Resolve URL to AWS Server - amazon-web-services

I have a domain that I own. I will say is example.com. I added SSO.example.com as a Type A record on GoDaddy with a value of 37.89.245.2(example).
The IP address is a elastic IP on a Windows AWS server.
I can ping the IP address but I can't ping the URL. Do I need to do something with the IP address on the AWS Windows server to be able to ping the URL?
This is pretty much one of my first web based projects so any help would be appreciated!

Ping is not a reliable test method in AWS because most security groups do not permit inbound ICMP protocol, which is used by Ping. So, if you really want to test connectivity, do it on a port that you actually need your application to support, such as HTTP (80) or trying an SSH/RDP connection.
Another common use for a Ping is to resolve the domain name to an IP address, since it displays the result on-screen. This can be a good way to check that your Amazon Route 53 configuration is correct. (Same as a dnslookup.)

I was jumping the gun a bit and the new NameServers I was using had not replicated completely yet. After replication completed everything was able to be pinged successfully.

Related

How to test AWS EC2 Security Group

I frequently have problem with AWS EC2 Security Group. It takes me long time to figure out what goes wrong in the setting.
I am wondering is there any available tool to test the security group much easier without having to manually check in AWS.
There's a new capability in AWS called AWS Route Analyser. With this service you can enter the instance id and your internet gateway, and it will advise you as to what (if anything) is stopping the routing of packets. See https://docs.aws.amazon.com/vpc/latest/tgw/route-analyzer.html
Hey you can use below link if your port is accessible from every where:-
https://ping.eu/port-chk/
you need two information:-
IP address or host name:
Port number:
or you can ask the remote user to:
telnet hostname port number
telnet ip address port number

Redirect own domain to Amazon EC2 Windows Server 2012 Instance

We just created an AWS Windows Server 2012 Instance and now want to Redirect our Domain (bought and managed by 3rd Party) to this server.
we followed the two steps at the 1st ranked answer here: How redirect a domain to Amazon EC2 Machine?
While we managed to create and associate the elastic IP, the problem seems to be step 2 now: actually we have setup a A record at our current domain manager but still doesnt work. If we enter our domain at browser it seems to load for something and then stops after some seconds
We are very beginners and wondering where we need to put the lets say "index.html" or so like we did at our previous Webspace hoster. In other words, if the user access our server through the elastic ip, which direction the browser is firstly trying to enter?
The standard pattern is
... in aws route53 create a Hosted Zone
... by default it auto gives you Type NS and SOA copy the set of 4 values under your Type NS (similar to)
ns-125.awsdns-15.com.
ns-642.awsdns-16.net.
ns-1653.awsdns-14.co.uk.
ns-1473.awsdns-56.org.
... now get into your Domain Registrar and edit Nameservers by using above list
... upon deploying your aws cluster it will give you a loadbalancer value similar to
af327bdd34eca101010100a02debd892-11516969089.us-east-1.elb.amazonaws.com
... get into your aws route53 hosted zone console pick your domain
... hit Create Record Set on the right pick Type A
... IMPORTANT pick Alias YES see doc
... click in box Alias Target empty out field ... then choose above mentioned loadbalancer
I think you have security and firewall issues,
Check following items step by step:
Enter your EC2 IP address in your browser; you should see your app home page.
If you can't reach your server response by direct IP address, check your security group, inbound tab, you must open port 80 to source 0.0.0.0/0
Each time you see your home page by direct IP address in the browser you can go to next steps for domain and route53.
I tried to telnet 52.59.50.150 80 to your instance and it timed out so that means your HTTP port 80 is not open. Add below security rule to your security group. And then check your domain it will work.
We are actually wondering how the whole Setup should actually work.
We have dropped the Index.html on c:
Lets say we are trying to request the Microsoft Server EC2 through the elastic IP. How it is even trchnically possible that the server is finding and responding with exactly this Index.html?
Thats completely a blackbox for us besides the question if the security groups/rules/ports are established correctly...
I have solved my problem. Just for people that have the same problem:
Besides the points mentioned above you have to setup IIS (Microsoft Internet Information Service) on your server in order to redirect your domain to specific "folders" / index.htmls

Nginx "Failed (111: Connection refused)"

I created a t1.micro instance, set up my security groups, and then associated this instance to an Elastic IP (the Elastic IP has a scope of "VPC", as it was my only option when creating the EIP).
I entered my public DNS URL into my browser, and I can access my site as expected; however, when I simply enter the Elastic-IP/Public-IP address associated with this DNS URL, I receive a blank white screen (empty HTML document). When I enter my DNS url on WhatsMyDNS.net, it shows the expected Elastic IP for all locations; also, when I dig +trace +add www.mySite.com, I see the expected nameservers; thus, I doubt this is a DNS propagation issue.
This leads me to believe I have an issue elsewhere, possibly with my security groups. For my security groups, I have the following configuration for debugging:
(Inbound)
HTTP, TCP, Port 80, 0.0.0.0/0
SSH, TCP, Port 22, 0.0.0.0/0
and
(Outbound)
All Traffic, All, All, 0.0.0.0/0
My VPC Network Interface has the same Security Group and is applied to the correct Instance, and likewise, my Elastic IP is associated to the correct Network Interface. Everything relates back to the proper EC2 Instance.
I'm far from an expert with AWS, and I've read numerous posts on this, but nothing seems to be glaringly obvious as to how I can go about fixing this. Could it be something with Network ACLs? Do I need VPN connections? Maybe something in the VPC Route Tables?
What can I check for specifically to debug and fix this? Has anyone experienced this previously and know where I may have gone wrong?
If more information is necessary, please let me know. Thank you.
Update
On my EC2 instance, if I stop my server:
on the DNS URL, I receive my expected 502 Bad Gateway, Nginx error (needless to say, I'm using Nginx as my front-end server). But...
on the Elastic IP address, I still receive that blank HTML form
I have discovered this in my error logs after making a few more attempts:
*564 connect() failed (111: Connection refused) while connecting to upstream
I assume this is a clear indicator of my problem, and I will debug this.
If anyone knows off-hand, feel free to comment of course.
If your DNS is correct, then it's not going to be anything related to security groups and ACLs, because they are completely unaware of DNS.
The problem is likely to be on your web server configuration. Since the hostname or IP address from the browser's address bar is sent to the web server in the HTTP Host: header with every request, the web server has the opportunity of serving different "sites" behind that single Elastic IP.
If you don't have it explicitly or implicitly (via some variant of a "default site" setting) configured to expect requests when the Host: header contains the IP address instead of the hostname, results vary by server, since it may have no idea what to do.
Check the web server logs for these blank screeen requests, as well as your config and the appropriate docs for the server software you are running.

how do i add DNS record for a web service running on 8080 port on AWS

I have a web service running on aws under the following URL http://"54.194.164.164:8080"/webapi and the instance is associated with an Elastic IP 54.194.164.164. Now i want to add a DNS record so that i can access this easily like htttp://demo.mydomain.com/webapi.
what i have done so far is, i have added an A record called demo.mudomain.com to 54.194.164.164 in the Godaddy DNS console but still i cant access demo.mydomain.com/webapi.
Can you please guide me what i have to do where i can access the web service easily as demo.mydomain.com/webapi
Thanks
saththiyan
You can't do this. DNS maps names to IP addresses but not ports.
If you are going to access HTTP at an address it has to be:
Bound to the default port (80) if you don't want to specify the port.
Specified in the URL if it is a different port.
If you are trying to do this for an "easier" address you'll have to use port 80. If that is used by something else you are stuck with nominating a specific port.
You could consider assigning another ip address and setting up an address like api.mydomain.com to point to it. That way you could use http://api.mydomain.com/webapi by binding the API to that address rather than http://demo.mydomain.com which you are presumably using for something else.

Installing SSL Cert on an EC2 Server without any dedicated ip address

Scenario:
I have an EC2 server which houses the api currently setup to accept connections from several iPads. I do not wish for network sniffers to see the JSON requests that are being exchanged between the servers and the devices. The idea is to have a secure protocol in place so that communication will be secured.
I have been told purchasing a SSL certificate is the way forward. The Amazon server instance I have running has an address in this format:
ec2-xx-xxx-xx-xxx.ap-southeast-1.compute.amazonaws.com/
this is where my web root is with all the appropriate web service files. My webservice urls look something similar to this:
ec2-xx-xxx-xx-xxx.ap-southeast-1.compute.amazonaws.com/Agent/Create
so on so forth. There is no hosting plan whatsoever (in the case that information is necessary).
I have been recommended to buy an SSL Cert from http://www.Godaddy.com and have thought about getting the up to 5 multiple domains SSL certificate package.
Question: 1
What things do I need to be made aware of in order to make sure nothing fails?
I have recently read that I may need to associate an elastic IP address to my instance, otherwise the IP of my instance will change on reboots? And if that is the case, that means that the SSL certificate that was used for this: ec2-xx-xxx-xx-xxx.ap-southeast-1.compute.amazonaws.com domain would no longer work since the ip address would have changed upon reboot and therefor me losing my secure domain?
Question: 2
If my thoughts in question 1 stands true, then my question would then be what is the most user friendly way or lets say, the way for beginners to create a dedicated url for my server instance (so that 1) the domain name doesnt randomly change upon server reboot (not sure when i would reboot anyway) and 2) does this mean I can have easier webservice urls that one can remember? such as.... www.pk.com/Agent/Create instead of the long ec2 ugly url?!
Any easy to follow tutorials would be very helpful. I have looked at a few articles that spoke about elastic ip address, SSL certificates, and other articles about renaming ec2 url, but I'm in a position where I dont actually know which one applies to me. lol
Hope someone can help. thanks
What you want to do is to get an elastic IP address. This lets you bind your instance to a particular IP address when you start it up. You can then register a hostname in DNS (Amazon don't help you with this part) and state that that hostname has the IP address that is the elastic IP address that you have registered.
The final piece is to get a server certificate (strictly, a keypair where the public part is the server certificate) that has the hostname in the CN field of its Distinguished Name, and to install that server keypair on the instance. (This is another part that Amazon don't help you with, and is in fact the same process as if you were hosting the hardware yourself.) Like that, the client
looks up the hostname and gets the elastic IP address,
connects and gets the server certificate, and
checks the server certificate and sees that the hostname it is for is the hostname that they expected. (There's a few other checks as well, such as whether the certificate was signed by a trusted certificate authority and whether the certificate is within its validity period.)
That allows the client to trust that who they have securely connected to is who they expected to securely connect to, which is a key part of establishing trust.
What you do not do is use the AWS machine names (internal or external) in the certificate you apply for. Those change and you really do not want to trust other people's VMs.
Donal's answer is the way to go. You need to explicitly register a domain and generate the SSL certificate containing the CN as that domain. Elastic IP addresses definitely are your friends in this issue. You will need them.
I added another answer in order to give another point of view: if you ever want to scale your backend solution, going that way will be more difficult. If you ever thought about adding more servers to host your web service, you should definitely set up an Elastic Load Balancer, add your instances to it, and point the domain you just registered to your Elastic Load Balancer. Then, you can purchase the SSL certificate and install it directly on your ELB, configuring SSL termination on the ELB. You will also configure the ELB so that connections arriving at port 443 will map to port 80 (or whatever port) on your servers. Don't worry, this is plain easy to set up.
Whenever you want to add more servers to your web service, it will just be a matter of setting up another EC2 instance (this process can - and should - be automated) and adding it to the ELB.
With this setup, you get rid of the need for Elastic IP addresses. All the connections go through the ELB.