I have a aws EC2 (EC2-A) and Amazon Managed Blockchain running in VPC (VPC-A)
This EC2-A instance has some files and certificates (required for executing transactions in the blockchain)
EC2-A has EBS storage which can be mounted on only one EC2 instance at one time.
Transactions can be only executed to the blockchain network from the EC2-A, since they're are in the same VPC-A.
I have an aws EKS (Kubernetes cluster) running in VPC-B.
How can I access the files and certificates of EC2-A from a pod in my k8s cluster. Also I have another pod which will be blockchain client executing transactions in the blockchain network, which is in VPC-A.
Both these VPC-A and VPC-B are in the same aws account.
Mount a folder/files on an EC2 instance to a pod running in EKS is not supported. For your use case, you can easily share folder/files using EFS if not S3. If you are only allow to do pod to EC2 communication, you need a way for these resources to reach each other either by public IP if not VPC peering. Then you can run sftp, scp... any kind of off the shelf file sharing software you knew best for file exchange.
You need to connect 2 VPCs with VPC Peering, then you can install NFS in your EC2, and write PV, PVC point to the NFS EC2.
Related
I want to run an ECS Task on EC2 instance, and I want that task/container to be able to call other AWS services via Boto3.
When I run the same task on Fargate, it works as expected and I am able to call other AWS services from the task/container. When I run the ECS Task on EC2, it given me connection timeout errors when attempting to call other AWS services. (The specific errors depend on the service.)
In an attempt to rule out any permission issues, I am running in a public subnet and using a single IAM role (with the AdministratorAccess policy) for the EC2 instance, ECS task role, and ECS task execution role.
The ECS Task on EC2 IS able to access the internet (which I confirmed by having it ping google.com).
What are any other conditions that need to be satisfied in order to call other AWS services from a container on ECS + EC2?
The cause of my issue was using a public subnet and the awsvpc network mode.
Using Amazon EC2 — You can launch EC2 instances on a public subnet.
Amazon ECS uses these EC2 instances as cluster capacity, and any
containers that are running on the instances can use the underlying
public IP address of the host for outbound networking. This applies to
both the host and bridge network modes. However, the awsvpc network
mode doesn't provide task ENIs with public IP addresses. Therefore,
they can’t make direct use of an internet gateway.
-- Amazon Elastic Container Service Best Practices Guide
I set up a Filestore server on GCP, and also built a VPN connection between GCP and AWS. I would like to mount over NFS the Filestore instance in GCP on an AWS instance.
I can successfully ping the internal IP addresses of corresponding VMs, but it times out when I ping the Filestore instance from an AWS VM.
One issue is that the CIDR block from GCP is on 10.10.0.0/16, while the Filestore instance sits on 10.8.79.89.
Is it possible to establish an NFS mount between the two platforms, and if so, what might be required to accomplish this?
As for setting up the VPN connection, I basically followed this tutorial to a tee: https://cloud.google.com/files/CloudVPNGuide-UsingCloudVPNwithAmazonWebServices.pdf
Thanks!
Is it possible to use an EFS in AWS for several instances located in different regions?
If not, is it possible to do somethink like that using AWS console?? Doesn't matter latency or throughput between EC2 instance and network volume.
EFS can be accessed through Direct Connect or VPN. Estabilsh VPN connection between regions and you can mount EFS with the IP address of the corresponding mount target.
Is there a way to present onprem storage to AWS EC2 instances without copying to S3 etc. We have a storage array in our DC, I want to carve up LUNs and present them to our apps running on EC2 instances in AWS, using storage gateway. Can someone suggest if this is possible at all? I don't want to pay for AWS EBS volumes, when I have plenty of storage available with me. Thanks.
You will not be able to do this with Storage Gateway - it serves as an interface between your local network and S3.
If you want to expose your local disk to EC2, you will need to run a file share (NFS or Samba), set up a VPN or Direct Connect between your data center and your AWS VPC, and then mount the exported volumes on your EC2 instance.
If you don't want to pay for any EBS volumes, you should look for instance storage based AMIs. Keep in mind that you cannot stop these instances - you can only terminate them.
According to latest AWS cloud architecture and infrastructure developments, AWS cloud resources can access on premise storages. Not only computing instances but also AWS managed SaaS can do it same. Standard protocols such as NFS, SMB and iSCSI available and you can mount AWS computing instances to remote storage through site-to-site VPN.
I have created an Amazon EFS filesystem in the Sydney Region and would like to mount it on an EC2 instance in the Singapore region.
Is this possible?
Answering as people may not look at the comment.
You can now connect to Amazon EFS file systems from EC2 instances in other AWS regions using an inter-region VPC peering connection, and from on-premises servers using an AWS VPN connection.
https://aws.amazon.com/about-aws/whats-new/2018/10/amazon-efs-now-supports-aws-vpn-and-inter-region-vpc-peering/
This answer is outdated. Please see other answer.
An Amazon EFS filesystem is only accessible in the VPC that was selected when it was created, or via Direct Connect when linked to that VPC.
Each Amazon VPC is only in one Region.
As per the Amazon EFS Limits documentation page:
An Amazon EFS file system can be mounted from on-premises datacenter servers using AWS Direct Connect. However, other VPC private connectivity mechanisms such as a VPN connection and VPC peering are not supported.