I have a simple AWS EC2 server (Created before Dec 2013). I want to have two domains hosted on it, each with a different public (elastic) IP.
How do I do that?
From what I read, the 'VPC' word keeps appearing, but I don't need any sophisticated VPC - just a simple server listening to two public IPs.
Thanks.
Have you created your account after December 4th, 2013?
If so, every EC2 instance you have is already on a VPC - the default VPC.
Each private IP can be mapped to a single public elastic IP. So what you need are more private IPs - and you can do that to either an existing instance or a new instance without touching VPC configuration!
Take a look at this tutorial by AWS.
If you are looking to do this to an instance during setup, ctrl+f for: 'To assign a secondary private IP address when launching an instance in EC2-VPC'
If you are looking to do this to an existing instance, ctrl+f for: 'To assign a secondary private IP to an existing instance'
Then, on the same tutorial ctrl+f for Associating an Elastic IP Address with the Secondary Private IP Address to see how to add a public IP to your second private IP.
In this tutorial you will see references to EC2-VPC - this means EC2 instances that are on a VPC, and, as I mentioned earlier, if you created your account after December 4th, 2013, it is.
If not, you will need to take a look at how to create a simple VPC and add your instances there.
Related
I built a new vpc and subnet, in a region i havent used before. I added a linux ec2 instance and wanted to ssh to it, but the connection times out. I've been trying the same steps in another aws account, owned by the same company, and i get the same results.
I've tried adding my public ip to the security group, instead of all ips, no change.
The ec2 instance does get a public ip, but i just cant seem to connect to it. I even tried trusty telnet, just to see if the port was open, it is not.
When creating a new VPC using the "VPC and more" option, and the number of public subnets is not zero, an Internet Gateway will be automatically provisioned as part of the network:
If, however, you are manually creating the VPC and the subnet, then you will need to also add an Internet Gateway if you want the VPC to have Internet access.
Without an Internet Gateway, the VPC is guaranteed to be unreachable from the Internet. This is very useful when building private networks for internal use (eg development systems).
I'm trying to access AWS RDS instance from my local PC.
I followed trouble-shooting procedure from :
How can I troubleshoot connectivity to an Amazon RDS instance that uses a public or private subnet of a VPC?
I checked Public accessibility is YES
and switched to public subnet, but still cannot access RDS instance.
Can anyone help ?
RDS has a security group attached, You need to white list your public ip in the security group, so that you can access the database from your pc.
Find the security group
Goto amazon RDS console
Click `Databases on the left
Click to select your database instance from the list of databases
Under the connectivity and Security tab, you can find the option called VPC security groups
Click the Security group name to add your public ip address
Adding your public ip to the security group
Select the inbound rules tab
Click the Edit
Select the type of database in the type column, for e.g mysql
Under the Source column , select My IP
Also give a meaningful description, such as my home
Note: Many internet service providers allocates dynamic ip addresses instead of static ip address, which means your ip address may change frequently. Hence you need to add your new ip address to the security group when this happens.
My strategy for local development has usually been:
Have RDS instance in a private VPC.
Have an EC2 instance (cheapest one you can find) on the private VPC but also public SSH access.
Create an SSH tunnel through the EC2 instance to the RDS instance.
Configure your dev environment to connect to the SSH tunnel.
This is usually much easier to configure (and more secure to boot)
I'm new at Amazon AWS/EC2. Basically, I have two EC2 instances set up and running - 2x t2.medium, Windows 2012 servers, etc.
Each server has it's own public and private ip addresses from different subnets:
Server 1: 53.171.139.195/171.30.51.181
Server 2: 53.164.26.68/171.30.59.198
I simply need these servers to be able to communicate with one another on the same private network.
I see things like elastic ip's, vpc's. Still researching, but I'm not sure what I need. Can this be done and what do I need to configure?
Update:
Based on #Bram's response below, I looked at VPC's. Apparently, a default VPC was created when I started my instances.
171.30.0.0/16
So... Are the on the same subnet by default???
You need a Virtual Private Cloud, a VPC. In a VPC you can create private and public subnets and your instances can be added to those subnets as you like.
We have two AWS instances (Instance A and Instance B) which are running in the same VPC. There is an internet facing service on Instance A which is restricted (via security group) to a subset of IP addresses. Instance A has a DNS entry so the service can be accessed via someservice.example.org.
When trying to access the service from Instance B it works correctly if we used the VPC internal IP address however we cannot seem to get the correct security group configuration to allow this instance access via the public DNS.
We have added the 'default' VPC security group to Instance A but we're still unable to access this service directly. We also have the same problem trying to configure access to Instance A from other VPCs.
I know that we can create a private DNS for the VPC which could solve the problem when we are in the same VPC but this doesn't get around the problem when running in another VPC.
This sounds like a DNS resolution issue. If you are using Route53 for DNS the easiest way to fix this is to create a private Route53 DNS zone for your VPC and add something like:
CNAME 'someservice.example.org' that points to the instance's internal IP address.
Note that you really want to use the internal private IP address whenever possible. It will keep the network traffic within your VPC, which will be much faster and more secure. It may also be cheaper for you, at least if the instances are also within the same availability zone. You can read more about that on the EC2 pricing page in the Data Transfer section.
Also note that you can't open up the security group to allow only instances from your VPC/security group to access something via the public IP. This is because the traffic hitting the public IP is seen as coming "from the internet", not from your VPC. You would have to grant access to the servers via their public IP addresses instead of their security groups.
You mention also using a second VPC, but that would be a separate problem that could be addressed via VPC Peering.
I recently moved a small R project from a regular EC2 instance to an instance behind a VPC. I installed rstudio-server as normal, and it seems to be running. However, unlike a regular EC2 instance, there is no public DNS to connect to. (There is a public IP address, but going there doesn't seem to do the trick.)
In this case, what browser address should I go to to access rstudio server?
Many thanks!
You have launched the instance in VPC. Here is the check list:
When launching the instances in VPC, make sure you launch it in the public subnet of your VPC. Else it will not be accessible from outside
When launching the instances in VPC (presuming public Subnet), do ensure that you check a box which says something like "assign a public IP address to the instance" at the time of creating the instance. By default this is not checked. So if you fail to check this box, then Instance will not have a public host name. You can however, assign an elastic IP later on.
Make sure you VPC security groups are configured properly to allow necessary incoming/outgoing access. In your case, incoming access on port 80 is/443 is essential.