Please attach a message if this line of questioning is no longer appropriate for Stack and I will close / find a different forum. It looks like there are similar questions posted, so I am going to post - but I do realize this is an evolving community.
I am following this tutorial on launching a redshift sample cluster, so I can evaluate the product for usage: [http://docs.aws.amazon.com/redshift/latest/gsg/rs-gsg-launch-sample-cluster.html]
I am step 3 - launch the cluster. The tutorial suggests I do not need a VPC established "If you do not have a VPC, you will use the EC2-Classic platform to launch your cluster. Your screen will look similar to the following".
my screen doesn't look exactly like that (perhaps there has been drift between the console and the tutorial). The major difference is that the screen I see does not present a drop down for "Cluster Parameter Group" and where the VPC is selected it says "Not in VPC" and next to it there is the error message "You must select a VPC. If you do not have one, please create one using the VPC console."
And I guess another problem is that the error message at the bottom of the screen reads: "There was a problem fetching information required to launch: Not Authorized" not allowing me to continue (which is expected).
Do I need to setup a VPC? As I understand that isn't available on the free tier therefore...
You require a VPC.
If no VPC appears in the list, go to the VPC console for that region and select Actions -> VPCs -> Create Default VPC.
If that option is not available, it is because your account is enabled for EC2-Classic in that region. In this case, return to the VPC Dashboard and Start VPC Wizard to create a VPC that matches your requirements (eg the second option that creates a public & private subnet).
No, you can not create the VPC
You need to check below details:
1) Make sure you provided all necessary information during signup. Complete your AWS registration.
2) Check your email to see if you have received any requests for additional information. If you have, please respond to those emails with the information requested.
3) Verify your Credit/Debit card information is correct.
No, you can not create the VPC You need to check below details:
1) Make sure you provided all necessary information during signup.
Complete your AWS registration.
2) Check your email to see if you have received any requests for additional information. If you have, please respond to those emails with the information requested.
3) Verify your Credit/Debit card information is correct.
Related
I have 2 lambdas that were created by a demo script of aws-chime-sdk. I have attached them to a vpc because I need them be able to access RDS and ElastiCache.
The first one have an api gateway resource to / which responds with the index content after doing some database/redis work. The problem is the second one that should respond for post requests at /join. When I attach it to same vpc, it stops to work and if I take it out, it works(even having same permissions/security groups of the other one) but don't give me access to rds/elasticache. I'm stuck on it. Does any one knows what is missing here?
I am new to AWS and,
Here's the drill:
- Logged in to AWS with root admin credentials.
- I created few security groups in AWS.
- Terminated all the EC2 instances that I had.
- Deleted ELB successfully.
- Deleted RDS successfully.
- Using default VPC and no Elastic IPs.
Now, when I am trying to delete security groups, one group says its being referenced by another. When I try to delete the referenced one, it says that the security group is being referenced by a Network Interface.
We get two options here- Associate with another group or Delete that Network Interface.
Trying first makes no sense as I want to get rid of all the Security Groups except the default (Like it was in the beginning). Still I tried that option and got the error "You do not have permission to access the specified resource" and it did not let me associate that Network Interface (Status-In Use) with any Security Group.
Tried deleting/detaching(force) that Network Interface and got an error message "You do not have permission to access the specified resource."
A similar issue can be found below without any known solution:
https://forums.aws.amazon.com/thread.jspa?threadID=99189&start=0&tstart=0
Unresolved Stackoverflow link: issue in deleting VPC and network interface
I would really appreciate if someone hits me with a hammer of facts :)
Thanks, in advance!
I had the same issue, after having removed load balancers, auto-scaling groups, the memcached cluster and so on, I couldn't delete the VPC.
I had the feeling that there was some vicious circle between two network interfaces that I couldn't detach or modify and the security group itself that I couldn't remove as long as it was attached to the interfaces.
I ran the aws elasticache describe-instances command (I saw a reference to elasticache in a network interface description) to see if it would show something I missed.
And indeed, there was some redis cluster remaining, that I didn't see in the mess of the UI, which was some remnant of a long forgotten test. After having removed this cluster, I could delete the VPC.
So I'd say that kind of issue: unauthorized access, even for admins is mainly related to a component managed by AWS, and to the fact that the UI is far from friendly when it comes to know from where an error comes.
https://forums.aws.amazon.com/thread.jspa?threadID=168376
It looks like sg-72bd411a does in fact reference itself. You'll need to go into it and remove the reference before you can delete it.
We have a VPN setup with two static routes
10.254.18.0/24
10.254.19.0/24
We have a problem that we can only ever communicate from AWS - to one of the above blocks at a time. At some times it is .18 and at other times it is .19 - I cannot figure out what is the trigger.
I never have any problem communicating from either of my local subnets out to aws at the same time.
Kinda stuck here. Any suggestions?
What have we tried? Well the 'firewall' guys said they dont see anything being blocked. But I read another post here that stated the same thing and the problem still ended up being the firewall.
Throughout the course of playing with this the "good" subnet has flipped 3 times. Meaning
Right now I can talk to .19 but not .18
10 min ago I could talk to .18 but not .19
It just keeps flipping.
We've been able to get this resolved. We changed the static routes configured in AWS from:
10.254.18.0/24
10.254.19.0/24
To use instead:
10.254.18.0/23
This will encompass all the addresses we need and has resolved the issue. Here was Amazon's response:
Hello,
Thank you for contacting AWS support. I can understand you have issues
with reaching your two subnets: 10.254.18.0/24 and 10.254.19.0/24 at
the same time from AWS.
I am pretty sure I know why this is happening. On AWS, we can accept
only one SA (security association) pair. On your firewall, the
"firewall" guys must have configured policy based VPN. In policy/ACL
based VPN, if you create following policys for eg: 1) source
10.254.18.0/24 and destination "VPC CIDR" 2) source 10.254.19.0/24 and destination "VPC CIDR"
OR 1) source "10.254.18.0/24, 10.254.19.0/24" and destination "VPC CIDR"
In both the cases, you will form 2 SA pairs as we have two different
source mentioned in the policy/ACL. You just have to use source as
"ANY" or "10.254.0.0/16" or "10.254.0.0/25", etc. We would prefer if
you can use source as "ANY" then micro-manage the traffic using
VPN-filters if you are using Cisco ASA device. How to use VPN-filters
is given in the configuration file for CISCO ASA. If you are using
some other device then you will have to find a solution accordingly.
If your device supports route based VPN then I would advice you to
configure route based VPN. Route based VPNs always create only one SA
pair.
Once you find a solution to create only one ACL/Policy on your
firewall, you will be able to reach both the networks at the same
time. I can see multiple SA formation on your VPN. This is the reason
why you cannot reach both the subnets at the same time.
If you have any additional questions feel free to update the case and
we will respond to them.
I'm looking for a way to pick the best AWS region to host a Proof of Concept installation for a potential customer in India.
For this, I'd like to try to ping the customer's web site (I verified that it's hosted in India, I assume by the customer itself since that's part of their business) from multiple AWS regions and see which one gives best results.
I found multiple tools which would allow me to run ping from my own browser to multiple AWS locations (e.g. https://cloudharmony.com/speedtest, http://www.cloudping.info/) but none which will allow me to ping between all AWS regions and a specific third party.
Does such a tool exist, or is my only option to run up an EC2 instance in each region and try to ping from it?
You might want to check the answers to this very similar question.
Keep in mind that not all regions have all AWS services available at this time, so make sure the region you pick has all the services that you plan to use. Also, Amazon has said that an India region is in the works.
I was dorking around with AWS (and related services), hoping that I could stay in the Free Tier, like I do when I'm exploring Google App Engine.
A few days ago, I get a letter from Amazon that they've charged me $33 or so for my 2 days of exploration.
This has got to end, but I forget what services I've enabled. Ideally, I'd just disable the AWS account entirely, as without a free sandbox there's no way I'm going to be using their service. Is there a global off button, or do I have to stumble around to turn all their services off individually? Or do I have to delete my CC information and just create a new Amazon account altogether?
You can close your entire account in AWS Billing: https://console.aws.amazon.com/billing/home?#/account
Or if you just want to disable your "Free-Tier" services that has charges, view them here:
https://console.aws.amazon.com/billing/home#/freetier
Then open your EC2 dashboard - and cancel those services:
https://us-west-2.console.aws.amazon.com/ec2
For example:
Stop running instances, delete volumes, remove elastic IPs, etc.
Otherwise, I recommend sending an email to webservices#amazon.com from the email you used to signup with their service.
I had an RDS running and I couldn't figure out how to cancel just that service
Here's how to do it:
Go to billing services
https://console.aws.amazon.com/billing/home?region=us-west-2#/
Click "Bill Details"
Inspect it
You'll find NAME OF SERVICE + ITS LOCATION. This is the information you need.
https://console.aws.amazon.com/rds/home?region=us-east-1
Go to topright of page. Select the correct server location
The rest is straightforward from here
I was also frustrated (by being charged on the free tier without any info/warning in prior) and found a simple and elegant solution to turn off all AWS services. You delete your account and forget about these fraudulent (to be honest) AWS services.
Here is the link:
https://console.aws.amazon.com/billing/home?#/account
Here is the section:
I know this is a somehow an old question, but I would like to add a new answer because I think AWS has changed a lot since this was asked. I have stumbled on a similar situation as the OP and I found out that there are 3 possible ways to achieve this:
To have a single turn-off-everything button, but I'm not sure if this exists.
Overkill, go through the services and check them one by one and shutdown/delete any instances or running services.
To find out the actual source of leaking (cost occurring services) by viewing what is posting charges on your account and then turn off these services one by one. This can be done by visiting:
your AWS account >> My Billing Dashboard
Find your account username and open the drop down menu:
You can check what services are incurring fees.
Percentage table:
I followed the services by searching for their name on AWS console, if I couldn't find it I'd Google how to do so and then turned them off one by one.
In my case, there was no charge towards my bank even thought billing showed I have some balance, I think it's because I was using the free tier, maybe?
I just hit my free tier limit. I terminated my ec2 instance, deleted my storage volume and even removed my security group and key pair so I have nothing now. Hopefully no charge :P
Always make sure you select the right region. I once had 2 instances running and didnt realize it.
Today I finally discovered a global view to detect all the active services, you still have to disable every service manually but at least you don't have to switch all the regions to understand where you have active services.