I have 7 Spring microservices with Eureka Server which I would like to deploy into AWS Elastic Beanstalk. Every time when I redeploy microservice I see that the url address is changed. Is it possible to use internal static IP for every AWS service?
I was also facing this problem with managing EB instances remotely, I have fixed this in two ways:
For myself I use eb ssh from EB CLI to remotely access instances. As the CLI gives you an option to select which instance you want to connect to if there are more than one. If your microservices are in a private subnet you need a bastion to connect to your instances remotely.
using AWS System manager / Session Manager
You can install a System manager agent on your elastic beanstalk environment using ebextensions. Using Systems managers; Session manager you can start a session towards your microservice and all your commands will be logged towards S3 (can be usefull for change management / complaincy)
As I want straight to these two options; I never fixed the issue where private IP's changed.
Related
I was tasked to spin up Windows 2019 servers (as per AWS documentation, this has SSM agent preinstalled) and disable port 3389 for RDP because the only access they want is via Amazon Systems Manager Session Manager.
I have attached the AmazonSSMManagedInstanceCore role which gives Session Manager permissions to access this server programmatically, but I still have issues accessing this server via Session Manager. Possible errors are:
The agent is not installed,
The required IAM role is not attached etc.
But I have done all this and am still unable to access this server.
So I want to be able to edit the UserData with a bootstrapping script that installs SSM agent and see if that fixes the issue.
My guess is maybe someone tampered with the server and deleted the SSM agent file.
This doesn't answer the question about a bootstrap script, as I am still researching on that
But I solved the issue I had with AWS Systems Manager Session Manager.
The SSM Agent was still installed in the servers.
Upon creating my VPC, I had created a private subnet and a VPC endpoint which Session Manager will use to talk to resources in that subnet, but I later on deleted the private subnet, since they (my company) wanted all servers in a public subnet.
Due to the VPC endpoints created, Session Manager wasn't able to locate the servers I was trying to connect to via Session Manager.
SOLUTION: After deleting the VPC endpoints, Session Manager now connects to all those servers with ease... Yay!!!
FYI: I still would love a bootstrap script that will install SSM Agent to Amazon EC2 Windows Servers upon launch.
I have an Elastic Beanstalk instance that is running a Flask app. I want to know if there is any way through AWS to automatically block IP addresses that are doing unusual activity on my site.
This could be a range of things, for example:
Send several GET requests over and over
Trying to POST without a CSRF
And more. Any ideas? Thanks.
Generally, for that you would front your EB with application load balancer and AWS Web Application Firewall.
This setup is documented in the recent AWS blog and other sources:
How do I protect my Elastic Beanstalk environment against attacks from known unwanted hosts?
Setting up AWS Web Application Firewall (WAF) with Elastic Beanstalk
Guidelines for Implementing AWS WAF
I am new to amazon EC2 instances. I am able to deploy my jar in EC2 linux instance and execute it but the jar is running in Private DNS mode. I am not able to access the http and https urls from my local machine. I already enabled all traffic to access the api (in Security Group). Do I miss anything to get the api access over the internet? How can I run my api in public DNS mode?
I have started using elastic beanstalk with tomcat8-java8 application. Elastic beanstalk setup a nice application with RDS data tier. Is it possible to add another instance, which I created manually, in data tier as a redis caching server.
Thanks for any feedbacks.
There's nothing about Elastic Beanstalk that says it cannot communicate with other servers.
An application running under Elastic Beanstalk can access other resources such as S3 buckets, databases, and other servers, etc. as long as the various permission levels allow (VPC, security groups, etc.)
So you can add a redis server manually that your Elastic Beanstalk application can utilize. You just need to ensure that your application can "get to" the redis server.
I have a node.js application running on an Amazon Elastic Beanstalk (EB) environment
in my app code I create an instance of memcached (my elastic cache) like this:
var Memcached = require('memcached');
var memcached = new Memcached('my-elastic-cache-configuration-endpoint:11211');
In creating my ElastiCache cluster I used the security group of the EC2 instance running my EB app.
And in that security group I have allowed inbound access on port 11211 as described here:
Amazon ElastiCache Step 3: Authorize Access
However my memcached ElastiCache is still not accessible from my app.
I have tested it locally to make sure the code is alright etc. and everything checks out.
Does anyone know what I may be missing?