AWS EC2-LINUX "Network connection refused" error - amazon-web-services

I have created AWS environment for my DEV and QA. Both the environments are created using the same CloudFormation template. DEV Environment is up and running. But I am unable to launch the QA Instance due to which our testing stopped.
When I try to login to the QA Machine it says
Network connection refused
I have checked the security groups opened port 22 on the machine. I have checked the VPC Configurations and NACLS. Everything looks fine.
What might be the issue?

Related

JPA cannot connect to AWS RDS from Beanstalk but it works locally

I'm deploying a Java 8 Spring Boot web app to AWS Elastic Beanstalk. I have an associated RDS MySQL instance and configured the relevant connection details.
The connection works when running the app locally, in my machine, because I set the following routing configuration for the RDS server:
As outlined, routings are also added for the security groups associated to my EC2 instances.
Therefore, running mysql on the EC2 machine works and the database can be reached.
The issue appears when deploying the app to Beanstalk, where it gets implemented into the EC2 instances. The app crashes because it gets connection refused errors when trying to connect to the MySQL RDS instance:
This doesn't seem to make any sense.
The database is accessible from both the EC2 instance (verified via the mysql command) and outside AWS, so the only remaining cause would be having misconfigured the Spring Boot app properties.
This doesn't seem to be the problem either because when running it locally, in my machine, the app has no issues connecting to the RDS instance and running normally using the production MySQL server.
I have separate application-development.properties and application-production.properties files, but I set the relevant properties to the same values:
spring.datasource.url = jdbc:mysql://XXXXXX.rds.amazonaws.com:3306/ebdb?useSSL=false&allowPublicKeyRetrieval=true&useUnicode=true&useJDBCCompliantTimezoneShift=true&useLegacyDatetimeCode=false&serverTimezone=UTC
spring.datasource.username = XXXXXX
spring.datasource.password = XXXXXX
spring.datasource.driver-class-name = com.mysql.cj.jdbc.Driver
Any pointers as to why my app could be running locally but not when deployed to Beanstalk?
Recreating both the Beanstalk environment and RDS instance seemed to fix the issue.

VPN connection to Amazon RDS with openvpn suddenly fails

I set AWS Client VPN Endpoint, and downloaded opvn file, configured it to refer to cert/key files and connected to AWS RDS.
It used to success connecting yesterday, but today, after re-installing ESET security app
It shows the following error when I trying connecting with MySQL client app:
ERROR 2005 (HY000): Unknown MySQL server host 'myrds.something.ap-northeast-1.rds.amazonaws.com' (0)
I am not sure how to detect the cause of the error. If I configured RDS settings to pubilc, the error above not shown and just waiting for minutes...
(maybe I guess some DNS settings overriden by ESET? )
You can easily debug the problem:
AWS Client VPN Endpoint, You can see the active connection. See if you are connected to it or not.
Do you restarted or reinstall RDS also, Because it will change the URL to connect.
Is username/password of DB is changed.
If RDS is in public setting you don't even need a VPN connection.
Also as suggested above check VPN to RDS VPC Route.
Thanks,
AB
here are some troubleshooting steps.
When you connect your VPN:
Check if it's pushing the DNS server address via DHCP configuration
Check if new routes are added to your route table. you can do "route print" in the windows command line
Hope this helps.

VS2017 message: publishing to the selected azure virtual machine has not been enabled

I am looking for help on how to resolve the following informational message when creating a publish profile in visual studio 2017: "publishing to the selected azure virtual machine has not been enabled".
I'm trying to set up a new publish profile for my production server. I have already successfully set one up for my development server. Both servers are Azure VMs. They use different network security groups.
I get this message when selecting New Profile->Azure Virtual Machines (click browse), selecting my production server and clicking OK.
VS2017 Production Azure VM Selected
I have already triple checked my firewall settings on both the VMs and Azure Portal. I don't think these are the cause though because I do not get this message when I choose my db server which doesn't even have IIS set up. My db and production server share an Azure network security resource group.
I'm using VS Community 2017 15.9.2 with an Azure VM and WebDeploy 3.5
C:\inetpub\logs\wmsvc has no logs on my production server but DOES have logs on my development server which makes sense since it's working there.
I tried the "Import Profile" button which seemed promising but get the following message when I click the, "Validate Connection" button:
"Could not connect to the remote computer......ERROR_DESTINATION_NOT_REACHABLE".
I've tried the following references:
https://github.com/aspnet/Tooling/blob/AspNetVMs/docs/create-asp-net-vm-with-webdeploy.md#SetupDNSName
https://learn.microsoft.com/en-us/iis/install/installing-publishing-technologies/installing-and-configuring-web-deploy-on-iis-80-or-later
https://learn.microsoft.com/en-us/azure/devops/pipelines/apps/cd/deploy-webdeploy-iis-deploygroups?view=vsts
https://blogs.msdn.microsoft.com/webdev/2017/11/01/publishing-a-web-app-to-an-azure-vm-from-visual-studio/
https://blog.tallan.com/2017/05/02/deploying-a-site-to-an-azure-vm-using-web-deploy/
https://learn.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-common-deployment-errors
https://learn.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-deployment-operations
The issue was that the production server is behind a load balancer. The request to port 8172 was stopped there. The solution was to add an inbound NAT rule (LoadBalancer - Inbound NAT rules) so that any attempt at the load balancer IP on 8172 gets forwarded to the production server.

Cannot deploy using AWS code deploy : too few healthy instances are available for deployment

I am trying to deploy an application to an ec2 instace from s3 bucket . I created an instance with the required s3 permimssion and also a code deploy application with required ec2 permissions
When I try to deploy thought I get :
The overall deployment failed because too many individual instances failed deployment, too few healthy instances are available for deployment, or some instances in your deployment group are experiencing problems. (Error code: HEALTH_CONSTRAINTS.
I shh into the ec2 instance to check the code deploy log and this is what I get in the :
2018-08-18 20:52:11 INFO [codedeploy-agent(2704)]: On Premises config file does not exist or not readable
2018-08-18 20:52:11 ERROR [codedeploy-agent(2704)]: booting child: error during start or run: Errno::ENETUNREACH - Network is unreachable - connect(2) - /usr/share/ruby/net/http.rb:878:in `initialize'
I tried changing the permissions , restarting the code deploy agent , creating a brand new codeDEploy application. Nothing seems to work.
In order for the agent to pick up commands from CodeDeploy, your host needs to have network access to the internet, which can be restricted by your EC2 security groups, VPC, configuration on your host, etc. To see if you have access, try pinging the CodeDeploy endpoint:
ping codedeploy.us-west-2.amazonaws.com
Though you should use the endpoint for the region your host is in - see here.
If you've configured the agent to use the proxy config, you may have to restart the agent like here.

Why Elastic Beanstalk instance stop responding

I have a nodeJS app deployed to Amazon Elastic Beanstalk and uses Application Load Balancer.
The problems is - once in a while instance stop responding. When I try to get logs, I see:
requestEnvironmentInfo is starting
and a timeout as a result.
I simply cannot access logs, even when I do eb shh I get:
INFO: Attempting to open port 22.
INFO: SSH port 22 open.
INFO: Running ssh -i /Users/Rostyslav/.ssh/cards-eb-keypair ec2-user#xx.xxx.xxx.xx
ssh_exchange_identification: read: Connection reset by peer
ERROR: An error occurred while running: ssh.
I also have set up logs auto-transfer to S3, but after instance get stacked - no new logs there anymore.
If I kill the EC2 instance and Load Balancer creates a new one and problem get fixed. However in usually ~1 day the same thing is happening.
Any ideas about why it is happening? Thank you!