SSH & Windows",
"GroupName": "SSHWin-SG",
"IpPermissions": [
{
"FromPort": 22,
"IpProtocol": "tcp",
"IpRanges": [
{
"CidrIp": "73.21.198.65/32"
},
{
"CidrIp": "54.240.123.1/32"
},
{
"CidrIp": "167.129.152.56/32"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 22,
"UserIdGroupPairs": []
},
{
"FromPort": 3389,
"IpProtocol": "tcp",
"IpRanges": [
{
"CidrIp": "73.21.198.65/32"
},
{
"CidrIp": "54.240.123.1/32"
},
{
"CidrIp": "167.129.152.56/32"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 3389,
"UserIdGroupPairs": []
}
],
"OwnerId": "123456789012",
"GroupId": "sg-91cb39d6",
"IpPermissionsEgress": [
{
"IpProtocol": "-1",
"IpRanges": [
{
"CidrIp": "0.0.0.0/0"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"UserIdGroupPairs": []
}
],
"Tags": [
{
"Key": "Name",
"Value": "Ops"
}
],
"VpcId": "vpc-7d097214"
}
]
}
The IpPermissions section returns inbound permissions and the IpPermissionsEgress section returns outbound permissions.

describe-task-definition not returning hostname value

I have the need to find the hostname of my ECS task via the CLI, which according to the Amazon documentation should be available via the CLI:
https://docs.aws.amazon.com/cli/latest/reference/ecs/describe-task-definition.html
However, when I run the describe-task-definition it is not returning the information:
> aws ecs describe-task-definition --task-definition my-test-task:1
{
"taskDefinition": {
"status": "ACTIVE",
"networkMode": "bridge",
"family": "my-test-task",
"placementConstraints": [],
"requiresAttributes": [
{
"name": "com.amazonaws.ecs.capability.ecr-auth"
},
{
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.21"
}
],
"volumes": [
{
"host": {
"sourcePath": "/opt/cf/rails-app/public/"
},
"name": "ruby-on-rails-public-volume"
}
],
"taskDefinitionArn": "arn:aws:ecs:us-east-1:accountId:task-definition/my-test-task:1",
"containerDefinitions": [
{
"memoryReservation": 1024,
"environment": [
{
"name": "DATABASE_HOSTNAME",
"value": "hostname"
},
{
"name": "PUMA_WORKERS",
"value": "2"
},
{
"name": "RAILS_ENV",
"value": "staging"
},
{
"name": "DATABASE_NAME",
"value": "ruby-on-rails"
},
{
"name": "DEBIAN_FRONTEND",
"value": "noninteractive"
},
{
"name": "PORT",
"value": "8080"
},
{
"name": "LANG",
"value": "en_US.UTF-8"
},
{
"name": "DATABASE_PASSWORD",
"value": "cf"
},
{
"name": "DATABASE_USER",
"value": "cf"
},
{
"name": "PUMA_MAX_THREADS",
"value": "6"
}
],
"name": "my-test-task",
"mountPoints": [
{
"sourceVolume": "ruby-on-rails-public-volume",
"containerPath": "/opt/cf/rails-app/public/"
}
],
"image": "accountId.dkr.ecr.us-east-1.amazonaws.com/cf/rails:latest",
"cpu": 1024,
"portMappings": [
{
"protocol": "tcp",
"containerPort": 8080,
"hostPort": 8080
}
],
"command": [
"puma",
"-C",
"config/puma.rb"
],
"essential": true,
"volumesFrom": []
}
],
"revision": 1
}
}
I am not sure what I need to do to get that value included. I confirmed I am running the latest CLI.
Thanks!
First of all the hoostname is not defined to task definition. Its defined to container definition inside task definition. Secondly, There is no default hostname, You have to explicitly define the hostname in the container definition while creating task definition revision. By default, it uses container id as the hostname.

Problems with ecs service in cloudformation: The provided target group has target type instance, which is incompatible with the awsvpc network

I am creating an architecture with cloudformation, at the moment of creating the ECS service, the error appears that my balancer instance is incompatible with the awsvpc mode
I have tried several ways and none of them works for me, I have seen the aws guides and this everything corresponds accordingly, please if it is possible to go to the solution
"AWSTemplateFormatVersion": "2010-09-09",
"Resources": {
"LoadBalancerQA01": {
"Type": "AWS::ElasticLoadBalancingV2::LoadBalancer",
"Properties": {
"SecurityGroups": [
{
"Ref": "SecurityGroupPublic01"
}
],
"Subnets": [
{
"Ref": "SubnetPublicQATestUno"
},
{
"Ref": "SubnetPublicQATestDos"
}
],
"Name": "LoadBalancerQA01"
}
},
"LoadBalancerListener": {
"Type": "AWS::ElasticLoadBalancingV2::Listener",
"Properties": {
"DefaultActions": [{
"Type": "forward",
"TargetGroupArn": { "Ref": "TargetGroupQA" }
}],
"LoadBalancerArn": { "Ref": "LoadBalancerQA01" },
"Port": 8080,
"Protocol": "HTTP"
}
},
"TargetGroupQA": {
"Type": "AWS::ElasticLoadBalancingV2::TargetGroup",
"Properties": {
"Name": "TargetGroupQA",
"Port": 8080,
"Protocol": "HTTP",
"VpcId": { "Ref": "VPCQA" }
},
"DependsOn": [ "LoadBalancerQA01" ]
},
"ClusterQA": {
"Type": "AWS::ECS::Cluster",
"Properties": {},
"DependsOn": [
"SubnetPrivateQATestUno",
"SubnetPrivateQATestDos"
]
},
"TaskQA": {
"Type": "AWS::ECS::TaskDefinition",
"Properties": {
"RequiresCompatibilities": ["FARGATE"],
"Cpu" : "1024",
"TaskRoleArn" : "arn:aws:iam::683574420318:role/ecsTaskExecutionRole",
"ExecutionRoleArn" : "arn:aws:iam::683574420318:role/ecsTaskExecutionRole",
"Memory": "2048",
"NetworkMode" : "awsvpc",
"ContainerDefinitions" : [{
"Image": "683574420318.dkr.ecr.us-west-1.amazonaws.com/mto:latest",
"Cpu": "1024",
"Memory": "2048",
"Name":"ContenedorName",
"PortMappings":[{ "ContainerPort": 8080,"HostPort": 8080}]
}]
}
},
"ServiceQA": {
"Type": "AWS::ECS::Service",
"DependsOn": [ "LoadBalancerQA01" ],
"Properties" : {
"NetworkConfiguration" : {
"AwsvpcConfiguration" : {
"AssignPublicIp" : "ENABLED",
"SecurityGroups" : [
{
"Ref": "SecurityGroupPublic01"
}
],"Subnets": [
{
"Ref": "SubnetPublicQATestUno"
},
{
"Ref": "SubnetPublicQATestDos"
}
]}
},
"Cluster": { "Ref": "ClusterQA" },
"DesiredCount": "1",
"LoadBalancers": [
{
"ContainerName": "ContenedorName",
"ContainerPort": 8080,
"TargetGroupArn": { "Ref": "TargetGroupQA" }
}
],
"TaskDefinition" : {"Ref":"TaskQA"}
}
}
As far as i can see, you defined TargetGroup without TargetType, which means by default it's set to instance. ECS Service needs TargetType to be set as ip, this is only option supported by awsvpc. In your CloudFormation just add:
"TargetType": "ip",
And this should fix your problem. If something still is wrong, please provide error from CloudFormation console.

AWS cant connect to vm inside vpc

I am trying to create a VPC without the wizard.
I added the routes, internet gateway, NACL and Security groups but my vm remains unreachable, below I have posted details from the aws cli to give you precise details.
I have a feeling that it has something to do with my routes. I am unable to ping or ssh into my jumpbox
Architecture Diagram:-
yamazaki#yamazaki-linux:~$ aws ec2 describe-security-groups --group-ids sg-ab7a71cd
{
"SecurityGroups": [
{
"IpPermissionsEgress": [
{
"IpProtocol": "-1",
"IpRanges": [
{
"CidrIp": "0.0.0.0/0"
}
],
"UserIdGroupPairs": [],
"PrefixListIds": []
}
],
"Description": "mysg",
"IpPermissions": [
{
"PrefixListIds": [],
"FromPort": 22,
"IpRanges": [
{
"CidrIp": "0.0.0.0/0"
}
],
"ToPort": 22,
"IpProtocol": "tcp",
"UserIdGroupPairs": []
},
{
"PrefixListIds": [],
"FromPort": -1,
"IpRanges": [
{
"CidrIp": "0.0.0.0/0"
}
],
"ToPort": -1,
"IpProtocol": "icmp",
"UserIdGroupPairs": []
}
],
"GroupName": "mysg",
"VpcId": "vpc-220e9346",
"OwnerId": "646132786531",
"GroupId": "sg-ab7a71cd"
}
]
}
yamazaki#yamazaki-linux:~$ aws ec2 describe-network-acls --network-acl-ids acl-1816717c
{
"NetworkAcls": [
{
"Associations": [
{
"SubnetId": "subnet-91a025ac",
"NetworkAclId": "acl-1816717c",
"NetworkAclAssociationId": "aclassoc-78fa7001"
},
{
"SubnetId": "subnet-aea02593",
"NetworkAclId": "acl-1816717c",
"NetworkAclAssociationId": "aclassoc-ede56f94"
},
{
"SubnetId": "subnet-6da02550",
"NetworkAclId": "acl-1816717c",
"NetworkAclAssociationId": "aclassoc-19e46e60"
}
],
"NetworkAclId": "acl-1816717c",
"VpcId": "vpc-220e9346",
"Tags": [],
"Entries": [
{
"CidrBlock": "0.0.0.0/0",
"RuleNumber": 100,
"Protocol": "-1",
"Egress": true,
"RuleAction": "allow"
},
{
"CidrBlock": "0.0.0.0/0",
"RuleNumber": 32767,
"Protocol": "-1",
"Egress": true,
"RuleAction": "deny"
},
{
"RuleNumber": 100,
"Protocol": "6",
"PortRange": {
"To": 22,
"From": 22
},
"Egress": false,
"RuleAction": "allow",
"CidrBlock": "0.0.0.0/0"
},
{
"IcmpTypeCode": {
"Code": -1,
"Type": -1
},
"RuleNumber": 200,
"Protocol": "1",
"Egress": false,
"RuleAction": "allow",
"CidrBlock": "0.0.0.0/0"
},
{
"CidrBlock": "0.0.0.0/0",
"RuleNumber": 32767,
"Protocol": "-1",
"Egress": false,
"RuleAction": "deny"
}
],
"IsDefault": true
}
]
yamazaki#yamazaki-linux:~$ aws ec2 describe-vpcs --vpc-id vpc-220e9346
{
"Vpcs": [
{
"VpcId": "vpc-220e9346",
"InstanceTenancy": "default",
"Tags": [
{
"Value": "big",
"Key": "Name"
}
],
"State": "available",
"DhcpOptionsId": "dopt-80c96ce5",
"CidrBlock": "192.168.0.0/20",
"IsDefault": false
}
]
}
yamazaki#yamazaki-linux:~$ aws ec2 describe-subnets --subnet-ids subnet-6da02550 subnet-aea02593 subnet-91a025ac
{
"Subnets": [
{
"VpcId": "vpc-220e9346",
"Tags": [
{
"Value": "big-private-databases",
"Key": "Name"
}
],
"CidrBlock": "192.168.3.0/24",
"MapPublicIpOnLaunch": false,
"DefaultForAz": false,
"State": "available",
"AvailabilityZone": "us-east-1e",
"SubnetId": "subnet-91a025ac",
"AvailableIpAddressCount": 251
},
{
"VpcId": "vpc-220e9346",
"Tags": [
{
"Value": "big-internet",
"Key": "Name"
}
],
"CidrBlock": "192.168.1.0/24",
"MapPublicIpOnLaunch": false,
"DefaultForAz": false,
"State": "available",
"AvailabilityZone": "us-east-1e",
"SubnetId": "subnet-6da02550",
"AvailableIpAddressCount": 250
},
{
"VpcId": "vpc-220e9346",
"Tags": [
{
"Value": "big-private-computes",
"Key": "Name"
}
],
"CidrBlock": "192.168.2.0/24",
"MapPublicIpOnLaunch": false,
"DefaultForAz": false,
"State": "available",
"AvailabilityZone": "us-east-1e",
"SubnetId": "subnet-aea02593",
"AvailableIpAddressCount": 250
}
]
}
yamazaki#yamazaki-linux:~$ aws ec2 describe-route-tables --route-table-ids rtb-fb83c99f rtb-1eb9f37a rtb-c980caad rtb-9980cafd
{
"RouteTables": [
{
"Associations": [],
"RouteTableId": "rtb-fb83c99f",
"VpcId": "vpc-220e9346",
"PropagatingVgws": [],
"Tags": [
{
"Value": "big-in",
"Key": "Name"
}
],
"Routes": [
{
"GatewayId": "local",
"DestinationCidrBlock": "192.168.0.0/20",
"State": "active",
"Origin": "CreateRouteTable"
},
{
"GatewayId": "igw-51638f35",
"DestinationCidrBlock": "0.0.0.0/0",
"State": "active",
"Origin": "CreateRoute"
}
]
},
{
"Associations": [
{
"RouteTableAssociationId": "rtbassoc-0113ef66",
"Main": true,
"RouteTableId": "rtb-1eb9f37a"
}
],
"RouteTableId": "rtb-1eb9f37a",
"VpcId": "vpc-220e9346",
"PropagatingVgws": [],
"Tags": [
{
"Value": "big",
"Key": "Name"
}
],
"Routes": [
{
"GatewayId": "local",
"DestinationCidrBlock": "192.168.0.0/20",
"State": "active",
"Origin": "CreateRouteTable"
}
]
},
{
"Associations": [],
"RouteTableId": "rtb-c980caad",
"VpcId": "vpc-220e9346",
"PropagatingVgws": [],
"Tags": [
{
"Value": "big-in-computes",
"Key": "Name"
}
],
"Routes": [
{
"GatewayId": "local",
"DestinationCidrBlock": "192.168.0.0/20",
"State": "active",
"Origin": "CreateRouteTable"
}
]
},
{
"Associations": [],
"RouteTableId": "rtb-9980cafd",
"VpcId": "vpc-220e9346",
"PropagatingVgws": [],
"Tags": [
{
"Value": "big-computes-databases",
"Key": "Name"
}
],
"Routes": [
{
"GatewayId": "local",
"DestinationCidrBlock": "192.168.0.0/20",
"State": "active",
"Origin": "CreateRouteTable"
}
]
}
]
}
yamazaki#yamazaki-linux:~$ aws ec2 describe-internet-gateways --internet-gateway-ids igw-51638f35
{
"InternetGateways": [
{
"Tags": [
{
"Value": "big",
"Key": "Name"
}
],
"InternetGatewayId": "igw-51638f35",
"Attachments": [
{
"State": "available",
"VpcId": "vpc-220e9346"
}
]
}
]
}
yamazaki#yamazaki-linux:~$ aws ec2 describe-instances --instance-ids --instance-ids i-3c6c09c5
{
"Reservations": [
{
"OwnerId": "646132786531",
"ReservationId": "r-12f788fb",
"Groups": [],
"Instances": [
{
"Monitoring": {
"State": "disabled"
},
"PublicDnsName": "",
"State": {
"Code": 16,
"Name": "running"
},
"EbsOptimized": false,
"LaunchTime": "2015-12-10T16:30:41.000Z",
"PublicIpAddress": "52.70.141.142",
"PrivateIpAddress": "192.168.1.67",
"ProductCodes": [],
"VpcId": "vpc-220e9346",
"StateTransitionReason": "",
"InstanceId": "i-3c6c09c5",
"ImageId": "ami-60b6c60a",
"PrivateDnsName": "ip-192-168-1-67.ec2.internal",
"KeyName": "yamazaki",
"SecurityGroups": [
{
"GroupName": "mysg",
"GroupId": "sg-ab7a71cd"
}
],
"ClientToken": "DpGNG1449765041380",
"SubnetId": "subnet-6da02550",
"InstanceType": "t2.micro",
"NetworkInterfaces": [
{
"Status": "in-use",
"MacAddress": "06:1a:f4:6a:b6:f5",
"SourceDestCheck": true,
"VpcId": "vpc-220e9346",
"Description": "Primary network interface",
"Association": {
"PublicIp": "52.70.141.142",
"PublicDnsName": "",
"IpOwnerId": "646132786531"
},
"NetworkInterfaceId": "eni-971b94ab",
"PrivateIpAddresses": [
{
"Association": {
"PublicIp": "52.70.141.142",
"PublicDnsName": "",
"IpOwnerId": "646132786531"
},
"Primary": true,
"PrivateIpAddress": "192.168.1.67"
}
],
"Attachment": {
"Status": "attached",
"DeviceIndex": 0,
"DeleteOnTermination": true,
"AttachmentId": "eni-attach-cdd36cbc",
"AttachTime": "2015-12-10T16:30:41.000Z"
},
"Groups": [
{
"GroupName": "mysg",
"GroupId": "sg-ab7a71cd"
}
],
"SubnetId": "subnet-6da02550",
"OwnerId": "646132786531",
"PrivateIpAddress": "192.168.1.67"
}
],
"SourceDestCheck": true,
"Placement": {
"Tenancy": "default",
"GroupName": "",
"AvailabilityZone": "us-east-1e"
},
"Hypervisor": "xen",
"BlockDeviceMappings": [
{
"DeviceName": "/dev/xvda",
"Ebs": {
"Status": "attached",
"DeleteOnTermination": true,
"VolumeId": "vol-5ade4392",
"AttachTime": "2015-12-10T16:30:45.000Z"
}
}
],
"Architecture": "x86_64",
"RootDeviceType": "ebs",
"RootDeviceName": "/dev/xvda",
"VirtualizationType": "hvm",
"Tags": [
{
"Value": "jumpbox",
"Key": "Name"
}
],
"AmiLaunchIndex": 0
}
]
}
]
After adding a subnet association for the route table with the one with the internet gateway I was able to connect to my box.
aws ec2 describe-route-tables --route-table-ids rtb-fb83c99f
{
"RouteTables": [
{
"Associations": [
{
"SubnetId": "subnet-6da02550",
"RouteTableAssociationId": "rtbassoc-48a35d2f",
"Main": false,
"RouteTableId": "rtb-fb83c99f"
}
],
"RouteTableId": "rtb-fb83c99f",
"VpcId": "vpc-220e9346",
"PropagatingVgws": [],
"Tags": [
{
"Value": "big-in",
"Key": "Name"
}
],
"Routes": [
{
"GatewayId": "local",
"DestinationCidrBlock": "192.168.0.0/20",
"State": "active",
"Origin": "CreateRouteTable"
},
{
"GatewayId": "igw-51638f35",
"DestinationCidrBlock": "0.0.0.0/0",
"State": "active",
"Origin": "CreateRoute"
}
]
}
]
}