I created an internet gateway in AWS VPC dashboard, I attached it to a VPC then I want to detach it but I keep getting this error:
Network vpc-xxxx has some mapped public adresses, Please unmap those public addresses before detaching the gateway. ( Service: AmazonEC2; Status Code: 400; Error Code: DependencyViolation; Request ID: qfdqsdf)
What to do to detache this IGW ? Why exactly do I get this error?
I need to get rid of this IGW without deleting extra resources. please any ideas?
For information, the route table of the VPC does contain public addresses but they are routed to other targets. This IGW is not set as target anywhere.
You have some resources in the VPC that have been assigned a Public IP address, such as:
Amazon EC2 instances
Amazon RDS instances
Amazon Redshift cluster
VPC NAT Gateways
etc.
These IP addresses might have been assigned as an Elastic IP address or as an "auto-assign Public IP address" on instance creation.
You will need to delete these Elastic IP addresses before the Internet Gateway can be removed. If they were auto-assigned IP addresses, then Stop the instances to remove the public IP addresses.
You might also need to edit your Route Tables so that they do not refer to the Internet Gateway.
had eks in a vpc, deleted the cluster but now there's network interfaces with an EIP and sg attached to them that were loadbalancers that did not get deleted when deleting the cluster because the deployments were not deleted inside the cluster before deleting the cluster itself. Had to find all associated ELB's and delete them, then security groups, then intefaces, EIP, all the way down the line till finally deleting the internet gateway and vpc.
I had to delete NAT gateway that was hanging around to resolve mine.
For those facing the same problem check also Route tables having the Internet Gateway as target
Personally, I had to manually reject connections from the endpoint services in the VPC.
Endpoint Services > Select Service > Endpoint Connections > Select connection > Actions > Reject endpoint connection request
In my case, I had to remove the dependency of Public IP from the DMS Replication instance.
Related
I have problems with assigning two internet gateways in the infrastructure with terraform.
I have two subnets, a subnet manages all the frontend and the other subnets manages all the backend, i want to assign them an internet gateway to each ec2 instance so to can use them from the internet, but I'm getting the next error:
error attaching EC2 Internet Gateway (igw-0b0af7a9d5274c29d) to VPC (vpc-095fd5e0ee29b981d): InvalidParameterValue: Network vpc-095fd5e0ee29b981d already has an internet gateway attached
It is not possible to attach more than one InternetGateway per VPC. For ec2 instances to access the internet, add rote to your subnet's route table that directs all default traffic (0.0.0.0/0) to your InternetGateway. Also assign Public IP / Elastic IP to each of EC2.
Refer this AWS doc for more info:-
https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Internet_Gateway.html
i've an elastic IP associated with my instance
i've security group of instance permits incoming connections
my instance firewall permits incoming connections
my application listens
i allowed specifically the Echo Request protocol in the ICMP inbound
traffic of my EC2 instances.
In the past I could ping the domain name linked to my machine.
After looking for where the error could have come from I realized that in elastic IP there was no NAT Gateway associated.
I can't remember if this is necessary or not ?
i guess this issue is coming from here .
Function of NAT gateway is to enable instance in a private subnet to connect to the internet and prevent the internet from initiating a connection with those instance. NAT gateway need elastic IP. So if you have an NAT gateway configured then one EIP should be attached with it. In your case this EIP is attached to an EC2 instance not to NAT gateway thats why it showing no NAT gateway attached.
Your issue might be with security group rules. Check your SG. To exactly answer your question please add more information in your question like..Where your instance launched. In public subnet or in private subnet ? Have you attached EIP to instance launched in private subnet ? What is the inbound rules configured in SG ? what is the command you are using ?
Update:
Instance were launched in private subnet. After adding routes for IGW in the route table of the subnet, this issue has been resolved
I recently turned my two AWS public subnets into private subnets and added a public subnet that's got a NAT gateway. The private subnet routing table routs traffic to the NAT gateway and the public one routs it to the Internet Gateway. However, it isn't working and I don't get response to my API calls.
I think this is due to the fact that my VPC endpoint has the two private subnets associated with it instead of the public subnet. I tried to change the associated private subnets to the public one but got the AWS error:
Error modifying subnets
Can't change subnets of a requester-managed endpoint for the service ...
What would be the way to get around this error and add my public subnet to the VPC endpoint?
Additional info: Each private subnet has an EC2 auto-scaling group instance and a serverless aurora DB instance in it.
Cheers, Kris
I also had this annoying problem. The error messages are not really helpful here. They do not reveal which service exactly created those interfaces. So I went to Cloudtrail, listed all events, and searched for the VPC Endpoint name (vpce-1234567890xxx) that refused to be deleted to find out who created it. In my case, it turned out to be the RDS proxy service. So I went to RDS and deleted the proxy.
Since it is requester-managed VPC endpoint:
You cannot modify or detach a requester-managed network interface.
This means that you have to delete the resource that created the endpoint in the first place:
If you delete the resource that the network interface represents, the AWS service detaches and deletes the network interface for you.
I created an EC2 instance, but I want to attach an elastic IP to it so that if I ever have to resize the instance, the IP doesn't change.
So I allocated a new elastic IP address, but when I try to associate it with the instance, I get this error:
Network vpc-c00973b1 is not attached to any internet gateway
What am I doing wrong?
Your instance is in AWS VPC (not in Classic). This VPC is not default VPC which comes with pre-attached Internet Gateway. Your VPC requires an internet gateway to communicate with outside of your VPC. i.e. that includes any destination on internet. To attach elastic IP you must attach an Internet Gateway with your VPC and add route to internet in your subnet's route table. (0.0.0.0/0 to Internet Gateway)
This guide will help you for detailed steps.
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Internet_Gateway.html#Add_IGW_Attach_Gateway
I created a VPC, added an internet gateway, added two subnets, and then launched an instance into that VPC. I created a security group that permits any traffic from anywhere and assigned it to that instance. I assigned to enable a public IP address (I didn't assign it an elastic ip).
I cannot for the life of me figure out why I cannot connect to public ip address of instance. I've literally gone back destroyed and created my vpc and instances with no luck.
There has got to be something simple I'm missing, it cannot be this difficult. What is going on??
You have created the internet gateway but must have forgot to attach the Internet Gateway to the Subnet in which you are launching the EC2 instances. Go to the subnet in which you have launched the EC2 instances and attach the Internet gateway to the subnet. When you check the route table for the subnet it should look some thing like this screenshot. That "igw" is the internet gateway.
Even you allowed all the traffic in Security group. we need to check the INTERNET GATEWAY added in the Route Tables
For that,
SERVICES > VPC > ROUTE TABLES and select your Route table
In the routes Tab after to summary,
Please check you have added your INTERNET GATEWAY