I am trying to achieve the following network topology. I want the EC2 instances in private subnets to receive http traffic on port 80 from application load balancer.
For that
I have launched EC2 instances in both the private subnets each. Also, installed apache web server with index.html using the following user data script.
#!/bin/bash
yum update -y
yum install -y httpd.x86_64
systemctl start httpd.service
systemctl enable httpd.service
echo “Hello World from $(hostname -f)” > /var/www/html/index.html
Next, I created ALB in the public subnets. Also, registered EC2 instances with a Target Group while creating the ALB. But health checks for the registered EC2 instances always fail. Please find the image below.
I have double checked security groups for EC2 instances and ALB. Both looks fine to me. Could anyone please let me know what am I missing here ?
thanks
Related
I have created an AMI from an Instance with the user data
#!/bin/bash
yum update -y
yum install httpd -y
systemctl enable httpd
systemctl start httpd
which starts the Apache server, within I have a index page where Instance details are stored so when I visit the webpage via the Instance IP address it will display this info which it has done so I created an AMI from that Instance and then created a Launch Configuration, Load Balancer and ASG with it attached along with my VPC and public subnets.
I am working towards where it will be a managed Load balancing auto scaling web app that launches Instances based on my Metric which it does but the problem is the 'User Data' is not displaying when new instances are launched and it does not let me connect via the IP Address.
I also have a CPU script that will run my CPU Utilization on my Instance at 100% so it will trigger my metric of if it goes above 60% it will launch new instances every minute or so and i'm also wondering how would I see the load distributed between these Instances to make sure it is distributing equally to all separate Availability Zones? Would there be a log?
I am connecting 2 docker container one python app container and redis container with each other using ECS. When I ssh into ec2 instance and curl localhost:5000 it gives the output which means the container are running and python is connected with redis. I am trying to achieve the result with ECS Ec2
But when I search the public ip of ec2 it doesnot show anything. My task configuration setting:
and in python container I am having this setting, pulling the image from ecr and giving the port 5000:5000 and in link giving the name of redis so the it can connect to redis container. What setting Am I missing so that I can hit the python app container without doing ssh to the ec2-instance and doing curl localhost:5000
If the application is accessible on localhost then possible reasons are
Instance security group does not allow 5000 Port, so check the security group and allow HTTP traffic on port 5000.
An instance might be in a private subnet, but how you do ssh from bastion or directly? if directly then the issue should be resolved by following step 1.
Use the public IP that you used for ssh and it should work
http://ec2Public_Ip:5000
I created a VPC .I did not create the NAT gateway but created IGW for my public subnet and then launched and EC2 in my public subnet. When I try to hit the public DNS (IPV4) in the browser I am not able to access the instance , I can SSH and access though . I have configured the security group for inbound all SSH and HTTP and outbound All . Also the route table is updated with the IGW entry . What can be wrong ?
As you're having no httpd service being found on your server, the reason you can not connect is that no httpd service is running to serve traffic over HTTP (port 80).
Try running the user data script manually and ensure you're on a RHEL distribution based instance (such as RedHat, CentOS or Amazon Linux).
If you're running debian based (such as apache) you would instead install it by running the below command.
apt-get update
apt-get install apache2
systemctl start apache2
I'm trying to telnet from a docker instance on Elastic Beanstalk to a different EC2 instance within the same VPC. I've created a security group allowing inbound traffic from the Elastic Beanstalk security group id to the other EC2 instance.
after ssh'ing into one of the Elastic Beanstalk instances, I can confirm that I am able to telnet from Elastic Beanstalk instance to the other EC2 instance.
Successful:
[root#ip-111-11-11-111 ~]# telnet 222.22.22.22 9999
Trying 222.22.22.22...
Connected to 222.22.22.22.
Escape character is '^]'
But, when I connect to the docker container interactively (via docker run -it) and try to run the same command above, no connection is made:
failure:
[root#ip-111-11-11-111 ~]# sudo su -
[root#ip-111-11-11-111 ~]# docker exec -it my_instance /bin/sh
/path-of-user # telnet 222.22.22.22 9999
(hangs here, never connects)
So clearly the security group works for the Elastic Beanstalk instance but not the docker instance inside of the Elastic Beanstalk instance. I'm not sure what the correct changes to the security group would be to allow traffic from the docker instance inside of the Elastic Beanstalk instance to the different EC2 instance. Any help would be greatly appreciated!
If I were you I'd check docker's configuration, e.g., if you do sudo docker ps can you see that your docker have ports forwarding configured correctly? You should have something like 0.0.0.0:80->80/tcp.
The telnet command inside the docker container ended up being a false positive of the connection to the external ip not working. After further debugging the issue, the connection was actually being made, but apparently the Alpine distro that I was running in docker simple does not output anything even though it was indeed connecting. I was able to confirm the connection when I noticed messages successfully passing through my external Kafka setup.
Does anyone tried to configure AWS Application load balancing to docker swarm running on EC2 instances not on EC2 CS, because most documentation shows only Docker for AWS, I saw some post that you must include the ARN on the label but I think it's still not working. Also, the DNS on the load balancer does not show the nginx even though port 80 is already allowed on our security group
This is the command I used when running the services,
docker service create --name=test --publish 80:80 --publish 444:80 --constraint 'engine.labels.serverType == dev' --replicas=2 --label com.docker.aws.lb.arn="<arn-value-here>" nginx:alpine
Current Setup:
EC2 instance
Subnet included on the loadbalancer
Any insights will be much appreciated.