I created a task definition that runs a Neo4j database, opened the ports 7474 and 7687 for the database http and bolt connectors, and launched the task definition in a ECS service of type Fargate in a private subnetwork.
How can I get the IP address of the container running the database without an ALB?
Thanks
There are a couple of ways to obtain the ip address of your running container. Through the console the private subnet should be accessible as a link, and when you click on the subnet you should be able to see the private ip address.
You can also make use of the command line to describe your tasks. The describe output should contain the ip address of your running conatiner:
https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_DescribeTasks.html#API_DescribeTasks_RequestSyntax
Finally, in Fargate there is also a metadata endpoint that is exposed in each running container, if need be, you can programmatically access that endpoint to obtain the ip address in your private subnet:
https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-metadata-endpoint.html#task-metadata-response
Related
I am trying to get a Windows Server EC2 instance to communicate with a running Kubernetes Service. I do not want to have to route through the internet, as both the EC2 Instance and Service are sitting within a private subnet.
I am able to get communication through when using the private IP address of the Service, but because of the nature of Kubernetes when the Service goes down, for whatever reason, the private IP can change. I want to avoid this if possible.
I either want to communicate with the service using a static private DNS name or some kind of static private IP address I can create and bind to the Service during creation. Is either of this possible to do?
P.S. I have tried looking into internal LoadBalancers, but I can't get it to work. Don't even know if this is the right direction. https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.2/guide/service/annotations/#traffic-routing. Currently I am using these annotations for EIP binding for some public-facing services.
Why not create a kubeconfig to access the EKS services through kubectl?
See documenation: https://docs.aws.amazon.com/eks/latest/userguide/create-kubeconfig.html
or you want to send traffic to the services?
I've implemented a user-microservice to an ec2 server other than a eureka registry server that also has a cms-microservice when I go to the Eureka dashboard to see all of these services up and running with their ports. But when implicitly cms-microservice call user-service, I got no available microservice with this name, or sometimes a connection time-out.
In docker-compose I'm using a static ip-address of every docker container, with a specific subnet, and gateway and bridging network. And outside the eureka server, I used a private IP address of Ec2 instance in serviceUrl.defaultZone and all services are shown there but no response returned.
So my question is what do I need to reach the private IP of the docker container inside a private IP of Ec2 instance? Do I need natting if yes, can anyone tell me the way to do it?
Note: my instance is using a centOs.
Im using ECS to create a service that uses the awsvpc network type - thus creating ENIs on my host instances giving my ec2 instances two internal network configs and two internal Ips.
I cant seem to be able to pull out any ENI information out of the instance metadata http://169.254.169.254/latest/meta-data/ - only the original internal Ip.
Is there any way i can discover the ENI ip via querying the instance metadata or other method from within the docker container without resorting to aws-cli ?
it is possible to get the ip address of the ENI adapter with the instance meta-data:
curl http://169.254.169.254/latest/meta-data/network/interfaces/macs/
then sub in the macs to get both private ips:
curl http://169.254.169.254/latest/meta-data/network/interfaces/macs/<mac address>/local-ipv4s
I am new to AWS environment.I have installed apache Atlas in EC2 instance and from Lambda I am trying to get metadata from glue data catalog and post it in apache atlas(apache atlas uses rest end-points) running on ec2.I am able to get the glue data catalog metadata in lambda function.
How can i access use curl/httpGet call from lambda function to access service running on port 21000 on localhost on my EC2 instance?
Update1 : Resolved by allowing all traffic for inbound on private IP for the EC2 instance in security group.
Update2 : Now I am able to access the rest URL(by its private IP) and glue catalog both within Lambda.What I did is I created a private and public subnet and put my EC2 instance and lambda on same private subnet with NAT configured on a public subnet.
Now my lambda is working but I am not able to ssh on my EC2 instance.Is there a way to get that working also?
"localhost" is relative to each computer. What is "localhost" on your EC2 server is different from what is "localhost" on AWS Lambda, etc. You need to stop trying to access "locahost" and use the server's IP address instead.
To access port 21000 on the EC2 server the Lambda function needs to be placed in the same VPC that the EC2 instance is in, and the EC2 server needs to be listening to external traffic on port 21000, not just localhost traffic. You would assign a security group to the Lambda function, and in the security group assigned to the EC2 server you would open port 21000 for traffic coming from the Lambda function's security group. Finally, the Lambda function would access the EC2 server by addressing it via the server's private IP.
I'm not familiar with Apache Atlas and whether it exposes it's own HTTP endpoints to external clients. What you need is a server running on EC2 for that.
EC2 server doesn't magically accept HTTP calls from external connections and route to the local resources you want (in this case, Atlas). Install Apache Server, nginx or any other server in your EC2 instance. Configure it properly and write some code that takes the data POSTed by your Lambda and submits to the local Apache Atlas API.
The following page contains some instructions in this direction. Search the web if you need more help, there are tons of tutorials for doing this already. https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Tutorials.WebServerDB.CreateWebServer.html
I have a kubernetes cluster having a master and two minions.
I have a service running using the public IP of one of the minion as the external IP of the service.
I have a deployment which runs a POD providing the service.Using the docker IP of the POD I am able to access the service.
But I am not able to access it using the external IP and the cluster IP.
The security groups have the necessary ports open.
Can someone help on what I am missing here.The same setup works fine in my local VM cluster.
Easiest way to access the service is to use a NodePort, then assuming your security groups allow that port you can access the service via the public ip of the node:nodeport assigned.
Alternately and a better approach to not expose your nodes to the public internet is to setup the CloudProvider to be type AWS and create a service type LoadBalancer, then the service will be provisioned with an ELB publicly.