I have hosted our applications on ECS Cluster (EC2 Mode) in a private subnet. I am facing problem with inter-service communication.
I have set task networking mode as bridge.
Depending on Route53 private hosted zone for service discovery.
The services are getting registered under Route53 with SRV record type.
Using . for pointing to our hosted service. For example, I have hosted redis container with namespace "local" and service name as "redisdb" then referring that service in application as "redisdb.local"
But I am getting an error in our application saying: "Name or Service not known". I have also tried with AWSVPC mode with A record type. But still I am facing same issue.
Am I missing anything here? Any help would be appreciated.
hmm, finally the issue was resolved by enabling the dns hostname
Related
I have an ECS cluster setup with a container that runs a microservice hosting a public and private HTTP server.
I have the public HTTP server being connected through an Elastic Load Balancer which is working correctly, however the internal HTTP server is being routed via AWS Cloud Map and Route 53 with a private hosted zone.
AWS Cloud Map finds the instance correctly, however when trying to access the private endpoint from another ECS task I get a no such host error.
Any suggestions on what could be the cause?
Thanks!
For me it's resolved that DNS Hostnames and DNS resolution are enabled in your VPC settings,
Go to your VPC dashboard then press on "Actions" button then
Press Edit DNS hostnames
Check the "Enable" checkbox
and same goes for DNS resolution.
I have an EC2 Ubuntu Instance running on AWS.
I have created a SSL certificate for my domain using AWS Certificate Manager.
i have created the needed hosted zone with the needed records for my domain.
I have created a Load Balancer with listeners for both protocols HTTP and HTTPS.
Now, I can access the site using the public IP from the AWS Instance and also using my domain name.
The issue is when trying to access the site using https.
There appears an error page: ERR_SSL_PROTOCOL_ERROR
I don't know what is wrong in my approach to get a working site running with a SSL certificate.
I guess it can be due to the Ubuntu Apache2 configuration, but not sure.
I would appreciate a checklist of things I should verify in AWS (Certificate Manager, EC2 Instance, Load Balancer, Route 53, etc.) or in the configuration of the Ubuntu Apache2 server.
EDIT:
This is the security group inbound rules that are in use with the ELB
I would double check security group on the ELB, confirm domain DNS. It's something on the ELB side since you are not connecting there.
Setup
I've got the below configured in a single AWS account. If it helps, the Client is Kibana and the Service is ElasticSearch.
What I'm trying to do
Route traffic from the "Client" EC2 instances to an Internal Application Load Balancer using a Route53 Alias Record in a Private Hosted Zone.
I've followed AWS's documentation, and as I understand it, I should just be able to create the alias record in the Private Hosted zone... and the good new is, I can
The Hosted Zone name is internal.my_company.com
The Alias name is service.internal.my_company.com
Problem
If I open a Session Manager terminal on one of the Clients and run the following:
curl <internal_load_balancer_dns>:9200
I get a response from the Service as expected
However, if I run
curl service.internal.my_company.com:9200
I get the following response
curl: (6) Could not resolve host: service.internal.my_company.com
I've googled around, but can't find anything recent relating to this. Have I missed something in letting Route53 know how to reach the Internal Load Balancer?
Let me know if you need more information about the setup.
Thanks
Is the VPC hosting your private subnets associated with the private hosted zone? (Probably so, since you have to pick a VPC when creating the zone.)
For the VPC, did you enable DnsHostnames and DnsSupport?
VPC --> Actions
Currently, the DNS server for the EC2 instance in AWS China is 10.0.0.2, as shown below:
[root#ip-10-0-0-191 ec2-user]# cat /etc/resolv.conf
search cn-north-1.compute.internal
nameserver 10.0.0.2
If the DNS server is down, the domain name of the EC2 instance will not be resolved. Is there any way to create an alternate DNS server or a slave DNS server to avoid this problem?
What are the solutions for the following two environments:
I have several EC2 instances running in the AWS US region. So, can I set up a DNS server in the US as an alternate DNS server for the EC2 instance in China? If this method works, what are the specific steps? What services need to be connected through the AWS network in China and the US?
I only have instances of the AWS China region, and there are no instances of other areas of AWS. How can I accomplish my goal?
There is no apparent problem to solved, here.
First, this IP address does not represent a single DNS server.
The Amazon DNS Server is actually a service of provided by the network infrastructure -- not a dedicated machine.
Anything can theoretically fail, but a failure of this subsystem is unlikely unless the physical hardware where this VM is running or its hypervisor has failed or is failing... in which case, the server will fail its health checks and will be offline.
Second, this isn't quite accurate:
If the DNS server is down, the domain name of the EC2 instance will not be resolved
If the VPC DNS resolver service were to somehow fail, this would prevent the instance from resolving any names, but names pointing to the instance are not something this server does. This server is only used when the instance is doing the lookup -- not when something else is looking up the instance.
We have few rancher hosts in few different datacenters. The Issue I am trying solve is:
Get DC Rancher app to resolve or connect to AWS rancher container and we have VPN between so the network is pretty much wide open. I could potentially do everything through public interfaces however am more interested to isolate it to private network between DC and AWS.
Check out Working with Private Hosted Zones:
"If you have integrated your on-premises network with one or more Amazon VPC virtual networks and you want your on-premises network to resolve domain names in private hosted zones, you can create a Simple AD directory. Simple AD provides IP addresses that you can use to submit DNS queries from your on-premises network to your private hosted zone. For more information, see Getting Started with Simple AD in the AWS Directory Service Administration Guide."
See https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/hosted-zones-private.html
See the Custom DNS Servers section and how to use Simple AD to resolve DNS for your use case.