I created a VPC .I did not create the NAT gateway but created IGW for my public subnet and then launched and EC2 in my public subnet. When I try to hit the public DNS (IPV4) in the browser I am not able to access the instance , I can SSH and access though . I have configured the security group for inbound all SSH and HTTP and outbound All . Also the route table is updated with the IGW entry . What can be wrong ?
As you're having no httpd service being found on your server, the reason you can not connect is that no httpd service is running to serve traffic over HTTP (port 80).
Try running the user data script manually and ensure you're on a RHEL distribution based instance (such as RedHat, CentOS or Amazon Linux).
If you're running debian based (such as apache) you would instead install it by running the below command.
apt-get update
apt-get install apache2
systemctl start apache2
Related
I am trying to achieve the following network topology. I want the EC2 instances in private subnets to receive http traffic on port 80 from application load balancer.
For that
I have launched EC2 instances in both the private subnets each. Also, installed apache web server with index.html using the following user data script.
#!/bin/bash
yum update -y
yum install -y httpd.x86_64
systemctl start httpd.service
systemctl enable httpd.service
echo “Hello World from $(hostname -f)” > /var/www/html/index.html
Next, I created ALB in the public subnets. Also, registered EC2 instances with a Target Group while creating the ALB. But health checks for the registered EC2 instances always fail. Please find the image below.
I have double checked security groups for EC2 instances and ALB. Both looks fine to me. Could anyone please let me know what am I missing here ?
thanks
After installing and running Apache2 on my EC2 Instance (Ubuntu 16.04) in AWS, I want to access the Site from my public browser with "ec2-3-231-162-52.compute-1.amazonaws.com". Apache2 is running on port 80, and I already created a security group, which allows Port 80 to connect. So why can't I access the default apache2 website?
Apache2 running status:
Security Group Incoming Traffic:
Security Group Outgoing Traffic:
You need quite a few pieces to make sure this is working:
First, your EC2 instance, and a running HTTPD server. Sounds like you have that.
Then, you'll need a VPC for the pieces to sit in.
You'll need a subnet on the VPC.
You'll need a route table in the subnet.
You'll need a security group on the VPC.
Your EC2 instance will need a public IP on the subnet.
Finally, an internet gateway to expose the VPC to the public internet.
Requests will flow through the internet gateway into the VPC, use the route table to find where they should go, and arrive at your EC2 instance, where the security group you've set up allows them into the correct port.
I am connecting 2 docker container one python app container and redis container with each other using ECS. When I ssh into ec2 instance and curl localhost:5000 it gives the output which means the container are running and python is connected with redis. I am trying to achieve the result with ECS Ec2
But when I search the public ip of ec2 it doesnot show anything. My task configuration setting:
and in python container I am having this setting, pulling the image from ecr and giving the port 5000:5000 and in link giving the name of redis so the it can connect to redis container. What setting Am I missing so that I can hit the python app container without doing ssh to the ec2-instance and doing curl localhost:5000
If the application is accessible on localhost then possible reasons are
Instance security group does not allow 5000 Port, so check the security group and allow HTTP traffic on port 5000.
An instance might be in a private subnet, but how you do ssh from bastion or directly? if directly then the issue should be resolved by following step 1.
Use the public IP that you used for ssh and it should work
http://ec2Public_Ip:5000
I have Launched an Elastic Beanstalk application in a VPC with Amazon RDS (postgresql) using NAT Gateway (because I want to route my application traffic through a fix public ip address) following these instructions:
http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/vpc-rds.html
How can I ssh into the instance from my local system ?
eb ssh is showing following error however my instance is available and not terminating.
ERROR: This instance does not have a Public IP address. This is possibly because the instance is terminating.
How can I login to the postgresql client ?
Following command is not prompting anything:
psql --host= --port=5432 --username= --password --dbname=ebdb
I know they are in private subnet so can't be accessed from public network but I want to know the possibility of that. Please help !
You will have to have a server with a public IP (in a public VPC subnet) that you can connect to from outside your VPC. I recommend setting up a t2.nano server as a bastion host.
If you use VPN, you can also modify sshops.py to use the private DNS name. Varies by OS and version, but mine is located here:
~/Library/Python/2.7/lib/python/site-packages/ebcli/operations/sshops.py
Search for PublicIpAddress (mine is on line 88), and change it to read:
ip = instance['PrivateDnsName'] #was PublicIpAddress
It's too bad that the EB CLI isn't on Github...otherwise I'd contribute a way to do this via a parameter.
I also added a convenient alias for this:
alias appname='eb init appname;eb ssh --region=us-east-1 appname -n'
This allows running appname 1 or appname n, where n is the number of hosts in your cluster.
I am quite new to Elastic Beanstalk and not very proficient with server administration, but I need to set up a Django project on Elastic Beanstalk connecting to external RDS MySQL database.
I have created a separate RDS MySQL database and I can connect to it using Sequel Pro on my computer without problems. Then I have my Django project which I try to put to Elastic Beanstalk, but unfortunately without luck. If I run the local Django server from my computer, the project is browsable and Amazon RDS MySQL is accessible. However, when I run
eb deploy
I get
django.db.utils.OperationalError: (2003, "Can't connect to MySQL server
on 'myapp-staging.xxx.eu-west-1.rds.amazonaws.com' (110)")
(ElasticBeanstalk::ExternalInvocationError)
If I login to the EC2 server via SSH
eb ssh
and then check the open ports with
netstat -lntu
I don't see MySQL's port 3306 there, so I guess it is blocked by firewall.
This is what I tried regarding permissions:
I went to RDS Dashboard -> Security Groups and created myapp-mysql-security-group with EC2 Security Group connection type pointing to EC2 security group used by Elastic Beanstalk EC2 instance “awseb-e-...”.
I went to EC2 -> Security Groups and for “awseb-e-...” I set the Inbound MySQL port with source 0.0.0.0/0
I went to VPC Dashboard -> Security Groups and created myapp-mysql-security-group with Inbound Rules of MySQL port with source 0.0.0.0/0.
Then I tried to redeploy, restart servers and even rebuild environment, but nothing helped. The MySQL port 3306 is still not open in the EC2 instances created by Elastic Beanstalk.
What am I doing wrong or what is missing?
MySQL port 3306 is only opened at the RDS instance (not in your EC2 instance). So, if you check on your EC2 instance, it should not listen on port 3306.
Things those you can do to check RDS is working:
Check your EC2 instance connection to RDS.
SSH to your instance (eb ssh) and run telnet myapp-staging.xxx.eu-west-1.rds.amazonaws.com 3306. You might need to install telnet first (yum install telnet).
If it's success, check your app.
If it's failed, check on next point.
Make sure your RDS and EC2 placement is correct:
For private only access RDS:
Make sure they are in same VPC and allow incoming connection in RDS from VPC's IP to 3306. For better performance, use IP address instead of Security Group name.
If they are on different VPC, you can create VPC Peering.
For public access RDS:
Same as above, allow incoming connection from VPC's IP.
Make sure EC2 instances are allowed to make outgoing connection to port 3306 in EC2 security group.
Make sure your EC2 host doesn't have denied 3306 rule in iptables.
If your EC2 and RDS in different VPC and you use private IP for your EC2, check the NAT server. Make sure you allow port 3306 to be proxified.