We have defined Route53 Resolver Rule with an Resolver Outbound Endpoint that forwards requests to our on-prem DNS servers, and it works fine from within EC2 instances, I can confirm that from an ssh session nslookup, however, MSK Connect connector that is referencing a schema registry URL throws UnknownHostException being unable to resolve DNS. I checked security group outbound rules for MSK and they allow all traffic, and our network admin actually see requests coming and responding at about the time when MSK connect logs the error. What can obstruct MSK to receive response?
Related
I have an ECS cluster setup with a container that runs a microservice hosting a public and private HTTP server.
I have the public HTTP server being connected through an Elastic Load Balancer which is working correctly, however the internal HTTP server is being routed via AWS Cloud Map and Route 53 with a private hosted zone.
AWS Cloud Map finds the instance correctly, however when trying to access the private endpoint from another ECS task I get a no such host error.
Any suggestions on what could be the cause?
Thanks!
For me it's resolved that DNS Hostnames and DNS resolution are enabled in your VPC settings,
Go to your VPC dashboard then press on "Actions" button then
Press Edit DNS hostnames
Check the "Enable" checkbox
and same goes for DNS resolution.
I am trying to make my elb backend route protected by https. I have a lot of images below showing where I'm at. As far as AWS instruction, I have everthing from the CNAME done to security groups. However, when I call the route I get 'Error: SSL peer certificate or SSH remote key was not OK'. I'm working with an apache proxy server. What am I missing thanks!
Below image is the listeners on ELB.
Here are the listeners from EC2.
Here is my certificate.
Here is my security group.
Here are my inbound rules
I am trying to connect an ActiveMQ Artemis broker on a publicly accessible server outside of the AWS cloud to an Artemis broker in AWS.
The AWS side has a Route 53 entry and a classic load balancer to route the incoming request to Artemis running on an EC2 instance. Both brokers are using a CORE bridge to connect with each other. I am using the Netty SSL protocol and trying to use certificates.
Neither side is able to connect its "bridge" to the other. Using the nice Route 53 name I am able to ping that from the public server outside of AWS. Artemis is not able to connect from the AWS EC2 to the public instance - not sure if that is also related to the NAT or Internet gateway on my VPC. But, the NAT and IGW look correct and AWS security groups look correct.
Questions:
Would Route53 and a classic ELB work to route message requests to Artemis?
What values should be used as the IP/server name and port in the Connector and Acceptor?
Has anyone done this? I find no other references out there.
Yes, I know of "AWS ActiveMQ" service. That is a backup plan.
Any help is greatly appreciated.
I am trying to launch a task in Amazon ECS but getting the following error:
CannotPullContainerError: Error response from daemon, request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers).
I was able to pull container in my local environment and it works fine but getting this error while trying to deploy in amazon environment.
The suggested checks from Amazon are as follows:
Confirm that the subnet used to run a task has a route to an internet gateway or NAT gateway in a route table.
Note: Instead of an internet gateway or NAT gateway, you can use AWS PrivateLink. To avoid errors, be sure to correctly configure AWS PrivateLink or HTTP proxy.
If you're launching tasks in a public subnet, choose ENABLED for Auto-assign public IP when you launch a task in the Amazon EC2 console. This allows your task to have outbound network access to pull an image.
If you're using an Amazon provided DNS in your Amazon VPC, confirm that the security group attached to the instance has outbound access allowed for HTTPS (port 443).
If you're using a custom DNS, confirm that outbound access is allowed for DNS (UDP and TCP) on port 53 and HTTPS access on port 443.
Verify that your network ACL rules aren't blocking traffic to the registry.
This error ultimately points to a network connectivity issue between the subnet or MicroVM your container runs on and the ECS service.
By default it will traverse the public internet (unless you have setup the correct VPC endpoints). So if you do not have outbound internet support you will not be able to connect to the ECR endpoint.
I have a site to site VPN connection from my on prem network to the VPC RDS resides in. I am trying to connect to mysql using the DNS endpoint RDS provides. I am unable to connect to the DNS endpoint but I am able to connect using the private ip that the endpoint resolves to.
I assume that the DNS is internal to AWS and my on prem network can not resolve it.
The RDS instance is publicly accessible.
How could I connect using the DNS endpoint?
Your assumption is right and you need to configure on-premise DNS resolution to internal AWS DNS. I didn't do that before, but Resolving DNS Queries Between VPCs and Your Network - Amazon Route 53 can help you :-)
Also, you can just open RDS to public internet, but it's not safe (and not your case, I assume)