I've got an OLD AWS account that apparently does NOT have a default VPC:
aws ec2 describe-security-groups --group-names webserviced --region us-west-1
A client error (VPCIdNotSpecified) occurred when calling the DescribeSecurityGroups operation: No default VPC for this user
There's no switch on create-vpc...only a boolean (IsDefault) in the output. I'm trying to replicate my infrastructure to the east coast and this is blocking me :( I don't have ANYTHING created on the east-coast (except for a single VPC that apparently isn't set as the default) so I'd at least like to figure out how to do it there so I don't have these issues in the future.
How can I define a default VPC?
P.S. Please don't say that I can't because there's already one defined...unless there's something I'm missing in which case I'd expect a big explanation :)
You cannot mark an existing VPC as a default VPC. You have to contact AWS support to mark your created VPC as the default VPC.
You must provide the following details: your AWS account ID, the region, and the subnet ID. To ensure that your new default subnet behaves as expected, modify the subnet attribute to assign public IP addresses to instances that are launched in that subnet.
I can confirm that it's not possible to set a custom VPC to your default VPC. Most use-cases don't require a lot of customization on a VPC since you can map the network in/out of the tunnel.
Now you can create a New Default VPC using AWS Console or CLI.
Related
I am trying to create an instance into my already created VPC network. For some reason when I am in the middle of the launch, I cannot select my VPC and it only lets me select a default VPC which is not what I want.
The reason for grey-out is because the VPC is created with "dedicated" tenancy. Changing the VPC to"default" tenancy will solve the issue. Apparently, there is no option to make that change in the AWS GUI. Either you have to delete and re-create the VPC with default tenancy or modify the tenancy value using the AWS CLI.
To modify the instance tenancy attribute of a VPC using the AWS CLI
Use the modify-vpc-tenancy command to specify the ID of the VPC and instance tenancy value. The only supported value is default.
aws ec2 modify-vpc-tenancy --vpc-id vpc-1a2b3c4d --instance-tenancy default
Alright so the solution was that the AMI was not compatible with my Dedicated Tenancy on my VPC so I had to delete and redo the entire VPC as default instead of Dedicated.
You probably does not have any Subnet private or public in your VPC can you please confirm?
I want to also point out that the AZ may not have any instances of that TYPE available. This will cause the VPC to be greyed out as well. I was trying to create a t2.medium or below in us-east-1c and I was seeing my VPC greyed out until I changed to an M or T3 type.
I have a complete setup of instances and vpn connection done using default VPC. Due to some reasons, I need to delete default VPC and create new VPC to setup again from scratch.
However I don't want to do that. Can I change flag default VPC to "No" by using any trick? We can't do it directly.
I dont think you can do that. Since Default VPC has some standard component configuration which is configured by aws for you. Because Default VPC has default security group, NACL and Internet gateway configured for your account.
As per AWS documentation:
When you create a default VPC, it is created with the standard
components of a default VPC, including a default subnet in each
Availability Zone. You cannot specify your own components.
So In your default VPC you might have configured few things which wont be available to your new custom VPC.
I think that's where Cloudformation template can help you to build stack easily across different environment. If you have created Cloudformation template / terraform, then you can easily migrate to new VPC.
Note:
You can still check with AWS support, if they are ready to do it for you.( may take support charges).
I don't use the default VPC. I have created another VPC. However, I haven't assigned my other VPC as default. I would like to delete my default VPC and set my other VPC as default.
I read some arguments on the Internet. If I delete the default VPC then I will not be able to create instances. Is this correct?
What will happen if I delete the default VPC in AWS?
AWS has recently announced a feature to self restore the default VPC.
Also its not mandatory to have a default VPC in place for a region. However, at least one is needed if you plan to start EC2 instances in the particular region.
Note: In the past, if the default VPC is deleted, it was required to contact AWS Support to restore it back.
To answer your question, if there are no resources in your default VPC, and you delete it, nothing will happen. Any VPC other than the default will need to be "manually" selected and may not auto-populate for other services - there is no existing way (and no real need) to call another VPC the "default VPC", however.
Recently some service in us-west-1 seems not working, so I'm trying to create a lambda that can access cross-region RDS (from us-east-1 to us-west-1), but I cannot find any solution or sample with these keywords. Does that means cross-region database is unavailable?
As I know, use lambda reach to database in VPC may cause out of IP issues, so is there any best practice for this?
Thanks
Lambda functions run outside the VPC by default. In the setup of the Lambda you can opt to give them access to a VPC which creates a network endpoint inside your VPC. Lambda uses that network endpoint to access the VPC.
The challenge you face is that your us-west-1 VPC is not visible in us-east-1.
Suggestion: Setup VPC peering between the two VPCs and run the lambda in the us-east-1 VPC.
I have one VPC with an RDS instance in it. They are both located in the same region.
I want to use the RDS instance in another VPC, that is in another region on another AWS account (we have multiple AWS accounts). If that's not complicated enough the 2nd VPC comes up via CloudFormation (i.e. dynamic). Whenever I am bringing up a CloudFormation stack I want to attach the RDS instance automatically.
I have looked at:
exposing the RDS instance on the public internet :(
an ELB w/ TCP transport to put the database instance behind
VPC peering but the different regions and the approval workflow in the AWS console make little sense in the case we are using CloudFormation
All of these seem suboptimal to me and was wondering if somebody already did this before. If yes, please share what you did and what the though process behind it was.
Use a VPN tunnel from one VPC to the other. You could build your own or look at Vyatta. Ideally the two VPCs do not have overlapping CIDRs. Note that you cannot use VPC peering inter-region.
For anyone who stumbles around here, it looks like AWS VPC Peering can now be done cross region: https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html