Here's what's bothering me. Is there a better way than sending emails to devs that the ip address for their dev server has changed after the instance is stopped and started?
I was thinking of a single small instance that has an elastic ip which the devs can log in using terminal, and ssh again to the internal ip address of the dev server. Is that effective?
Does it mean that the devs need to be informed of the change every time?
It's unclear exactly what you are saying "there's a new public dns for the server"? -thanks for the comment, that's clearer what you mean! It's the aws domain name in the format "ec2-54-222-213-143.eu-west-1.compute.amazonaws.com" you are referring to
You are asking how can these name/address changes be managed?
Generally speaking for fixing these kinds of problems there are a couple of things to be aware of
Firstly, if it is the public ip address that is changing instead of an ephemeral public ip address use an elastic ip. This will stay the same and can be transferred from an old instance to a new instance. Please read http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html about the differences between "Elastic IP" and normal public IP addresses on AWS
Secondly, if you are concerned about maintenance of the dns records that map the ip addresses to the domain names then it is possible to automate the updates to aws route53. I have used the aws cli command "route53 change-resource-record-sets" for this and also CloudFormation
Automating events to occur on instance start up does take a little research of the available APIs and hooks for example see this answer with a simple use of cloud-init Using cloud-init user data
Related
We're using Lambda to submit API requests to various endpoints. Lately we have been getting 403-Forbidden replies from the API endpoint(s) we're using, but it's only happening randomly.
When it pops up it seems to happen for a couple of days and then stops for awhile, but happens again later.
In order to troubleshoot this, the API provider(s) are asking me what IP address / domain we are sending requests from so that they can check their firewall.
I cannot find any report or anything showing me this, which seems unbelievable to me. I do see other threads about setting up VPC with private subnet, which would then use a static IP for all Lambda requests.
We can do that, but is there really no report or log that would show me a list of all the requests we've made and the Ip/domain it came from in the current setup?
Any information on this would be greatly appreciated. Thanks!
I cannot find any report or anything showing me this, which seems unbelievable to me
Lambda exists to let you write functions without thinking about the infrastructure that it's deployed on. It seems completely reasonable to me that it doesn't give you visibility into its public IP. It may not have one.
AWS has the concept of an elastic network interface. This is an entity in the AWS software-defined network that is independent of both the physical hardware running your workload, as well as any potential public IP addresses. For example, in EC2 an ENI is associated with an instance even when it's stopped, and even though it may run on different physical hardware and get a different public IP when it's next started (I've linked to the EC2 docs because that's the best description that I know of, but the same idea applies to Lambda, ECS, and anything else on the AWS network).
If you absolutely need to know what address a particular non-VPC Lambda invocation is using, then I think your only option is to call one of the "what's my IP" APIs. However, there is no guarantee that you'll ever see the same IP address associated with one of your Lambdas in the future.
As people have noted in the comments, the best solution is to run your Lambdas in a private subnet in your VPC, with a NAT and Elastic IP to guarantee that they always appear to be using the same public IP.
I am relatively new to Metabase. I want to set up an EC2 instance to have my custom website www.*.com display the Metabase homepage so I can follow the corresponding setup. Please can you advise on how this can be done? I have tried and researched but not gotten what I actually want.
Please ask questions if you do not understand any part of the question.
Thanks for the help!
You need to point the domain name to the IP Address of the EC2 machine, using the Domain Name System (DNS), most likely with an "A record"
By default, your EC2 instance, will have a different IP address if you stop/start it, so you should use an Elastic IP Address to give you a static IP
You will need to read your DNS host's documentation to figure out exactly how to do that. If you happen to use AWS's Route 53 DNS service, here is the appropriate link
our company just moved to a new office and therefore also got new network equipment. Es it turns out, our new firewall does not allow pushing routes over VPN that it first has to look up ip addresses for.
As we all know, amazon aws does not allow static ip addresses for its application load balancer.
So our idea was to simply put a network load balancer in front of the application load balancer (there is a pretty hacky way described by aws itself (https://aws.amazon.com/blogs/networking-and-content-delivery/using-static-ip-addresses-for-application-load-balancers/) that seemed to work fine (even if I don't really like the approach with the lambda script registering and deregistering targets)
So here is our problem: as it turns out, the application load balancer only gets to see the network load balancers ip address. This prevents us to use security groups for ip whitelisting which we do quite heavily. On top of that some of our applications (Nginx/PHP based) also do ip address verification and the alb used to pass the clients ip address as an x-forwarded-for header. Now our application only sees the one from the nlb.
We know of the possibility to use the global accelerator but that is a heavy investment as we don't really need what the GA is trying to solve.
So how did you guys solve this problem ?
Thankful for any help :)
Greetings
You could get the list of AWS IP addresses for the region your ALB is located, and allow for them in your firewall. They do publish the list and you can filter through it https://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html
I haven't done this myself and I'm unsure if the addresses for ALB are included under the EC2 category of you would take the whole of AMAZON service "to be safe".
Can you expand on this? "We know of the possibility to use the global accelerator but that is a heavy investment as we don't really need what the GA is trying to solve."
GA should give you better, more consistent performance, especially if your office is far away from the AWS Region where the ALB is running
I stopped by EC2 instance to do some maintenance and after I started I got a new IP. bummer. I made an elastic IP to make sure it does not change again, but i still have people calling the old IP, is there any way to claim that recently lost IP associated to my Ec2.
No, you can't get that old public IP back. Try to always use DNS names to avoid this kind of issues in the future.
Look at this official answer to a similar question.
I have done some research and don't think it is possible but figured I would ask on here just to be sure.
My predecessor decided to use the public and private IP of one of our database servers in an extremely large amount of places, now that we are going to be resizing this DB server going through and changing all of those IPs over would take a large amount of time and the possibility of missing one is pretty high.
I am wondering if it is at all possible to take the current IP on the server ( which is not elastic ) and some how convert it to an elastic IP. To clarify I am not looking to add a new elastic IP to the server but rather take the IP that is currently assigned to it and make that elastic. If this is not something that I can do using the SDK / Console is it something that Amazon could do behind the scenes if we were to get support?
Thanks !
No, it is not possible.
The Elastic IP addresses are a separate pool from the Public IP addresses. There is no public means to convert a public (or private) IP address to an Elastic IP.
Standard Amazon support is unlikely to be able to make such a switch for you. While technically an Amazon network engineer can probably make such a switch, it is very unlikely that support could make that happen.
If this is not something that I can do using the SDK / Console is it something that Amazon could do
behind the scenes if we were to get support?
Amazon can create a reverse DNS record for a mail server manually and is known to implement features that users request, so I guess it might be worth asking. I would give it a try.
So long as you do not terminate the instance, its static IP should remain assigned to it per Amazon documentation (https://aws.amazon.com/articles/1346).
now that we are going to be resizing this DB server
You can resize the instance and keep its static IP without terminating it (and thus without losing the static IP). The moment you terminate that instance, you lose the static IP, so resize it without terminating it.