I have the following instances, they are in the same VPC and region but different AZs, both of them are in the same SecurityGroup.
Subnets:
us-west-2a instance-a 172.31.32.0/20
us-west-2b instance-b 172.31.16.0/20
These two instances are not able to communicate with each other. What do I need to do to enable communication between these two AZs?
Here is the main route:
Subnet 1:
Subnet 2:
You have to open the needed ports in the SecurityGroups of the EC2s. You should also look into your subnets and the routing tables of these subnets or your VPC.
Related
I have two GKE clusters with the same CIDR subnet addresses (the clusters are in different gcloud project). I need to connect the VPC with VPC peering but I get an error because the CIDR subnet and I need to change one. I have a lot of pods, secrets, deployemts...etc. Are any way to change the subnet without creating a new cluster and migrating the pods?
Thanks!
I am afraid you cannot, A subnet CIDR range in one peered VPC network cannot overlap with a static route in another peered network. This rule covers both subnet routes and static routes.
If ec2 instance is spinned up in an subnet,subnet's NACl rules imply to the instances of that subnet,But where in case of rds, "subnet group" is attached to the rds instance. if I have 2 subnet's in subnet's group. In this scenario, which subnet's NACL rules are applied to the rds ?
When you launch an RDS instance each instance will only be launched in a single subnet, the cluster on the overhand will spread instances across the subnets i.e. read replicas and Multi-AZ.
Each instance if you look at its properties will have availability zone, by using this you can limit down to the availability zone of the host. Assuming you only have a single subnet per AZ in your subnet group you can then identify the subnet.
If you have multiple subnets per AZ you would need to DIG (or ping) the RDS instances hostname to get the IP address. Then you would need to filter to determine which range it is in.
I created two subnets without any preference of the availability zone(AZ). So, now I have two subnets in one AZ. I know that I can extend the VPC and create new subnets but I simply want to move a subnet into a different zone. Is there any way I can move a subnet to a different AZ on AWS?
This is not possible.
An Availability Zone is nominated when the Subnet is created. It is not possible to change the AZ on a Subnet.
You should either create another subnet, or delete the subnet and recreate it in a different AZ.
For Subnets in the same VPC, is Region independent?
I would like to set up more than two fully independent Availability Zones for Elastic Load Balancer(ELB).
Is it possible?
Yes:
Within a Region you create a VPC
The VPC is a logical concept and spans AZs
You then create subnets within the VPC for each AZ
Each AZ is a physically separate datacentre from another, normally 3 AZs or more per region
When you set up an ELB, you select the subnets that you want to use, select a subnet in each AZ
ELB will add instances across all 3 (or more) subnets/AZs
I'm trying to create an Aurora DB instance using a CloudFormation script. It requires me to have subnets with 2 availability zones. I entered 2 subnets which have different AZs, but now I get this error in the stack creation log:
DatabaseSubnetGroup: Subnet has different VPC Id: vpc-dd3bf9ba than vpc-e0e11ab7.
What does this error mean?
It sounds like the two subnets, although in different availability zones (AZs) are part of two separate VPCs (logical network isolation). You would need to select two subnets in different AZs but in the same VPC.