I registered a domain name with AWS Route 53 as mydomain.com. Is there anyway that I can assign e.g. ns1.mydomain.com as a public hostname to an EC2 which does NOT have a Elasti IP?
Thanks
You can assign the domain name to any IP address of an instance. However be aware of the following limitations:
If a domain name is assigned to a private IP, it will not be connectable without network access to that IP
If the domain is assigned to a non-elastic public IP if the instance stops and starts you would lose the public IP so would need to update the DNS resolution.
If you have a public facing application, but want to keep network traffic that directly connects to the instance private you should look at using an ELB in front of the application to provide a security boundary between the internet and your application.
Utilize a load balancer in front of the instance and assign the public hostname to the load balancer.
Use S3 webpage redirect and assign the hostname to the S3 URI.
If the problems is that you don't have any elastic IP's left, you can request for more. This should be resolved within about 15 minutes.
Related
I have an instance running on AWS. I have stopped it and then restarted it after few hours. Now I am unable to access my website by a domain name but it is accessible by its ip
Looking for a solution so that I am able to access it with domain name also.
As this is your personal domain, the likely scenario is that when your instance rebooted the IP address changed.
You can validate this by comparing the public IP address in the AWS Console to the IP address entered in your DNS configuration for your domain.
This is expected behaviour for the standard public IP address for EC2 hosts, if you want to resolve this you will need to create an elastic IP address and associate it to the instance you have.
Once this has been associated update your DNS record to use the new public IP that has been assigned (the EIP). This will then allow you to reboot your instance without the risk of losing your IP. In addition be aware that based on the TTL of your domain you will need to wait for the DNS to propagate.
I need to create an internal website for a company accesible only through company's VPN. I have an EC2 instance with a webserver and I was able to access the website through instance's private IP. Now I'm trying to connect the instance to internal ELB and I'm facing a problem with ELB's DNS name.
Instance is added to ELB's target group, they are on the same subnet, it passes the health check, I'm able to send a request from browser to ELB using its IPs addresses but when I try to do the same with ELB's DNS name I don't get any response. Security groups are also correct.
I'm also unable to ping ELB's DNS name from EC2 instance.
Why internal ELB's DNS name does not work in the browser/postman? And how I can fix it?
I understand, that a static IPv4 addresses would be more expensive for AWS, so it changes every time I restart the instance. But the Public DNS could be static, so I would not have to change the address in all my applications, after restarting the Instance.
Can I statically set the Instances Public DNS to something like "MyChoosenName.eu-west-1-compute.amazonaws.com"?
It seems that AWS now allows keeping a static public IP address with a EC2 Windows or Linux instance by associating an Elastic IP address with the instance.
Check out their webpage for how to "allocate and associate an Elastic IP address with your EC2 Windows or Linux instance".
No its not possible
Because each public ip address in AWS is binded to DNS, so what you
are attempting add sub-domain to the
"eu-west-1-compute.amazonaws.com" which is not possible you are not
owner of the domain provider.
The thingh you do is bind the public to some other domain which you own like
Mychoicename.abc.com like we do for other domain bindings either in
AWS route53 or other domain providers.
Forgive me if this question is off-topic for this community; I couldn't find a more appropriate one and StackOverflow has always come through when I need it!
I am trying to set up a bastion host with Amazon EC2. I want the only way to connect to any of my instances to be an SSH from this bastion instance. The public subnet containing the bastion uses CIDR block 10.0.128.0/17, and the subnet containing my other instances uses CIDR block 10.0.0.0/17. I have network ACL and security group rules permitting SSH egress from the bastion to the other subnet, and permitting SSH ingress to the other subnet from the bastion. Everything should work. Unfortunately, my bastion is trying to communicate with the other instances using their public IPs, which of course is not in the 10.0.0.0/17 block, and therefore the traffic is being blocked. How can I ensure that my bastion uses private IP addresses while communicating with other instances in the private subnet? This seems like it should be the default behavior for local traffic in a VPC but apparently its not!
EDIT:
I left out some key info. The "private" instance giving me trouble is actually public; it is a Wordpress web server with public IP 52.14.20.167 (please don't spam it lol) and a custom www DNS name. However, while I want my bastion to be able to SSH into it using that DNS name, I still want all SSH traffic be local so that my security groups and network ACLs can be very restrictive. According to this AWS doc:
We resolve a public DNS hostname to the public IPv4 address of the
instance outside the network of the instance, and to the private IPv4
address of the instance from within the network of the instance.
However, I think this rule only applies to the AWS-provided (IP-like) public DNS names. My custom DNS always resolves to the public IP, not the private one, as seen in the flow log from my bastion's subnet below. 10.0.128.6 is the bastion and 52.14.20.167 is the web server. Idk what the 190. and 14. addresses are. So my more educated question is, how can I have custom DNS names resolve to private IPs for a bastion host and second instance in the same VPC?
10.0.128.6 52.14.20.167 56008 22 6 7 420 1485465879 1485465996 REJECT OK
190.173.143.165 10.0.128.6 27754 22 6 1 40 1485466241 1485466296 REJECT OK
10.0.128.6 52.14.20.167 56012 22 6 7 420 1485466903 1485467016 REJECT OK
190.13.10.206 10.0.128.6 28583 22 6 1 40 1485467140 1485467197 REJECT OK
10.0.128.6 52.14.20.167 56014 22 6 7 420 1485467437 1485467557 REJECT OK
14.158.51.244 10.0.128.6 55532 22 6 1 44 1485467500 1485467557 REJECT OK
After some question/answer back and forth with the OP, we determined that one of the root causes for the issue was the use of custom DNS names.
The user would access the bastion host, and from there would resolve the custom DNS name to a public IP address for the EC2 instance in question. This is why the traffic, from the bastion host, was not using the EC2 instances' private IP addresses. The key to using an EC2 instance's private IP address is to resolve the AWS-assigned public DNS hostname of that instance from within AWS. As the OP noted from the AWS docs, that AWS-assigned public DNS hostname will resolve to a public IP address from outside of AWS, but will resolve to a private IP address from inside of AWS. Thus the key was to get the user using that AWS-assigned public DNS hostname.
One way in which to keep the use of the custom DNS hostname, and still resolve to the private IP address of the EC2 instances from the bastion host is to make the custom DNS name be a CNAME record (rather than an A record), which points to the AWS-assigned public DNS name. Yes, this requires updating that DNS record whenever a new/different EC2 instance appears, but such an update would be required anyway, for an A record to point to the new public IP address. By using a CNAME, things should work as desired.
Hope this helps!
You need to use CNAME records instead of A records when you setup DNS for your ec2 instance. Assume that you have a www site with url my-site.com. If you put DNS records my-site.com A your_public_ip example my-site.com A 52.14.20.167
your traffic will go outside the aws VPC if you try to reach that url from any server from inside your VPC.
To avoid this you need to change that record to
my-site.com CNAME your_EC2_instance_AWS_DNS_address
Example:
my-site.com CNAME ec2-XX-YY-ZZZ-17.eu-west-1.compute.amazonaws.com
With this if you access your www service outside AWS you will get your public ip resolved, and inside the AWS VPC you will get the private address of your service and traffic will stay inside AWS VPC.
I have standard AWS EC2 instance. It has standard URL that was created by AWS automatically on EC2 creation:
ec2-xx-xx-xxx-xx.ap-southeast-2.compute.amazonaws.com
I want to change host name for arbitrary value and it is not a public domain. And I want to access EC2 from Internet with that custom host name:
Instead: ec2-xx-xx-xxx-xx.ap-southeast-2.compute.amazonaws.com
I want at least: foo.ap-southeast-2.compute.amazonaws.com
Or even better: foo.compute.amazonaws.com
Is it possible in AWS?
I want to change host name for arbitrary value and it is not a public
domain. And I want to access EC2 from Internet with that custom host
name ... EG foo.ap-southeast-2.compute.amazonaws.com
Is it possible in AWS?
No, it is not. The external DNS hostname is the authoritative DNS name for that instance. That "ec2-xx-xxx-xxx-xx" part is the IP # assigned for that instance. That hostname stays with that IP number/instance as long as it is assigned to it.
Each instance that receives a public IP address is also given an
external DNS hostname; for example,
ec2-203-0-113-25.compute-1.amazonaws.com. We resolve an external DNS
hostname to the public IP address of the instance outside the network
of the instance, and to the private IP address of the instance from
within the network of the instance.
Using DNS, of course you can alias that DNS hostname to any host in a custom domain. But you cannot modify the AWS given external DNS hostname.
See Public IP Addresses and External DNS Hostnames